5 research outputs found
Oracular Byzantine Reliable Broadcast
Byzantine Reliable Broadcast (BRB) is a fundamental distributed computing primitive, with applications ranging from notifications to asynchronous payment systems. Motivated by practical consideration, we study Client-Server Byzantine Reliable Broadcast (CSB), a multi-shot variant of BRB whose interface is split between broadcasting clients and delivering servers. We present Draft, an optimally resilient implementation of CSB. Like most implementations of BRB, Draft guarantees both liveness and safety in an asynchronous environment. Under good conditions, however, Draft achieves unparalleled efficiency. In a moment of synchrony, free from Byzantine misbehaviour, and at the limit of infinitely many broadcasting clients, a Draft server delivers a b-bits payload at an asymptotic amortized cost of 0 signature verifications, and (log?(c) + b) bits exchanged, where c is the number of clients in the system. This is the information-theoretical minimum number of bits required to convey the payload (b bits, assuming it is compressed), along with an identifier for its sender (log?(c) bits, necessary to enumerate any set of c elements, and optimal if broadcasting frequencies are uniform or unknown). These two achievements have profound practical implications. Real-world BRB implementations are often bottlenecked either by expensive signature verifications, or by communication overhead. For Draft, instead, the network is the limit: a server can deliver payloads as quickly as it would receive them from an infallible oracle
Carbon: An Asynchronous Voting-Based Payment System for a Client-Server Architecture
We present Carbon, an asynchronous payment system. To the best of our
knowledge, Carbon is the first asynchronous payment system designed
specifically for a client-server architecture. Namely, besides being able to
make payments, clients of Carbon are capable of changing the set of running
servers using a novel voting mechanism -- asynchronous, balance-based voting
Every Bit Counts in Consensus
Consensus enables n processes to agree on a common valid L-bit value, despite
t < n/3 processes being faulty and acting arbitrarily. A long line of work has
been dedicated to improving the worst-case communication complexity of
consensus in partial synchrony. This has recently culminated in the worst-case
word complexity of O(n^2). However, the worst-case bit complexity of the best
solution is still O(n^2 L + n^2 kappa) (where kappa is the security parameter),
far from the \Omega(n L + n^2) lower bound. The gap is significant given the
practical use of consensus primitives, where values typically consist of
batches of large size (L > n).
This paper shows how to narrow the aforementioned gap while achieving optimal
linear latency. Namely, we present a new algorithm, DARE (Disperse, Agree,
REtrieve), that improves upon the O(n^2 L) term via a novel dispersal
primitive. DARE achieves O(n^{1.5} L + n^{2.5} kappa) bit complexity, an
effective sqrt{n}-factor improvement over the state-of-the-art (when L > n
kappa). Moreover, we show that employing heavier cryptographic primitives,
namely STARK proofs, allows us to devise DARE-Stark, a version of DARE which
achieves the near-optimal bit complexity of O(n L + n^2 poly(kappa)). Both DARE
and DARE-Stark achieve optimal O(n) latency
All Byzantine Agreement Problems are Expensive
Byzantine agreement, arguably the most fundamental problem in distributed
computing, operates among n processes, out of which t < n can exhibit arbitrary
failures. The problem states that all correct (non-faulty) processes must
eventually decide (termination) the same value (agreement) from a set of
admissible values defined by the proposals of the processes (validity).
Depending on the exact version of the validity property, Byzantine agreement
comes in different forms, from Byzantine broadcast to strong and weak
consensus, to modern variants of the problem introduced in today's blockchain
systems. Regardless of the specific flavor of the agreement problem, its
communication cost is a fundamental metric whose improvement has been the focus
of decades of research. The Dolev-Reischuk bound, one of the most celebrated
results in distributed computing, proved 40 years ago that, at least for
Byzantine broadcast, no deterministic solution can do better than Omega(t^2)
exchanged messages in the worst case. Since then, it remained unknown whether
the quadratic lower bound extends to seemingly weaker variants of Byzantine
agreement. This paper answers the question in the affirmative, closing this
long-standing open problem. Namely, we prove that any non-trivial agreement
problem requires Omega(t^2) messages to be exchanged in the worst case. To
prove the general lower bound, we determine the weakest Byzantine agreement
problem and show, via a novel indistinguishability argument, that it incurs
Omega(t^2) exchanged messages
On the Validity of Consensus
The Byzantine consensus problem involves processes, out of which t < n
could be faulty and behave arbitrarily. Three properties characterize
consensus: (1) termination, requiring correct (non-faulty) processes to
eventually reach a decision, (2) agreement, preventing them from deciding
different values, and (3) validity, precluding ``unreasonable'' decisions. But,
what is a reasonable decision? Strong validity, a classical property,
stipulates that, if all correct processes propose the same value, only that
value can be decided. Weak validity, another established property, stipulates
that, if all processes are correct and they propose the same value, that value
must be decided. The space of possible validity properties is vast. However,
their impact on consensus remains unclear.
This paper addresses the question of which validity properties allow
Byzantine consensus to be solvable with partial synchrony, and at what cost.
First, we determine necessary and sufficient conditions for a validity property
to make the consensus problem solvable; we say that such validity properties
are solvable. Notably, we prove that, if n <= 3t, all solvable validity
properties are trivial (there exists an always-admissible decision).
Furthermore, we show that, with any non-trivial (and solvable) validity
property, consensus requires Omega(t^2) messages. This extends the seminal
Dolev-Reischuk bound, originally proven for strong validity, to all non-trivial
validity properties. Lastly, we give a general Byzantine consensus algorithm,
we call Universal, for any solvable (and non-trivial) validity property.
Importantly, Universal incurs O(n^2) message complexity. Thus, together with
our lower bound, Universal implies a fundamental result in partial synchrony:
with t \in Omega(n), the message complexity of all (non-trivial) consensus
variants is Theta(n^2).Comment: The extended version of the PODC 2023 pape