Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement Using Cryptography

AbstractByzantine agreement requires a set of parties in a distributed system to agree on a value even if some parties are maliciously misbehaving. A new protocol for Byzantine agreement in a completely asynchronous network is presented that makes use of new cryptographic protocols, specifically protocols for threshold signatures and coin-tossing. These cryptographic protocols have practical and provably secure implementations in the random oracle model. In particular, a coin-tossing protocol based on the Diffie-Hellman problem is presented and analyzed. The resulting asynchronous Byzantine agreement protocol is both practical and theoretically optimal because it tolerates the maximum number of corrupted parties, runs in constant expected rounds, has message and communication complexity close to the optimum, and uses a trusted dealer only once in a setup phase, after which it can process a virtually unlimited number of transactions. The protocol is formulated as a transaction processing service in a cryptographic security model, which differs from the standard information-theoretic formalization and may be of independent interest.

[1]  R. Stephenson A and V , 1962, The British journal of ophthalmology.

[2]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[3]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[4]  T. Cullen,et al.  Global existence of solutions for the relativistic Boltzmann equation on the flat Robertson-Walker space-time for arbitrarily large intial data , 2005, gr-qc/0507035.

[5]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[6]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[7]  Michael Ben-Or,et al.  Another advantage of free choice (Extended Abstract): Completely asynchronous agreement protocols , 1983, PODC '83.

[8]  Michael Ben-Or,et al.  Another advantage of free choice (Extended Abstract): Completely asynchronous agreement protocols , 1983, PODC '83.

[9]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[10]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1983, PODS '83.

[11]  Michael O. Rabin,et al.  Randomized byzantine generals , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[12]  Gabriel Bracha,et al.  An asynchronous [(n - 1)/3]-resilient consensus protocol , 1984, PODC '84.

[13]  Sam Toueg,et al.  Randomized Byzantine Agreements , 1984, PODC '84.

[14]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[15]  Yvo Desmedt,et al.  Society and Group Oriented Cryptography: A New Concept , 1987, CRYPTO.

[16]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[17]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[18]  Cynthia Dwork,et al.  Randomization in Byzantine Agreement , 1989, Adv. Comput. Res..

[19]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[20]  Danny Dolev,et al.  Early stopping in Byzantine agreement , 1990, JACM.

[21]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[22]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[23]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[24]  Piotr Berman,et al.  Randomized distributed agreement revisited , 1993, FTCS-23 The Twenty-Third International Symposium on Fault-Tolerant Computing.

[25]  Donald Beaver,et al.  Global, Unpredictable Bit Generation Without Broadcast , 1994, EUROCRYPT.

[26]  Ran Canetti,et al.  Fast asynchronous Byzantine agreement with optimal resilience , 1993, STOC.

[27]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[28]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[29]  Nancy A. Lynch,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[30]  Silvio Micali,et al.  A Simple Method for Generating and Sharing Pseudo-Random Functions, with Applications to Clipper-like Escrow Systems , 1995, CRYPTO.

[31]  Ran Canetti,et al.  Studies in secure multiparty computation and applications , 1995 .

[32]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[33]  Robbert van Renesse,et al.  Horus: a flexible group communication system , 1996, CACM.

[34]  Markus Stadler,et al.  Publicly Verifiable Secret Sharing , 1996, EUROCRYPT.

[35]  Michael K. Reiter A Secure Group Membership Protocol , 1996, IEEE Trans. Software Eng..

[36]  Sam Toueg,et al.  Unreliable failure detectors for reliable distributed systems , 1996, JACM.

[37]  Michael Luby,et al.  Pseudorandomness and cryptographic applications , 1996, Princeton computer science notes.

[38]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[39]  Silvio Micali,et al.  An Optimal Probabilistic Protocol for Synchronous Byzantine Agreement , 1997, SIAM J. Comput..

[40]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[41]  Hugo Krawczyk,et al.  A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract) , 1998, STOC '98.

[42]  Tal Rabin,et al.  A Simplified Approach to Threshold and Proactive RSA , 1998, CRYPTO.

[43]  Ran Canetti,et al.  An Efficient Threshold Public Key Cryptosystem Secure Against Adaptive Chosen Ciphertext Attack , 1999, EUROCRYPT.

[44]  Rachid Guerraoui,et al.  Muteness Failure Detectors: Specification and Implementation , 1999, EDCC.

[45]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[46]  T. J. Watson Optimistic Asynchronous Byzantine Agreement , 1999 .

[47]  Moni Naor,et al.  Distributed Pseudo-random Functions and KDCs , 1999, EUROCRYPT.

[48]  N. Asokan,et al.  Optimistic fair exchange of digital signatures , 1998, IEEE Journal on Selected Areas in Communications.

[49]  C. Cachin,et al.  Random oracles in constantipole: practical asynchronous Byzantine agreement using cryptography (extended abstract) , 2000, PODC '00.

[50]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[51]  Victor Shoup,et al.  Secure and Efficient Asynchronous Broadcast Protocols , 2001, CRYPTO.

[52]  Victor Shoup,et al.  Secure and efficient asynchronous broadcast protocols : (Extended abstract) , 2001, CRYPTO 2001.

[53]  Idit Keidar,et al.  On the cost of fault-tolerant consensus when there are no faults: preliminary version , 2001, SIGA.

[54]  Christian Cachin,et al.  Secure INtrusion-Tolerant Replication on the Internet , 2002, Proceedings International Conference on Dependable Systems and Networks.

[55]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[56]  Klaus Kursawe,et al.  Optimistic Byzantine agreement , 2002, 21st IEEE Symposium on Reliable Distributed Systems, 2002. Proceedings..

[57]  Jesper Buus Nielsen,et al.  A Threshold Pseudorandom Function Construction and Its Applications , 2002, CRYPTO.

[58]  Christian Cachin,et al.  An asynchronous protocol for distributed computation of RSA inverses and its applications , 2003, PODC '03.

[59]  Idit Keidar,et al.  On the Cost of Fault-Tolerant Consensus When There Are No Faults - A Tutorial , 2003, LADC.

[60]  Robbert van Renesse,et al.  COCA: a secure distributed online certification authority , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[61]  Christian Cachin Modeling complexity in secure distributed computing , 2003 .

[62]  Angelos D. Keromytis,et al.  Distributed Trust , 2004, The Practical Handbook of Internet Computing.

[63]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 2004, JACM.