Synchronous Byzantine Agreement with Expected O(1) Rounds, Expected O(n2) Communication, and Optimal Resilience

We present new protocols for Byzantine agreement in the synchronous and authenticated setting, tolerating the optimal number of f faults among \(n=2f+1\) parties. Our protocols achieve an expected O(1) round complexity and an expected \(O(n^2)\) communication complexity. The exact round complexity in expectation is 10 for a static adversary and 16 for a strongly rushing adaptive adversary. For comparison, previous protocols in the same setting require expected 29 rounds.

[1]  Jared Saia,et al.  Breaking the O(n2) bit barrier: scalable byzantine agreement with an adaptive adversary , 2010, PODC.

[2]  Danny Dolev,et al.  Dynamic fault-tolerant clock synchronization , 1995, JACM.

[3]  Kartik Nayak,et al.  Communication complexity of byzantine agreement, revisited , 2018, Distributed Computing.

[4]  Nancy A. Lynch,et al.  A Lower Bound for the Time to Assure Interactive Consistency , 1982, Inf. Process. Lett..

[5]  Matthew K. Franklin,et al.  Unique Ring Signatures: A Practical Construction , 2013, Financial Cryptography.

[6]  Gabriel Bracha,et al.  Asynchronous Byzantine Agreement Protocols , 1987, Inf. Comput..

[7]  Moti Yung,et al.  Born and raised distributively: fully distributed non-interactive adaptively-secure threshold signatures with short shares , 2014, Theor. Comput. Sci..

[8]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[9]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[10]  Elaine Shi,et al.  Thunderella: Blockchains with Optimistic Instant Confirmation , 2018, IACR Cryptol. ePrint Arch..

[11]  Miguel Castro,et al.  Farsite: federated, available, and reliable storage for an incompletely trusted environment , 2002, OPSR.

[12]  Yoram Moses,et al.  Fully Polynomial Byzantine Agreement for n > 3t Processors in t + 1 Rounds , 1998, SIAM J. Comput..

[13]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[14]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1985, JACM.

[15]  Silvio Micali,et al.  Verifiable random functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[16]  Victor Shoup,et al.  Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement Using Cryptography , 2000, Journal of Cryptology.

[17]  Michael Ben-Or,et al.  Another advantage of free choice (Extended Abstract): Completely asynchronous agreement protocols , 1983, PODC '83.

[18]  Benny Pinkas,et al.  SBFT: a Scalable Decentralized Trust Infrastructure for Blockchains , 2018, ArXiv.

[19]  Kartik Nayak,et al.  Solida: A Blockchain Protocol Based on Reconfigurable Byzantine Consensus , 2016, OPODIS.

[20]  Tal Moran,et al.  Combining Asynchronous and Synchronous Byzantine Agreement: The Best of Both Worlds , 2018, IACR Cryptol. ePrint Arch..

[21]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[22]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[23]  Ittai Abraham,et al.  Hot-Stuff the Linear, Optimal-Resilience, One-Message BFT Devil , 2018, ArXiv.

[24]  Robbert van Renesse,et al.  COCA: a secure distributed online certification authority , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[25]  Marko Vukolic,et al.  XFT: Practical Fault Tolerance beyond Crashes , 2015, OSDI.

[26]  Barbara Liskov,et al.  Viewstamped Replication: A New Primary Copy Method to Support Highly-Available Distributed Systems , 1999, PODC '88.

[27]  Jared Saia,et al.  Breaking the O(n2) bit barrier: Scalable byzantine agreement with an adaptive adversary , 2010, JACM.

[28]  Silvio Micali,et al.  How to play any mental game, or a completeness theorem for protocols with honest majority , 2019, Providing Sound Foundations for Cryptography.

[29]  Kartik Nayak,et al.  XX : 2 Solida : A Cryptocurrency Based on Reconfigurable Byzantine Consensus , 2017 .

[30]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[31]  Michael O. Rabin,et al.  Randomized byzantine generals , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[32]  Silvio Micali,et al.  ALGORAND: The Efficient and Democratic Ledger , 2016, ArXiv.

[33]  Matthias Fitzi,et al.  Efficient player-optimal protocols for strong and differential consensus , 2003, PODC '03.

[34]  Nancy A. Lynch,et al.  Consensus in the presence of partial synchrony , 1988, JACM.

[35]  Ben Y. Zhao,et al.  OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.

[36]  Leslie Lamport,et al.  The part-time parliament , 1998, TOCS.

[37]  Jonathan Katz,et al.  On expected constant-round protocols for Byzantine agreement , 2006, J. Comput. Syst. Sci..

[38]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[39]  Bryan Ford,et al.  Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing , 2016, USENIX Security Symposium.

[40]  Silvio Micali,et al.  An Optimal Probabilistic Protocol for Synchronous Byzantine Agreement , 1997, SIAM J. Comput..

[41]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[42]  Matthew K. Franklin,et al.  The Ω key management service , 1996, CCS '96.

[43]  Yevgeniy Dodis,et al.  A Verifiable Random Function with Short Proofs and Keys , 2005, Public Key Cryptography.

[44]  Silvio Micali,et al.  Optimal and Player-Replaceable Consensus with an Honest Majority , 2017 .