Efficient Asynchronous Byzantine Agreement with Optimal Resilience

Byzantine agreement (BA) is considered as one of the most fundamental primitives for fault-tolerant distributed computing and cryptographic protocols. BA among a set of n parties each having an input value, allows them to reach agreement on a common value even if some of the parties are faulty and try to prevent agreement among the non-faulty parties. A preliminary version of this paper appeared in PODC 2009. The work of Arpita Patra is supported by Microsoft Research India PhD fellowship. Arpita Patra would also like to thank ACM and IARCS for financial support to attend PODC 2009 and present a preliminary version of this paper. The work of Ashish Choudhary is supported by Infosys Technology India PhD fellowship. Ashish Choudhary would also like to acknowledge financial support from Project No CSE/O5-06/076/DITX/CPAN on Protocols for Secure Communication and Computation, sponsored by Department of Information Technology, Govt. of India to attend PODC 2009, where a preliminary version of this paper is presented. The work of C. Pandu Rangan is supported by project grants of Project No CSE/O5-06/076/DITX/CPAN on Protocols for Secure Communication and Computation, sponsored by Department of Information Technology, Govt. of India. Arpita Patra Dept. of Computer Science and Engineering IIT Madras, Chennai India 600036 Tel.: +91-44-22575370 E-mail: arpitapatra 10@yahoo.co.in, arpitapatra10@gmail.com Ashish Choudhary Dept. of Computer Science and Engineering IIT Madras, Chennai India 600036 Tel.: +91-44-22575370 E-mail: partho 31@yahoo.co.in, partho31@gmail.com C. Pandu Rangan Dept. of Computer Science and Engineering IIT Madras, Chennai India 600036 Tel.: +91-44-22574358 E-mail: prangan55@yahoo.com, prangan55@gmail.com An important variant of BA is Asynchronous Byzantine Agreement (ABA). An ABA protocol is carried out among n parties in a completely asynchronous network, where every two parties are directly connected by a private channel and t out of the n parties are under the control of a computationally unbounded Byzantine (active) adversary At. The communication complexity of ABA is one of its most important complexity measures. In this paper, we present a simple and efficient ABA protocol whose communication complexity is significantly better than the communication complexity of the existing ABA protocols in the literature. Our protocol is optimally resilient and thus requires n = 3t + 1 parties for its execution. Specifically, the amortized communication complexity of our ABA protocol is O(Cn log 1 ǫ ) bits for attaining agreement on a single bit, where ǫ denotes the probability of non-termination and C denotes the expected running time of our protocol. Conditioned on the event that our ABA protocol terminates, it does so in constant expected time; i.e., C = O(1). We compare our result with most recent optimally resilient, ABA protocols proposed in [17] and [1] and show that our protocol gains by a factor of O(n(log 1 ǫ )) over the ABA of [17] and by a factor of O(n log n log 1 ǫ ) over the ABA of [1]. Towards the designing of our efficient ABA protocol, we first present a novel and simple asynchronous verifiable secret sharing (AVSS) protocol with n = 3t + 1, which significantly improves the communication complexity of the only known AVSS protocol of [17] with n = 3t + 1. Our AVSS shares multiple secrets concurrently and is far better than multiple parallel executions of AVSS sharing single secret. Thus our AVSS brings forth several advantages of concurrently sharing multiple secrets. We believe that our AVSS can be used in

[1]  Danny Dolev,et al.  An almost-surely terminating polynomial protocol for asynchronous byzantine agreement with optimal resilience , 2008, PODC '08.

[2]  Matthias Fitzi,et al.  Byzantine Agreement Secure against General Adversaries in the Dual Failure Model , 1999, DISC.

[3]  Sam Toueg,et al.  Asynchronous consensus and broadcast protocols , 1985, JACM.

[4]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[5]  Ran Canetti,et al.  Studies in secure multiparty computation and applications , 1995 .

[6]  K. Srinathan,et al.  Round-Optimal and Efficient Verifiable Secret Sharing , 2006, TCC.

[7]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1983, PODS '83.

[8]  Moti Yung,et al.  Resolving message complexity of Byzantine Agreement and beyond , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[9]  Michael Ben-Or,et al.  Another advantage of free choice (Extended Abstract): Completely asynchronous agreement protocols , 1983, PODC '83.

[10]  Piotr Berman,et al.  Towards Optimal Distributed Consensus (Extended Abstract) , 1989, FOCS 1989.

[11]  Brian A. Coan,et al.  Modular Construction of a Byzantine Agreement Protocol with Optimal Message Bit Complexity , 1992, Inf. Comput..

[12]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[13]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[14]  K. Srinathan,et al.  Optimal Perfectly Secure Message Transmission , 2004, CRYPTO.

[15]  Tal Rabin,et al.  Asynchronous secure computations with optimal resilience (extended abstract) , 1994, PODC '94.

[16]  Martin Hirt,et al.  Perfectly-Secure MPC with Linear Communication Complexity , 2008, TCC.

[17]  C. Pandu Rangan,et al.  Information Theoretically Secure Multi Party Set Intersection Re-Visited , 2009, IACR Cryptol. ePrint Arch..

[18]  Nancy A. Lynch,et al.  Easy impossibility proofs for distributed consensus problems , 1985, PODC '85.

[19]  Juan A. Garay,et al.  A Continuum of Failure Models for Distributed Computing , 1992, WDAG.

[20]  Matthias Fitzi,et al.  Optimally efficient multi-valued byzantine agreement , 2006, PODC '06.

[21]  Silvio Micali,et al.  An Optimal Probabilistic Protocol for Synchronous Byzantine Agreement , 1997, SIAM J. Comput..

[22]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[23]  Gabriel Bracha,et al.  Asynchronous Byzantine Agreement Protocols , 1987, Inf. Comput..

[24]  Yuval Ishai,et al.  The round complexity of verifiable secret sharing and secure multicast , 2001, STOC '01.

[25]  Ivan Damgård,et al.  Efficient Multiparty Computations Secure Against an Adaptive Adversary , 1999, EUROCRYPT.

[26]  Silvio Micali,et al.  Byzantine Agreement in Constant Expected Time (and Trusting No One) , 1985, FOCS 1985.

[27]  Matthias Fitzi,et al.  Generalized communication and security models in Byzantine agreement , 2002 .

[28]  Danny Dolev,et al.  Early stopping in Byzantine agreement , 1990, JACM.

[29]  Ran Canetti,et al.  Fast asynchronous Byzantine agreement with optimal resilience , 1993, STOC.

[30]  Silvio Micali,et al.  An Optimal Algorithm for Synchronous Byzantine Agreement , 1997 .

[31]  Martin Hirt,et al.  Efficient Multi-party Computation with Dispute Control , 2006, TCC.

[32]  Tal Rabin,et al.  Robust sharing of secrets when the dealer is honest or cheating , 1994, JACM.

[33]  Ivan Damgård,et al.  Scalable and Unconditionally Secure Multiparty Computation , 2007, CRYPTO.

[34]  C. Pandu Rangan,et al.  Round Efficient Unconditionally Secure Multiparty Computation Protocol , 2008, INDOCRYPT.

[35]  Yehuda Lindell,et al.  On the composition of authenticated byzantine agreement , 2002, STOC '02.

[36]  Martin Hirt,et al.  Simple and Efficient Perfectly-Secure Asynchronous MPC , 2007, ASIACRYPT.

[37]  Gabriel Bracha,et al.  An O(log n) expected rounds randomized byzantine generals protocol , 1987, JACM.

[38]  Jonathan Katz,et al.  Round-Efficient Secure Computation in Point-to-Point Networks , 2007, EUROCRYPT.

[39]  R. Cramer,et al.  Multiparty Computation, an Introduction , 2005 .

[40]  Danny Dolev,et al.  Polynomial algorithms for multiple processor agreement , 1982, STOC '82.

[41]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[42]  Michael O. Rabin,et al.  Randomized byzantine generals , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[43]  C. Pandu Rangan,et al.  Simple and efficient asynchronous byzantine agreement with optimal resilience , 2009, PODC '09.

[44]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[45]  Nancy A. Lynch,et al.  An Efficient Algorithm for Byzantine Agreement without Authentication , 1982, Inf. Control..

[46]  Jonathan Katz,et al.  Improving the round complexity of VSS in point-to-point networks , 2008, Inf. Comput..

[47]  Matthias Fitzi,et al.  From partial consistency to global broadcast , 2000, STOC '00.

[48]  Matthias Fitzi,et al.  Detectable byzantine agreement secure against faulty majorities , 2002, PODC '02.

[49]  Danny Dolev,et al.  The Byzantine Generals Strike Again , 1981, J. Algorithms.

[50]  Leslie Lamport,et al.  The Weak Byzantine Generals Problem , 1983, JACM.

[51]  Piotr Berman,et al.  Asymptotically Optimal Distributed Consensus (Extended Abstract) , 1989, ICALP.

[52]  Brian A. Coan,et al.  Extending Binary Byzantine Agreement to Multivalued Byzantine Agreement , 1984, Inf. Process. Lett..

[53]  Jonathan Katz,et al.  On expected constant-round protocols for Byzantine agreement , 2006, J. Comput. Syst. Sci..

[54]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[55]  Birgit Pfitzmann,et al.  Unconditional Byzantine Agreement for any Number of Faulty Processors , 1992, STACS.

[56]  Sam Toueg,et al.  Fast Distributed Agreement , 1987, SIAM J. Comput..

[57]  C. Pandu Rangan,et al.  Efficient Asynchronous Multiparty Computation with Optimal Resilience , 2008, IACR Cryptol. ePrint Arch..

[58]  Michael J. Fischer,et al.  The Consensus Problem in Unreliable Distributed Systems (A Brief Survey) , 1983, FCT.

[59]  Piotr Berman,et al.  Cloture Votes:n/4-resilient Distributed Consensus int + 1 rounds , 2005, Mathematical systems theory.

[60]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[61]  C. Pandu Rangan,et al.  The Round Complexity of Verifiable Secret Sharing Revisited , 2009, CRYPTO.

[62]  Sam Toueg,et al.  Randomized Byzantine Agreements , 1984, PODC '84.

[63]  Gabriel Bracha,et al.  An asynchronous [(n - 1)/3]-resilient consensus protocol , 1984, PODC '84.