Round-Efficient Byzantine Broadcast under Strongly Adaptive and Majority Corruptions

The round complexity of Byzantine Broadcast (BB) has been a central question in distributed systems and cryptography. In the honest majority setting, expected constant round protocols have been known for decades even in the presence of a strongly adaptive adversary. In the corrupt majority setting, however, no protocol with sublinear round complexity is known, even when the adversary is allowed to strongly adaptively corrupt only 51% of the players, and even under reasonable setup or cryptographic assumptions. Recall that a strongly adaptive adversary can examine what original message an honest player would have wanted to send in some round, adaptively corrupt the player in the same round and make it send a completely different message instead. In this paper, we are the first to construct a BB protocol with sublinear round complexity in the corrupt majority setting. Specifically, assuming the existence of time-lock puzzles with suitable hardness parameters and that the decisional linear assumption holds in suitable bilinear groups, we show how to achieve BB in ( n n−f ) 2 · poly log λ rounds with 1 − negl(λ) probability, where n denotes the total number of players, f denotes the maximum number of corrupt players, and λ is the security parameter. Our protocol completes in polylogarithmically many rounds even when 99% of the players can be corrupt.

[1]  Dan Boneh,et al.  Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[2]  Leslie Lamport,et al.  The part-time parliament , 1998, TOCS.

[3]  Elaine Shi,et al.  Sublinear-Round Byzantine Agreement Under Corrupt Majority , 2020, Public Key Cryptography.

[4]  Elaine Shi,et al.  Snow White: Robustly Reconfigurable Consensus and Applications to Provably Secure Proof of Stake , 2019, Financial Cryptography.

[5]  Elaine Shi,et al.  Consensus through Herding , 2019, IACR Cryptol. ePrint Arch..

[6]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[7]  Elaine Shi,et al.  Pseudonymous Secure Computation from Time-Lock Puzzles , 2014, IACR Cryptol. ePrint Arch..

[8]  Jonathan Katz,et al.  Adaptively secure broadcast, revisited , 2011, PODC '11.

[9]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[10]  Alex Samorodnitsky,et al.  On the Round Complexity of Randomized Byzantine Agreement , 2019, IACR Cryptol. ePrint Arch..

[11]  Elaine Shi,et al.  Rethinking Large-Scale Consensus , 2017, 2017 IEEE 30th Computer Security Foundations Symposium (CSF).

[12]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[13]  Silvio Micali,et al.  Verifiable random functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[14]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[15]  Rafael Pass,et al.  Two-Round and Non-Interactive Concurrent Non-Malleable Commitments from Time-Lock Puzzles , 2017, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS).

[16]  Kartik Nayak,et al.  Communication complexity of byzantine agreement, revisited , 2018, Distributed Computing.

[17]  Elaine Shi,et al.  Streamlet: Textbook Streamlined Blockchains , 2020, IACR Cryptol. ePrint Arch..

[18]  Matthias Fitzi,et al.  On the Number of Synchronous Rounds Sufficient for Authenticated Byzantine Agreement , 2009, DISC.

[19]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[20]  Silvio Micali,et al.  Optimal algorithms for Byzantine agreement , 1988, STOC '88.

[21]  Jonathan Katz,et al.  On expected constant-round protocols for Byzantine agreement , 2006, J. Comput. Syst. Sci..

[22]  Sebastian Faust,et al.  Efficient Algorithms for Broadcast and Consensus Based on Proofs of Work , 2017, IACR Cryptol. ePrint Arch..

[23]  Elaine Shi,et al.  Hybrid Consensus: Efficient Consensus in the Permissionless Model , 2016, DISC.

[24]  Martin Hirt,et al.  Adaptively Secure Broadcast , 2010, EUROCRYPT.

[25]  Ittai Abraham,et al.  HotStuff: BFT Consensus with Linearity and Responsiveness , 2019, PODC.

[26]  Rafail Ostrovsky,et al.  New Techniques for Noninteractive Zero-Knowledge , 2012, JACM.

[27]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[28]  Silvio Micali,et al.  An Optimal Probabilistic Protocol for Synchronous Byzantine Agreement , 1997, SIAM J. Comput..

[29]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[30]  Elaine Shi,et al.  Expected Constant Round Byzantine Broadcast under Dishonest Majority , 2020, IACR Cryptol. ePrint Arch..

[31]  Elaine Shi,et al.  The Sleepy Model of Consensus , 2017, ASIACRYPT.

[32]  Nir Bitansky,et al.  Time-Lock Puzzles from Randomized Encodings , 2016, IACR Cryptol. ePrint Arch..

[33]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[34]  Rafail Ostrovsky,et al.  Round Complexity of Authenticated Broadcast with a Dishonest Majority , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[35]  Sandro Coretti,et al.  Probabilistic Termination and Composability of Cryptographic Protocols , 2016, Journal of Cryptology.