论文信息 - Round Complexity of Byzantine Agreement, Revisited

Round Complexity of Byzantine Agreement, Revisited

Although Byzantine Agreement (BA) has been studied for three decades, perhaps somewhat surprisingly, there still exist significant gaps in our understanding regarding its round complexity. First, although expected constant-round protocols are known in the honest majority setting, it is unclear whether one has to settle for expected constant-round or whether there exist better protocols that are worst-case constant-round. Second, for the corrupt majority setting, the existence of sublinear-round BA protocols continues to ellude us except for the narrow regime when only sublinearly more than a half are corrupt. In this paper, we make a couple important steps forward in bridging this gap. We show two main results: 1. No (even randomized) protocol that completes in worst-case o (log(1/δ)/ log log(1/δ)) rounds can achieve BA with 1 − δ probability, even when only 1% of the nodes are corrupt. In comparison, known expected constant-round, honest-majority protocols complete in O(log(1/δ)) rounds in the worst-case. Therefore, our lower bound is tight upto a log log factor for the honest majority setting. 2. There exists a corrupt-majority BA protocol that terminates in O(log(1/δ)/ ) rounds in the worst case and tolerates (1− ) fraction of corrupt nodes. Our upper bound is optimal upto a logarithmic factor in light of the elegant Ω(1/ ) lower bound by Garay et al. (FOCS’07). ∗A subset of the work was done while the authors were consulting for Thunder Research.

Elaine Shi | Rafael Pass | T.-H. Hubert Chan

[1] Rafail Ostrovsky,et al. Round Complexity of Authenticated Broadcast with a Dishonest Majority , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[2] Silvio Micali,et al. An Optimal Probabilistic Protocol for Synchronous Byzantine Agreement , 1997, SIAM J. Comput..

[3] Elaine Shi,et al. Consensus through Herding , 2019, IACR Cryptol. ePrint Arch..

[4] Rafail Ostrovsky,et al. New Techniques for Noninteractive Zero-Knowledge , 2012, JACM.

[5] Silvio Micali,et al. ALGORAND: The Efficient and Democratic Ledger , 2016, ArXiv.

[6] Matthias Fitzi,et al. On the Number of Synchronous Rounds Sufficient for Authenticated Byzantine Agreement , 2009, DISC.

[7] Danny Dolev,et al. Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[8] Kartik Nayak,et al. Communication complexity of byzantine agreement, revisited , 2018, Distributed Computing.

[9] Jonathan Katz,et al. On Expected Constant-Round Protocols for Byzantine Agreement , 2006, CRYPTO.

[10] Kartik Nayak,et al. Synchronous Byzantine Agreement with Expected O(1) Rounds, Expected O(n2) Communication, and Optimal Resilience , 2019, IACR Cryptol. ePrint Arch..