Although Byzantine Agreement (BA) has been studied for three decades, perhaps somewhat surprisingly, there still exist significant gaps in our understanding regarding its round complexity. First, although expected constant-round protocols are known in the honest majority setting, it is unclear whether one has to settle for expected constant-round or whether there exist better protocols that are worst-case constant-round. Second, for the corrupt majority setting, the existence of sublinear-round BA protocols continues to ellude us except for the narrow regime when only sublinearly more than a half are corrupt. In this paper, we make a couple important steps forward in bridging this gap. We show two main results: 1. No (even randomized) protocol that completes in worst-case o (log(1/δ)/ log log(1/δ)) rounds can achieve BA with 1 − δ probability, even when only 1% of the nodes are corrupt. In comparison, known expected constant-round, honest-majority protocols complete in O(log(1/δ)) rounds in the worst-case. Therefore, our lower bound is tight upto a log log factor for the honest majority setting. 2. There exists a corrupt-majority BA protocol that terminates in O(log(1/δ)/ ) rounds in the worst case and tolerates (1− ) fraction of corrupt nodes. Our upper bound is optimal upto a logarithmic factor in light of the elegant Ω(1/ ) lower bound by Garay et al. (FOCS’07). ∗A subset of the work was done while the authors were consulting for Thunder Research.
[1]
Rafail Ostrovsky,et al.
Round Complexity of Authenticated Broadcast with a Dishonest Majority
,
2007,
48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).
[2]
Silvio Micali,et al.
An Optimal Probabilistic Protocol for Synchronous Byzantine Agreement
,
1997,
SIAM J. Comput..
[3]
Elaine Shi,et al.
Consensus through Herding
,
2019,
IACR Cryptol. ePrint Arch..
[4]
Rafail Ostrovsky,et al.
New Techniques for Noninteractive Zero-Knowledge
,
2012,
JACM.
[5]
Silvio Micali,et al.
ALGORAND: The Efficient and Democratic Ledger
,
2016,
ArXiv.
[6]
Matthias Fitzi,et al.
On the Number of Synchronous Rounds Sufficient for Authenticated Byzantine Agreement
,
2009,
DISC.
[7]
Danny Dolev,et al.
Authenticated Algorithms for Byzantine Agreement
,
1983,
SIAM J. Comput..
[8]
Kartik Nayak,et al.
Communication complexity of byzantine agreement, revisited
,
2018,
Distributed Computing.
[9]
Jonathan Katz,et al.
On Expected Constant-Round Protocols for Byzantine Agreement
,
2006,
CRYPTO.
[10]
Kartik Nayak,et al.
Synchronous Byzantine Agreement with Expected O(1) Rounds, Expected O(n2) Communication, and Optimal Resilience
,
2019,
IACR Cryptol. ePrint Arch..