On the Number of Synchronous Rounds Sufficient for Authenticated Byzantine Agreement

Byzantine agreement is typically considered with respect to either a fully synchronous network or a fully asynchronous one. In the synchronous case, t + 1 communication rounds are necessary for deterministic protocols whereas all known probabilistic protocols require an expected large number of rounds. In this paper we examine the question of how many initial synchronous rounds are required for Byzantine agreement in the worst case if we allow to switch to asynchronous operation afterward. Let n = h + t be the number of parties where h are honest and t are corrupted. As the main result we show that, in the model with a public-key infrastructure and signatures (aka authenticated Byzantine agreement), d + O(1) deterministic synchronous rounds are sufficient where d is the minimal integer such that n - d > 3(t - d). This improves over the t + 1 necessary deterministic rounds for almost all cases, and over the exact expected number of rounds in the nondeterministic case for many cases.

[1]  Nancy A. Lynch,et al.  Cryptographic protocols , 1982, STOC '82.

[2]  Cynthia Dwork,et al.  Advances in Cryptology – CRYPTO 2020: 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17–21, 2020, Proceedings, Part III , 2020, Annual International Cryptology Conference.

[3]  Danny Dolev,et al.  Shifting Gears: Changing Algorithms on the Fly to Expedite Byzantine Agreement , 1992, Inf. Comput..

[4]  Rafail Ostrovsky,et al.  Round Complexity of Authenticated Broadcast with a Dishonest Majority , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[5]  Dan Alistarh,et al.  How to Solve Consensus in the Smallest Window of Synchrony , 2008, DISC.

[6]  Jonathan Katz,et al.  On Expected Constant-Round Protocols for Byzantine Agreement , 2006, CRYPTO.

[7]  Danny Dolev,et al.  Early stopping in Byzantine agreement , 1990, JACM.

[8]  Birgit Pfitzmann,et al.  Information-Theoretic Pseudosignatures and Byzantine Agreement for t ≥ n/3 , 2007 .

[9]  Silvio Micali,et al.  An Optimal Probabilistic Protocol for Synchronous Byzantine Agreement , 1997, SIAM J. Comput..

[10]  Nancy A. Lynch,et al.  Consensus in the presence of partial synchrony , 1988, JACM.

[11]  Martin Hirt,et al.  Almost-Asynchronous MPC with Faulty Minority , 2008, IACR Cryptol. ePrint Arch..

[12]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[13]  Victor Shoup,et al.  Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement Using Cryptography , 2000, Journal of Cryptology.

[14]  Rachid Guerraoui,et al.  The inherent price of indulgence , 2002, PODC '02.