Optimal algorithms for Byzantine agreement

We exhibit randomized Byzantine agreement (BA) algorithms achieving optimal running time and fault tolerance against all types of adversaries ever considered in the literature. Our BA algorithms do not require trusted parties, preprocessing, or non-constructive arguments. Given private communication lines, we show that <italic>n</italic> processors can reach <italic>BA</italic> in expected constant time <list><item>in a <italic>syncronous</italic> network if any < <italic>n</italic>/3 faults occur </item><item>in an <italic>asynchronous</italic> network if any < <italic>n</italic>/4 faults occur </item></list> For both synchronous and asynchronous networks whose lines do not guarantee private communication, we may use cryptography to obtain algorithms optimal both in fault tolerance and running time against computationally bounded adversaries. (Thus, in this setting, we tolerate up to <italic>n</italic>/3 faults even in an asynchronous network.)

[1]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[2]  W. W. Peterson,et al.  Error-Correcting Codes. , 1962 .

[3]  James L. Massey,et al.  Review of 'Error-Correcting Codes, 2nd edn.' (Peterson, W. W., and Weldon, E. J., Jr.; 1972) , 1973, IEEE Trans. Inf. Theory.

[4]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[5]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[6]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[7]  Danny Dolev,et al.  The Byzantine Generals Strike Again , 1981, J. Algorithms.

[8]  Nancy A. Lynch,et al.  An Efficient Algorithm for Byzantine Agreement without Authentication , 1982, Inf. Control..

[9]  Nancy A. Lynch,et al.  A Lower Bound for the Time to Assure Interactive Consistency , 1982, Inf. Process. Lett..

[10]  Michael Ben-Or,et al.  Another advantage of free choice (Extended Abstract): Completely asynchronous agreement protocols , 1983, PODC '83.

[11]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[12]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1983, PODS '83.

[13]  Michael O. Rabin,et al.  Randomized byzantine generals , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[14]  Danny Dolev,et al.  On the minimal synchronism needed for distributed consensus , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[15]  Brian A. Coan,et al.  Extending Binary Byzantine Agreement to Multivalued Byzantine Agreement , 1984, Inf. Process. Lett..

[16]  B. Chor,et al.  Simple constant-time consensus protocols in realistic failure models (extended abstract) , 1985, ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing.

[17]  Brian A. Coan,et al.  A Simple and Efficient Randomized Byzantine Agreement Algorithm , 1985, IEEE Transactions on Software Engineering.

[18]  Baruch Awerbuch,et al.  Verifiable secret sharing and achieving simultaneity in the presence of faults , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[19]  Gabriel Bracha,et al.  An O(lg n) expected rounds randomized Byzantine generals protocol , 1985, STOC '85.

[20]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1985, JACM.

[21]  Silvio Micali,et al.  Byzantine agreement in constant expected time , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[22]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[23]  Cynthia Dwork,et al.  Flipping persuasively in constant expected time , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[24]  Brian A. Coan,et al.  Achieving consensus in fault-tolerant distributed computer systems: protocols, lower bounds, and simulations , 1987 .

[25]  Gabriel Bracha,et al.  An O(log n) expected rounds randomized byzantine generals protocol , 1987, JACM.

[26]  Josh Benaloh,et al.  Secret sharing homomorphisms: keeping shares of a secret secret , 1987, CRYPTO 1987.

[27]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[28]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[29]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[30]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[31]  Cynthia Dwork,et al.  Randomization in Byzantine Agreement , 1989, Adv. Comput. Res..

[32]  David B. Shmoys,et al.  Simple constant-time consensus protocols in realistic failure models , 1989, JACM.