Global consistency or Byzantine Agreement (BA) and reliable point-to-point communication are two of the most important and well-studied problems in distributed computing. Informally, BA is about maintaining a consistent view of the world among all the non-faulty players in the presence of faults. In a synchronous network over n nodes of which up to any t are corrupted by a Byzantine adversary, BA is possible only if all pair point-to-point reliable communication is possible [Dol82, DDWY93] Specifically, in the standard unauthenticated model, (2t + 1)-connectivity is necessary whereas in the authenticated setting (t + 1)-connectivity is required. Thus, a folklore is that maintaining global consistency is at least as hard as the problem of all pair point-to-point communication. Equivalently, it is widely believed that protocols for BA over incomplete graphs exist only if it is possible to simulate an overlay-ed complete graph. Surprisingly, we show that the folklore is far from true-- achieving global consistency can be strictly easier than all-pair point-to-point communication.
In the authenticated model, it is assumed that the adversary can forge the signatures of only those nodes under its control. In contrast, the unauthenticated model assumes that the adversary can forge the signatures of all the nodes (that is, secure signatures are not used). We initiate a study on the entire gamut of BA's in between, viz., the adversary can forge the signatures of up to any k nodes apart from the up to t nodes that it can actively corrupt. We completely characterize the possibility of BA across the spectrum. Thus, our work attempts to unify the extant literature on agreement. It is, however, more than a mere attempt towards unification as it provides insights into the field. Specifically, apart from the extremes (of k = 0 and k = n − t where aforementioned folklore is known to hold), for every intermediate k, there are several networks over which BA is possible but all-pair point-to-point communication is not.
[1]
Adi Shamir,et al.
A method for obtaining digital signatures and public-key cryptosystems
,
1978,
CACM.
[2]
Juan A. Garay,et al.
Reaching (and Maintaining) Agreement in the Presence of Mobile Faults (Extended Abstract)
,
1994,
WDAG.
[3]
T. Elgamal.
A public key cryptosystem and a signature scheme based on discrete logarithms
,
1984,
CRYPTO 1984.
[4]
Oded Regev,et al.
New lattice based cryptographic constructions
,
2003,
STOC '03.
[5]
Moni Naor,et al.
On Robust Combiners for Oblivious Transfer and Other Primitives
,
2005,
EUROCRYPT.
[6]
Danny Dolev,et al.
On the minimal synchronism needed for distributed consensus
,
1983,
24th Annual Symposium on Foundations of Computer Science (sfcs 1983).
[7]
Leslie Lamport,et al.
Reaching Agreement in the Presence of Faults
,
1980,
JACM.
[8]
Adi Shamir,et al.
Efficient Signature Schemes Based on Birational Permutations
,
1993,
CRYPTO.
[9]
Danny Dolev,et al.
The Byzantine Generals Strike Again
,
1981,
J. Algorithms.
[10]
Bartosz Przydatek,et al.
On Robust Combiners for Private Information Retrieval and Other Primitives
,
2006,
CRYPTO.
[11]
Moti Yung,et al.
Perfectly secure message transmission
,
1990,
Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.
[12]
Seif Haridi,et al.
Distributed Algorithms
,
1992,
Lecture Notes in Computer Science.
[13]
Jürg Wullschleger,et al.
Robuster Combiners for Oblivious Transfer
,
2007,
TCC.
[14]
Nancy A. Lynch,et al.
Impossibility of distributed consensus with one faulty process
,
1985,
JACM.
[15]
Taher ElGamal,et al.
A public key cyryptosystem and signature scheme based on discrete logarithms
,
1985
.
[16]
Craig Gentry,et al.
Trapdoors for hard lattices and new cryptographic constructions
,
2008,
IACR Cryptol. ePrint Arch..