Communication complexity of byzantine agreement, revisited

As Byzantine Agreement (BA) protocols find application in large-scale decentralized cryptocurrencies, an increasingly important problem is to design BA protocols with improved communication complexity. A few existing works have shown how to achieve subquadratic BA under an adaptive adversary. Intriguingly, they all make a common relaxation about the adaptivity of the attacker, that is, if an honest node sends a message and then gets corrupted in some round, the adversary cannot erase the message that was already sent - henceforth we say that such an adversary cannot perform "after-the-fact removal". By contrast, many (super-)quadratic BA protocols in the literature can tolerate after-the-fact removal. In this paper, we first prove that disallowing after-the-fact removal is necessary for achieving subquadratic-communication BA. Next, we show a new subquadratic binary BA construction (of course, assuming no after-the-fact removal) that achieves near- optimal resilience and expected constant rounds under standard cryptographic assumptions and a public-key infrastructure (PKI). In comparison, all known subquadratic protocols make additional strong assumptions such as random oracles or the ability of honest nodes to erase secrets from memory, and even with these strong assumptions, no prior work can achieve the above properties. Lastly, we show that some setup assumption is necessary for achieving subquadratic multicast-based BA.

[1]  Jonathan Katz,et al.  Adaptively secure broadcast, revisited , 2011, PODC '11.

[2]  Hagit Attiya,et al.  Distributed Computing: Fundamentals, Simulations and Advanced Topics , 1998 .

[3]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[4]  Aggelos Kiayias,et al.  Ouroboros Praos: An Adaptively-Secure, Semi-synchronous Proof-of-Stake Blockchain , 2018, EUROCRYPT.

[5]  Victor Shoup,et al.  Secure and Efficient Asynchronous Broadcast Protocols , 2001, CRYPTO.

[6]  Leslie Lamport,et al.  The Weak Byzantine Generals Problem , 1983, JACM.

[7]  Silvio Micali,et al.  Optimal algorithms for Byzantine agreement , 1988, STOC '88.

[8]  Silvio Micali,et al.  ALGORAND: The Efficient and Democratic Ledger , 2016, ArXiv.

[9]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[10]  Jonathan Katz,et al.  On expected constant-round protocols for Byzantine agreement , 2006, J. Comput. Syst. Sci..

[11]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[12]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[13]  Nir Bitansky,et al.  Verifiable Random Functions from Non-interactive Witness-Indistinguishable Proofs , 2017, Journal of Cryptology.

[14]  Kartik Nayak,et al.  Synchronous Byzantine Agreement with Expected O(1) Rounds, Expected O(n2) Communication, and Optimal Resilience , 2019, IACR Cryptol. ePrint Arch..

[15]  Michael Ben-Or,et al.  Another advantage of free choice (Extended Abstract): Completely asynchronous agreement protocols , 1983, PODC '83.

[16]  Martin Hirt,et al.  Adaptively Secure Broadcast , 2010, EUROCRYPT.

[17]  Nancy A. Lynch,et al.  Easy impossibility proofs for distributed consensus problems , 1985, PODC '85.

[18]  Rafail Ostrovsky,et al.  The Hidden Graph Model: Communication Locality and Optimal Resiliency with Adaptive Faults , 2015, ITCS.

[19]  Marcin Paprzycki,et al.  Distributed Computing: Fundamentals, Simulations and Advanced Topics , 2001, Scalable Comput. Pract. Exp..

[20]  Brent Waters,et al.  A Generic Approach to Constructing and Proving Verifiable Random Functions , 2017, TCC.

[21]  Nancy A. Lynch,et al.  Consensus in the presence of partial synchrony , 1988, JACM.

[22]  Sandro Coretti,et al.  Probabilistic Termination and Composability of Cryptographic Protocols , 2016, Journal of Cryptology.

[23]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[24]  Jared Saia,et al.  Breaking the O(n2) bit barrier: scalable byzantine agreement with an adaptive adversary , 2010, PODC.

[25]  Rafail Ostrovsky,et al.  New Techniques for Noninteractive Zero-Knowledge , 2012, JACM.

[26]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[27]  Michael O. Rabin,et al.  Randomized byzantine generals , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[28]  Matthias Fitzi,et al.  Generalized communication and security models in Byzantine agreement , 2002 .

[29]  Silvio Micali,et al.  Verifiable random functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[30]  Erik Vee,et al.  Scalable leader election , 2006, SODA '06.