Combining Asynchronous and Synchronous Byzantine Agreement: The Best of Both Worlds

In the problem of byzantine agreement (BA), a set of n parties wishes to agree on a value v by jointly running a distributed protocol. The protocol is deemed secure if it achieves this goal in spite of a malicious adversary that corrupts a certain fraction of the parties and can make them behave in arbitrarily malicious ways. Since its first formalization by Lamport et al. (TOPLAS ‘82), the problem of BA has been extensively studied in the literature under many different assumptions. One common way to classify protocols for BA is by their synchrony and network assumptions. For example, some protocols offer resilience against up to f < n2 many corrupted parties by assuming a synchronized, but possibly slow network, in which parties share a global clock and messages are guaranteed to arrive after a given time ∆. By comparison, other protocols achieve much higher efficiency and work without these assumptions, but can tolerate only f < n3 many corrupted parties. A natural question is whether it is possible to combine protocols from these two regimes to achieve the “best of both worlds”: protocols that are both efficient and robust. In this work, we answer this question in the affirmative. Concretely, we make the following contributions: • We give the first generic compilers that combine BA protocols under different network and synchrony assumptions and preserve both the efficiency and robustness of their building blocks. Our constructions are simple and rely solely on a secure signature scheme. • We prove that our constructions achieve optimal corruption bounds. • Finally, we give the first efficient protocol for (binary) asynchronous byzantine agreement (ABA) which tolerates adaptive corruptions and matches the communication complexity of the best protocols in the static case.

[1]  Danny Dolev,et al.  An almost-surely terminating polynomial protocol for asynchronous byzantine agreement with optimal resilience , 2008, PODC '08.

[2]  John Lane,et al.  Steward: Scaling Byzantine Fault-Tolerant Replication to Wide Area Networks , 2010, IEEE Transactions on Dependable and Secure Computing.

[3]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[4]  Victor Shoup,et al.  Secure and Efficient Asynchronous Broadcast Protocols , 2001, CRYPTO.

[5]  Ran Canetti,et al.  Fast asynchronous Byzantine agreement with optimal resilience , 1993, STOC.

[6]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[7]  Moti Yung,et al.  Born and raised distributively: fully distributed non-interactive adaptively-secure threshold signatures with short shares , 2014, Theor. Comput. Sci..

[8]  Christian Cachin,et al.  Secure INtrusion-Tolerant Replication on the Internet , 2002, Proceedings International Conference on Dependable Systems and Networks.

[9]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[10]  Michael O. Rabin,et al.  Randomized byzantine generals , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[11]  C. Pandu Rangan,et al.  Simple and efficient asynchronous byzantine agreement with optimal resilience , 2009, PODC '09.

[12]  Elaine Shi,et al.  Hybrid Consensus: Efficient Consensus in the Permissionless Model , 2016, DISC.

[13]  Kartik Nayak,et al.  Efficient Synchronous Byzantine Consensus , 2017, 1704.02397.

[14]  Ranjit Kumaresan,et al.  Broadcast and Verifiable Secret Sharing: New Security Models and Round Optimal Constructions , 2012 .

[15]  Miguel Correia,et al.  Spin One's Wheels? Byzantine Fault Tolerance with a Spinning Primary , 2009, 2009 28th IEEE International Symposium on Reliable Distributed Systems.

[16]  Elaine Shi,et al.  Thunderella: Blockchains with Optimistic Instant Confirmation , 2018, IACR Cryptol. ePrint Arch..

[17]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[18]  Klaus Kursawe,et al.  Optimistic Byzantine agreement , 2002, 21st IEEE Symposium on Reliable Distributed Systems, 2002. Proceedings..

[19]  Martin Hirt,et al.  On the theoretical gap between synchronous and asynchronous MPC protocols , 2010, PODC '10.

[20]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[21]  Miguel Correia,et al.  From Consensus to Atomic Broadcast: Time-Free Byzantine-Resistant Protocols without Signatures , 2006, Comput. J..

[22]  Jonathan Kirsch,et al.  Scaling Byzantine Fault-Tolerant Replication toWide Area Networks , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[23]  Tal Rabin,et al.  Asynchronous secure computations with optimal resilience (extended abstract) , 1994, PODC '94.

[24]  Michael Ben-Or,et al.  Another advantage of free choice (Extended Abstract): Completely asynchronous agreement protocols , 1983, PODC '83.

[25]  Silvio Micali,et al.  ALGORAND AGREEMENT: Super Fast and Partition Resilient Byzantine Agreement , 2018, IACR Cryptol. ePrint Arch..

[26]  Victor Shoup,et al.  Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement Using Cryptography , 2000, Journal of Cryptology.

[27]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1985, JACM.

[28]  Anna Lysyanskaya,et al.  Asynchronous verifiable secret sharing and proactive cryptosystems , 2002, CCS '02.

[29]  Ramakrishna Kotla,et al.  Zyzzyva: speculative byzantine fault tolerance , 2007, TOCS.

[30]  Rafail Ostrovsky,et al.  Round Complexity of Authenticated Broadcast with a Dishonest Majority , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[31]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1983, PODS '83.

[32]  Michel Raynal,et al.  Signature-Free Asynchronous Byzantine Consensus with $ , 2014 .

[33]  Miguel Correia,et al.  EBAWA: Efficient Byzantine Agreement for Wide-Area Networks , 2010, 2010 IEEE 12th International Symposium on High Assurance Systems Engineering.

[34]  Elaine Shi,et al.  The Honey Badger of BFT Protocols , 2016, CCS.

[35]  Matthias Fitzi,et al.  On the Number of Synchronous Rounds Required for Byzantine Agreement , 2008, IACR Cryptol. ePrint Arch..

[36]  Gabriel Bracha,et al.  Asynchronous Byzantine Agreement Protocols , 1987, Inf. Comput..

[37]  Matthias Fitzi,et al.  Two-Threshold Broadcast and Detectable Multi-party Computation , 2003, EUROCRYPT.