Random oracles in constantipole: practical asynchronous Byzantine agreement using cryptography (extended abstract)

Byzantine agreement requires a set of parties in a distributed system to agree on a value even if some parties are corrupted. A new protocol for Byzantine agreement in a completely asynchronous network is presented that makes use of cryptography, specifically of threshold signatures and coin-tossing protocols. These cryptographic protocols have practical and provably secure implementations in the “random oracle” model. In particular, a coin-tossing protocol based on the Diffie-Hellman problem is presented and analyzed. The resulting asynchronous Byzantine agreement protocol is both practical and nearly matches the known theoretical lower bounds. More precisely, it tolerates the maximum number of corrupted parties, runs in constant expected time, has message and communication complexity close to the maximum, and uses a trusted dealer only in a setup phase, after which it can process a virtually unlimited number of transactions. Novel dual-threshold variants of both cryptographic protocols are used. The protocol is formulated as a transaction processing service in a cryptographic security model, which differs from the standard information-theoretic formalization and may be of independent interest.

[1]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[2]  Ran Canetti,et al.  An Efficient Threshold Public Key Cryptosystem Secure Against Adaptive Chosen Ciphertext Attack , 1999, EUROCRYPT.

[3]  Moni Naor,et al.  Distributed Pseudo-random Functions and KDCs , 1999, EUROCRYPT.

[4]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[5]  Tal Rabin,et al.  A Simplified Approach to Threshold and Proactive RSA , 1998, CRYPTO.

[6]  Hugo Krawczyk,et al.  A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract) , 1998, STOC '98.

[7]  Silvio Micali,et al.  An Optimal Probabilistic Protocol for Synchronous Byzantine Agreement , 1997, SIAM J. Comput..

[8]  Sam Toueg,et al.  Unreliable failure detectors for reliable distributed systems , 1996, JACM.

[9]  Michael K. Reiter A Secure Group Membership Protocol , 1996, IEEE Trans. Software Eng..

[10]  Silvio Micali,et al.  A Simple Method for Generating and Sharing Pseudo-Random Functions, with Applications to Clipper-like Escrow Systems , 1995, CRYPTO.

[11]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[12]  Nancy A. Lynch,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[13]  Donald Beaver,et al.  Global, Unpredictable Bit Generation Without Broadcast , 1994, EUROCRYPT.

[14]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[15]  Piotr Berman,et al.  Randomized distributed agreement revisited , 1993, FTCS-23 The Twenty-Third International Symposium on Fault-Tolerant Computing.

[16]  Ran Canetti,et al.  Fast asynchronous Byzantine agreement with optimal resilience , 1993, STOC.

[17]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[18]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[19]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[20]  Yvo Desmedt,et al.  Society and Group Oriented Cryptography: A New Concept , 1987, CRYPTO.

[21]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[22]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1985, JACM.

[23]  Sam Toueg,et al.  Randomized Byzantine Agreements , 1984, PODC '84.

[24]  Gabriel Bracha,et al.  An asynchronous [(n - 1)/3]-resilient consensus protocol , 1984, PODC '84.

[25]  Michael O. Rabin,et al.  Randomized byzantine generals , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[26]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[27]  Michael Ben-Or,et al.  Another advantage of free choice (Extended Abstract): Completely asynchronous agreement protocols , 1983, PODC '83.

[28]  Michael Ben-Or,et al.  Another advantage of free choice (Extended Abstract): Completely asynchronous agreement protocols , 1983, PODC '83.

[29]  Adi Shamir,et al.  How to share a secret , 1979, CACM.