Complexity of Byzantine Agreement , Revisited

As Byzantine Agreement (BA) protocols find application in largescale decentralized cryptocurrencies, an increasingly important problem is to design BA protocols with improved communication complexity. A few existing works have shown how to achieve subquadratic BA under an adaptive adversary. Intriguingly, they all make a common relaxation about the adaptivity of the attacker, that is, if an honest node sends a message and then gets corrupted in some round, the adversary cannot erase the message that was already sent — henceforth we say that such an adversary cannot perform “after-the-fact removal”. By contrast, many (super-)quadratic BA protocols in the literature can tolerate after-the-fact removal. In this paper, we first prove that disallowing after-the-fact removal is necessary for achieving subquadratic-communication BA. Next, we show a new subquadratic binary BA construction (of course, assuming no after-the-fact removal) that achieves nearoptimal resilience and expected constant rounds under standard cryptographic assumptions and a public-key infrastructure (PKI). In comparison, all known subquadratic protocols make additional strong assumptions such as random oracles or the ability of honest nodes to erase secrets from memory, and even with these strong assumptions, no prior work can achieve the above properties. Lastly, we show that some setup assumption is necessary for achieving subquadratic multicast-based BA. ACM Reference Format: Ittai Abraham, T-H. Hubert Chan, Danny Dolev, Kartik Nayak, Rafael Pass, Ling Ren, and Elaine Shi. 2019. Communication Complexity of Byzantine Agreement, Revisited. In 2019 ACM Symposium on Principles of Distributed Computing (PODC ’19), July 29-August 2, 2019, Toronto, ON, Canada. ACM, New York, NY, USA, 11 pages. https://doi.org/10.1145/3293611.3331629

[1]  Silvio Micali,et al.  Optimal algorithms for Byzantine agreement , 1988, STOC '88.

[2]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[3]  Brent Waters,et al.  A Generic Approach to Constructing and Proving Verifiable Random Functions , 2017, TCC.

[4]  Rafail Ostrovsky,et al.  The Hidden Graph Model: Communication Locality and Optimal Resiliency with Adaptive Faults , 2015, ITCS.

[5]  Leslie Lamport,et al.  The Weak Byzantine Generals Problem , 1983, JACM.

[6]  Nancy A. Lynch,et al.  Consensus in the presence of partial synchrony , 1988, JACM.

[7]  Matthias Fitzi,et al.  Generalized communication and security models in Byzantine agreement , 2002 .

[8]  Jonathan Katz,et al.  On Expected Constant-Round Protocols for Byzantine Agreement , 2006, CRYPTO.

[9]  Martin Hirt,et al.  Adaptively Secure Broadcast , 2010, EUROCRYPT.

[10]  Kartik Nayak,et al.  Synchronous Byzantine Agreement with Expected O(1) Rounds, Expected O(n2) Communication, and Optimal Resilience , 2019, IACR Cryptol. ePrint Arch..

[11]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[12]  Silvio Micali,et al.  ALGORAND: The Efficient and Democratic Ledger , 2016, ArXiv.

[13]  Erik Vee,et al.  Scalable leader election , 2006, SODA '06.

[14]  Nancy A. Lynch,et al.  Easy impossibility proofs for distributed consensus problems , 1985, PODC '85.

[15]  Nir Bitansky,et al.  Verifiable Random Functions from Non-interactive Witness-Indistinguishable Proofs , 2017, Journal of Cryptology.

[16]  Michael O. Rabin,et al.  Randomized byzantine generals , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[17]  Michael Ben-Or,et al.  Another advantage of free choice (Extended Abstract): Completely asynchronous agreement protocols , 1983, PODC '83.

[18]  Hagit Attiya,et al.  Distributed Computing: Fundamentals, Simulations and Advanced Topics , 1998 .

[19]  Jared Saia,et al.  Breaking the O(n2) bit barrier: Scalable byzantine agreement with an adaptive adversary , 2010, JACM.

[20]  Jonathan Katz,et al.  Adaptively secure broadcast, revisited , 2011, PODC '11.

[21]  Aggelos Kiayias,et al.  Ouroboros Praos: An Adaptively-Secure, Semi-synchronous Proof-of-Stake Blockchain , 2018, EUROCRYPT.

[22]  Sandro Coretti,et al.  Probabilistic Termination and Composability of Cryptographic Protocols , 2016, CRYPTO.

[23]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..