Expected Constant Round Byzantine Broadcast under Dishonest Majority

Byzantine Broadcast (BB) is a central question in distributed systems, and an important challenge is to understand its round complexity. Under the honest majority setting, it is long known that there exist randomized protocols that can achieve BB in expected constant rounds, regardless of the number of nodes n. However, whether we can match the expected constant round complexity in the corrupt majority setting — or more precisely, when f ≥ n/2 + ω(1) — remains unknown, where f denotes the number of corrupt nodes. In this paper, we are the first to resolve this long-standing question. We show how to achieve BB in expected O((n/(n − f))) rounds. In particular, even when 99% of the nodes are corrupt we can achieve expected constant rounds. Our results hold under both a static adversary and a weakly adaptive adversary who cannot perform “after-the-fact removal” of messages already sent by a node before it becomes corrupt. ∗junwan@mit.edu, Massachusetts Institute of Technology †hsxiao@mit.edu, Massachusetts Institute of Technology ‡runting@gmail.com, Cornell University §devadas@mit.edu, Massachusetts Institute of Technology

[1]  Aggelos Kiayias,et al.  Ouroboros Praos: An Adaptively-Secure, Semi-synchronous Proof-of-Stake Blockchain , 2018, EUROCRYPT.

[2]  Silvio Micali,et al.  Optimal algorithms for Byzantine agreement , 1988, STOC '88.

[3]  Jonathan Katz,et al.  On expected constant-round protocols for Byzantine agreement , 2006, J. Comput. Syst. Sci..

[4]  Martin Hirt,et al.  Adaptively Secure Broadcast , 2010, EUROCRYPT.

[5]  Silvio Micali,et al.  An Optimal Probabilistic Protocol for Synchronous Byzantine Agreement , 1997, SIAM J. Comput..

[6]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[7]  Elaine Shi,et al.  FruitChains: A Fair Blockchain , 2017, IACR Cryptol. ePrint Arch..

[8]  Kartik Nayak,et al.  Synchronous Byzantine Agreement with Expected O(1) Rounds, Expected O(n2) Communication, and Optimal Resilience , 2019, IACR Cryptol. ePrint Arch..

[9]  Elaine Shi,et al.  Sublinear-Round Byzantine Agreement Under Corrupt Majority , 2020, Public Key Cryptography.

[10]  Elaine Shi,et al.  Round-Efficient Byzantine Broadcast under Strongly Adaptive and Majority Corruptions , 2020, IACR Cryptol. ePrint Arch..

[11]  Nancy A. Lynch,et al.  Consensus in the presence of partial synchrony , 1988, JACM.

[12]  Allison Bishop,et al.  Essentially Optimal Robust Secret Sharing with Maximal Corruptions , 2016, EUROCRYPT.

[13]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[14]  Silvio Micali,et al.  Algorand: Scaling Byzantine Agreements for Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[15]  Rafail Ostrovsky,et al.  New Techniques for Noninteractive Zero-Knowledge , 2012, JACM.

[16]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[17]  Ryan Farell,et al.  An Analysis of the Cryptocurrency Industry , 2015 .

[18]  Leslie Lamport,et al.  The part-time parliament , 1998, TOCS.

[19]  Silvio Micali,et al.  Byzantine agreement in constant expected time , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[20]  Matthias Fitzi,et al.  On the Number of Synchronous Rounds Sufficient for Authenticated Byzantine Agreement , 2009, DISC.

[21]  Kartik Nayak,et al.  Solidus: An Incentive-compatible Cryptocurrency Based on Permissionless Byzantine Consensus , 2016, ArXiv.

[22]  Elaine Shi,et al.  Hybrid Consensus: Efficient Consensus in the Permissionless Model , 2016, DISC.

[23]  Ravi Montenegro,et al.  Near Optimal Bounds for Collision in Pollard Rho for Discrete Log , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[24]  Elaine Shi,et al.  Snow White: Robustly Reconfigurable Consensus and Applications to Provably Secure Proof of Stake , 2019, Financial Cryptography.

[25]  Gabriel Bracha,et al.  Asynchronous Byzantine Agreement Protocols , 1987, Inf. Comput..

[26]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[27]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[28]  Kartik Nayak,et al.  Solida: A Blockchain Protocol Based on Reconfigurable Byzantine Consensus , 2016, OPODIS.

[29]  Elaine Shi,et al.  The Sleepy Model of Consensus , 2017, ASIACRYPT.

[30]  Yuval Ishai,et al.  On 2-Round Secure Multiparty Computation , 2002, CRYPTO.

[31]  Miguel Castro,et al.  Farsite: federated, available, and reliable storage for an incompletely trusted environment , 2002, OPSR.

[32]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[33]  Silvio Micali,et al.  Verifiable random functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[34]  Jonathan Katz,et al.  Adaptively secure broadcast, revisited , 2011, PODC '11.

[35]  Elaine Shi,et al.  Rethinking Large-Scale Consensus , 2017, 2017 IEEE 30th Computer Security Foundations Symposium (CSF).

[36]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[37]  Kartik Nayak,et al.  Communication complexity of byzantine agreement, revisited , 2018, Distributed Computing.

[38]  Rafail Ostrovsky,et al.  Round Complexity of Authenticated Broadcast with a Dishonest Majority , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).