Round Complexity of Authenticated Broadcast with a Dishonest Majority

Broadcast among n parties in the presence of t ges n/3 malicious parties is possible only with some additional setup. The most common setup considered is the existence of a PKI and secure, digital signatures, where so-called authenticated broadcast is achievable for any t < n. It is known that t + 1 rounds are necessary and sufficient for deterministic protocols achieving authenticated broadcast. Recently, however, randomized protocols running in expected constant rounds have been shown for the case of t < n/2. It has remained open whether randomization can improve the round complexity when an honest majority is not present. We address this question and show upper/lower bounds on how much randomization can help: ldr For t les n/2 + k, we. show a randomized broadcast protocol that runs in expected O(k2) rounds. In particular, we obtain expected constant-round pivtocols for t = n/2 + O(1). ldr On the negative side, we show that even randomized protocols require Omega(2n/(n-t)) rounds. This in particular rules out expected constant-round protocols when the fraction of honest parties is sub-constant.

[1]  Jeffrey Considine,et al.  Byzantine Agreement Given Partial Broadcast , 2005, Journal of Cryptology.

[2]  John Langford,et al.  Provably Secure Steganography , 2002, IEEE Transactions on Computers.

[3]  Brian A. Coan,et al.  A communication-efficient canonical form for fault-tolerant distributed protocols , 1986, PODC '86.

[4]  Nancy A. Lynch,et al.  A Lower Bound for the Time to Assure Interactive Consistency , 1982, Inf. Process. Lett..

[5]  Cynthia Dwork,et al.  Randomization in Byzantine Agreement , 1989, Adv. Comput. Res..

[6]  Yoram Moses,et al.  Fully Polynomial Byzantine Agreement for n > 3t Processors in t + 1 Rounds , 1998, SIAM J. Comput..

[7]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[8]  Yehuda Lindell,et al.  Secure Multi-Party Computation without Agreement , 2005, Journal of Cryptology.

[9]  Alfredo De Santis,et al.  Zero-knowledge proofs of knowledge without interaction , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[10]  Michael O. Rabin,et al.  Randomized byzantine generals , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[11]  Jesper Buus Nielsen,et al.  A Threshold Pseudorandom Function Construction and Its Applications , 2002, CRYPTO.

[12]  Danny Dolev,et al.  The Byzantine Generals Strike Again , 1981, J. Algorithms.

[13]  Matthias Fitzi,et al.  Efficient player-optimal protocols for strong and differential consensus , 2003, PODC '03.

[14]  Birgit Pfitzmann,et al.  Information-Theoretic Pseudosignatures and Byzantine Agreement for t ≥ n/3 , 2007 .

[15]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[16]  Silvio Micali,et al.  An Optimal Probabilistic Protocol for Synchronous Byzantine Agreement , 1997, SIAM J. Comput..

[17]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[18]  Piotr Berman,et al.  Cloture Votes:n/4-resilient Distributed Consensus int + 1 rounds , 2005, Mathematical systems theory.

[19]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[20]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1985, JACM.

[21]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[22]  Yoram Moses,et al.  Coordinated traversal: (t+1)-round Byzantine agreement in polynomial time , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[23]  Vinod Vaikuntanathan,et al.  Fault-Tolerant Distributed Computing in Full-Information Networks , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[24]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[25]  John Langford,et al.  Covert two-party computation , 2005, STOC '05.

[26]  Sam Toueg,et al.  Fast Distributed Agreement , 1987, SIAM J. Comput..

[27]  Danny Dolev,et al.  Early stopping in Byzantine agreement , 1990, JACM.

[28]  Yoram Moses,et al.  Coordinated Traversal: (t + 1)- Round Byzantine Agreement in Polynomial Time , 1994, J. Algorithms.

[29]  Vinod Vaikuntanathan,et al.  Byzantine agreement in the full-information model in O(log n) rounds , 2006, STOC '06.

[30]  Jonathan Katz,et al.  On expected constant-round protocols for Byzantine agreement , 2006, J. Comput. Syst. Sci..

[31]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[32]  Juan A. Garay,et al.  Efficient Distributed Consensus with n = (3 + epsilon) t Processors (Extended Abstract) , 1991, WDAG.

[33]  Michael Ben-Or,et al.  Another advantage of free choice (Extended Abstract): Completely asynchronous agreement protocols , 1983, PODC '83.

[34]  Danny Dolev,et al.  Shifting Gears: Changing Algorithms on the Fly to Expedite Byzantine Agreement , 1992, Inf. Comput..

[35]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[36]  David Zuckerman,et al.  Random Selection with an Adversarial Majority , 2006, CRYPTO.