Ittai Abraham,Danny Dolev

DOI: https://doi.org/10.48550/arXiv.1504.02547

2015-04-15

Abstract:We provide the first protocol that solves Byzantine agreement with optimal early stopping ($\min\{f+2,t+1\}$ rounds) and optimal resilience ($n>3t$) using polynomial message size and computation. All previous approaches obtained sub-optimal results and used resolve rules that looked only at the immediate children in the EIG (\emph{Exponential Information Gathering}) tree. At the heart of our solution are new resolve rules that look at multiple layers of the EIG tree.

Distributed, Parallel, and Cluster Computing

Ashish Choudhury

DOI: https://doi.org/10.1016/j.tcs.2024.114492

IF: 1.002

2024-03-09

Theoretical Computer Science

Abstract:In this work, we study almost-surely terminating asynchronous Byzantine agreement (ABA) for n parties tolerating a computationally-unbounded adversary. While the existing works in this domain have primarily considered a threshold adversarial model where the adversary can corrupt any subset of up to t parties, very little attention has been paid to the non-threshold adversarial model. In the latter model, the corruption capacity of the adversary is characterized by an adversary structure Z , which enumerates all possible subsets of potentially corrupt parties and where the adversary can select any one subset from Z for corruption. While the optimal resilience for ABA against threshold adversaries is t , against non-threshold adversaries one can design an ABA protocol, provided Z satisfies the Q(3) condition; i.e. if the union of no three subsets from Z covers all the n parties. We present the first almost-surely terminating ABA protocol against Q(3) adversary structures. Previously, almost-surely terminating ABA protocol is known with non-optimal resilience where Z satisfies the Q(4) condition; i.e. if the union of no four subsets from Z covers all the n parties. To design our protocol, we present a shunning asynchronous verifiable secret-sharing (SAVSS) scheme for Q(3) adversary structures, which is of independent interest.

computer science, theory & methods

Nasit S Sony

2024-12-05

Abstract:Byzantine agreement protocols in asynchronous networks have gained renewed attention due to their independence from network timing assumptions to ensure termination. Traditional asynchronous Byzantine agreement protocols require every party to broadcast its requests (e.g., transactions), leading to high communication costs as parties ultimately agree on one party's request. This inefficiency is particularly significant in multi-valued Byzantine agreement protocols, where parties aim to agree on one party's requests under the assumption $n=3f+1$, where $n$ is the total number of parties, and $f$ is the number of Byzantine parties. To address these inefficiencies, we propose Efficient-VABA (eVABA), an optimized protocol for the asynchronous Byzantine agreement (ABA) problem. By limiting broadcasts to a selected subset of parties, the protocol reduces the number of messages and computation overhead.

Distributed, Parallel, and Cluster Computing

Shang-En Huang,Seth Pettie,Leqi Zhu

DOI: https://doi.org/10.1145/3639454

IF: 2.269

2024-01-02

Journal of the ACM

Abstract:Since the mid-1980s it has been known that Byzantine Agreement can be solved with probability 1 asynchronously, even against an omniscient, computationally unbounded adversary that can adaptively corrupt up to f < n /3 parties. Moreover, the problem is insoluble with f ≥ n /3 corruptions. However, Bracha’s [13] 1984 protocol (see also Ben-Or [8]) achieved f < n /3 resilience at the cost of exponential expected latency 2 Θ ( n ) , a bound that has never been improved in this model with f = ⌊( n − 1)/3⌋ corruptions. In this paper, we prove that Byzantine Agreement in the asynchronous, full information model can be solved with probability 1 against an adaptive adversary that can corrupt f < n /3 parties, while incurring only polynomial latency with high probability . Our protocol follows an earlier polynomial latency protocol of King and Saia [33,34], which had suboptimal resilience, namely f ≈ n /10 9 [33,34]. Resilience f = ( n − 1)/3 is uniquely difficult, as this is the point at which the influence of the Byzantine and honest players are of roughly equal strength. The core technical problem we solve is to design a collective coin-flipping protocol that eventually lets us flip a coin with an unambiguous outcome. In the beginning, the influence of the Byzantine players is too powerful to overcome, and they can essentially fix the coin’s behavior at will. We guarantee that after just a polynomial number of executions of the coin-flipping protocol, either (a) the Byzantine players fail to fix the behavior of the coin (thereby ending the game) or (b) we can “blacklist” players such that the blacklisting rate for Byzantine players is at least as large as the blacklisting rate for good players. The blacklisting criterion is based on a simple statistical test of fraud detection .

computer science, information systems, theory & methods, software engineering, hardware & architecture

Ittai Abraham,Srinivas Devadas,Danny Dolev,Kartik Nayak,Ling Ren

DOI: https://doi.org/10.48550/arXiv.1704.02397

2017-09-13

Abstract:We present new protocols for Byzantine state machine replication and Byzantine agreement in the synchronous and authenticated setting. The celebrated PBFT state machine replication protocol tolerates $f$ Byzantine faults in an asynchronous setting using $3f+1$ replicas, and has since been studied or deployed by numerous works. In this work, we improve the Byzantine fault tolerance threshold to $n=2f+1$ by utilizing a relaxed synchrony assumption. We present a synchronous state machine replication protocol that commits a decision every 3 rounds in the common case. The key challenge is to ensure quorum intersection at one honest replica. Our solution is to rely on the synchrony assumption to form a post-commit quorum of size $2f+1$, which intersects at $f+1$ replicas with any pre-commit quorums of size $f+1$. Our protocol also solves synchronous authenticated Byzantine agreement in expected 8 rounds. The best previous solution (Katz and Koo, 2006) requires expected 24 rounds. Our protocols may be applied to build Byzantine fault tolerant systems or improve cryptographic protocols such as cryptocurrencies when synchrony can be assumed.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Nasit S Sony,Xianzhong Ding,Mukesh Singhal

2024-10-31

Abstract:Multi-valued Byzantine agreement (MVBA) protocols are essential for atomic broadcast and fault-tolerant state machine replication in asynchronous networks. Despite advances, challenges persist in optimizing these protocols for communication and computation efficiency. This paper presents a committee-based MVBA protocol (cMVBA), a novel approach that achieves agreement without extra communication rounds by analyzing message patterns in asynchronous networks with probability 1.

Distributed, Parallel, and Cluster Computing

Pierre Civit,Muhammad Ayaz Dzulfikar,Seth Gilbert,Rachid Guerraoui,Jovan Komatovic,Manuel Vidigueira,Igor Zablotchi

2024-08-20

Abstract:Byzantine agreement enables n processes to agree on a common L-bit value, despite up to t > 0 arbitrary failures. A long line of work has been dedicated to improving the bit complexity of Byzantine agreement in synchrony. This has culminated in COOL, an error-free (deterministically secure against a computationally unbounded adversary) solution that achieves O(nL + n^2 logn) worst-case bit complexity (which is optimal for L >= n logn according to the Dolev-Reischuk lower bound). COOL satisfies strong unanimity: if all correct processes propose the same value, only that value can be decided. Strong unanimity is, however, not sufficient for today's state machine replication (SMR) and blockchain protocols. These systems value progress and require a decided value to always be valid, excluding default decisions (such as EMPTY) even in cases where there is no unanimity a priori. Validated Byzantine agreement satisfies this property (called external validity). Yet, the best error-free (or even signature-free) validated agreement solutions achieve only O(n^2L) bit complexity, a far cry from the Omega(nL + n^2) Dolev-Reishcuk lower bound. In this paper, we present two new synchronous algorithms for validated Byzantine agreement, HashExt and ErrorFreeExt, with different trade-offs. Both algorithms are (1) signature-free, (2) optimally resilient (tolerate up to t < n / 3 failures), and (3) early-stopping (terminate in O(f+1) rounds, where f <= t is the actual number of failures). On the one hand, HashExt uses only hashes and achieves O(nL + n^3 kappa) bit complexity, which is optimal for L >= n^2 kappa (where kappa is the size of a hash). On the other hand, ErrorFreeExt is error-free, using no cryptography whatsoever, and achieves O( (nL + n^2) logn ) bit complexity, which is near-optimal for any L.

Distributed, Parallel, and Cluster Computing

Qing-Shan Jia

DOI: https://doi.org/10.1109/tac.2011.2152190

IF: 6.549

2011-01-01

IEEE Transactions on Automatic Control

Abstract:Event-based optimization (EBO) has been developed to model a specific type of problems, in which decisions can be made only when certain events occur. Because the event sequence usually is not Markovian, how to solve optimal policies for EBOs remains open in general. Motivated by real applications, we focus on finite-stage EBOs with discrete state space in this technical note and make two contributions. First, we show that this EBO can be converted to a partially observable Markov decision process (POMDP). Based on this connection, existing exact and approximate solution methodologies for POMDPs can then be applied to EBOs. Second, we develop the performance difference and derivative formulas and the potential-based policy iteration algorithm, which converges to the global optimum. This algorithm is then applied to a node activation problem in wireless sensor network.

Nasit S Sony,Xianzhong Ding,Mukesh Singhal

2024-06-06

Abstract:The multi-valued byzantine agreement protocol (MVBA) in the authenticated setting has been widely used as a core to design atomic broadcast and fault-tolerant state machine replication protocols in asynchronous networks. Originating from the seminal work of Cachin et al. \cite{CACHIN01}, subsequent research endeavors have sought to optimize protocol efficiency in terms of communication complexity. Notable advancements following Cachin's contributions include: i) VABA \cite{BYZ17}, requiring multiple protocol instances to achieve agreement on a party's request, and ii) Dumbo-MVBA \cite{LU20}, employing a cryptographic asynchronous dispersal and recovery methods to manage communication complexity alongside additional computational and communication rounds overheads. Our objective is to devise an MVBA protocol that achieves agreement in each instance without extra computation and communication rounds while maintaining the optimal metrics. Central to our design approach is the introduction of the committee in the classic MVBA protocol, wherein a randomly selected subset of ($f+1$, where $n=3f+1$) parties get selected and simultaneously broadcast their requests (transactions) to gather verifiable proofs. Successive distributions of these proofs afford us the necessary properties to employ the asynchronous binary Byzantine agreement (ABBA) protocol for reaching an agreement on a selected party's requests. By integrating the committee and ABBA protocols, we devise the optimal MVBA protocol, termed pMVBA (Prioritized-MVBA). This protocol exhibits resilience to tolerate up to $\lfloor \frac{n}{3}\rfloor$ Byzantine failures, with an expected runtime of $O(1)$, optimal message complexity of $O(n^2)$, and optimal communication complexity $O((l+\lambda)n^2)$ .

Distributed, Parallel, and Cluster Computing

Cheng Wang

DOI: https://doi.org/10.48550/arXiv.1507.06165

2015-07-22

Distributed, Parallel, and Cluster Computing

Abstract:Given a system with $n > 3t + 1$ processes, where $t$ is the tolerated number of faulty ones, we present a fast asynchronous Byzantine agreement protocol that can reach agreement in $O(t)$ expected running time. This improves the $O(n^2)$ expected running time of Abraham, Dolev, and Halpern [PODC 2008]. Furthermore, if $n = (3 + \varepsilon) t$ for any $\varepsilon > 0$, our protocol can reach agreement in $O (1 / \varepsilon)$ expected running time. This improves the result of Feldman and Micali [STOC 1988] (with constant expected running time when $n > 4 t$).

Pierre Civit,Muhammad Ayaz Dzulfikar,Seth Gilbert,Rachid Guerraoui,Jovan Komatovic,Manuel Vidigueira,Igor Zablotchi

2024-10-24

Abstract:Byzantine agreement allows n processes to decide on a common value, in spite of arbitrary failures. The seminal Dolev-Reischuk bound states that any deterministic solution to Byzantine agreement exchanges Omega(n^2) bits. In synchronous networks, solutions with optimal O(n^2) bit complexity, optimal fault tolerance, and no cryptography have been established for over three decades. However, these solutions lack robustness under adverse network conditions. Therefore, research has increasingly focused on Byzantine agreement for partially synchronous networks. Numerous solutions have been proposed for the partially synchronous setting. However, these solutions are notoriously hard to prove correct, and the most efficient cryptography-free algorithms still require O(n^3) exchanged bits in the worst case. In this paper, we introduce Oper, the first generic transformation of deterministic Byzantine agreement algorithms from synchrony to partial synchrony. Oper requires no cryptography, is optimally resilient (n >= 3t+1, where t is the maximum number of failures), and preserves the worst-case per-process bit complexity of the transformed synchronous algorithm. Leveraging Oper, we present the first partially synchronous Byzantine agreement algorithm that (1) achieves optimal O(n^2) bit complexity, (2) requires no cryptography, and (3) is optimally resilient (n >= 3t+1), thus showing that the Dolev-Reischuk bound is tight even in partial synchrony. Moreover, we adapt Oper for long values and obtain several new partially synchronous algorithms with improved complexity and weaker (or completely absent) cryptographic assumptions.

Distributed, Parallel, and Cluster Computing

Mohammad T. Hajiaghayi,Dariusz R. Kowalski,Jan Olkowski

2024-05-24

Abstract:We study the problem of reaching agreement in a synchronous distributed system by $n$ autonomous parties, when the communication links from/to faulty parties can omit messages. The faulty parties are selected and controlled by an adaptive, full-information, computationally unbounded adversary. We design a randomized algorithm that works in $O(\sqrt{n}\log^2 n)$ rounds and sends $O(n^2\log^3 n)$ communication bits, where the number of faulty parties is $\Theta(n)$. Our result is simultaneously tight for both these measures within polylogarithmic factors: due to the $\Omega(n^2)$ lower bound on communication by Abraham et al. (PODC'19) and $\Omega(\sqrt{n/\log n})$ lower bound on the number of rounds by Bar-Joseph and Ben-Or (PODC'98). We also quantify how much randomness is necessary and sufficient to reduce time complexity to a certain value, while keeping the communication complexity (nearly) optimal. We prove that no MC algorithm can work in less than $\Omega(\frac{n^2}{\max\{R,n\}\log n})$ rounds if it uses less than $O(R)$ calls to a random source, assuming a constant fraction of faulty parties. This can be contrasted with a long line of work on consensus against an {\em adversary limited to polynomial computation time}, thus unable to break cryptographic primitives, culminating in a work by Ghinea et al. (EUROCRYPT'22), where an optimal $O(r)$-round solution with probability $1-(cr)^{-r}$ is given. Our lower bound strictly separates these two regimes, by excluding such results if the adversary is computationally unbounded. On the upper bound side, we show that for $R\in\tilde{O}(n^{3/2})$ there exists an algorithm solving consensus in $\tilde{O}(\frac{n^2}{R})$ rounds with high probability, where tilde notation hides a polylogarithmic factor. The communication complexity of the algorithm does not depend on the amount of randomness $R$ and stays optimal within polylogarithmic factor.

Distributed, Parallel, and Cluster Computing,Cryptography and Security,Data Structures and Algorithms

Jia Qing-Shan

2012-01-01

Abstract:Event-based optimization (EBO) has provided a general framework for many control, decision-making, and optimization problems, where the actions can be taken only when certain events occur. In many large-scale networked systems, the sensors periodically report the system state to a remote center. The long-distant wireless communication usually suffers from random or deterministic delay. It is thus of great practical interest to understand how to solve EBO with such lagged state information. We consider this important problem in this paper, and make the following major contributions. First, we mathematically formulate finite-stage EBO with lagged state information (EBOLSI). Second, we prove that such an EBOLSI can be converted to a partially observable Markov decision process (POMDP) with lagged state information. Then existing exact and approximate solution methods can be applied. Third, we use numerical experiments on evacuation problems to demonstrate the impact of information delay on the performance of the simulation-based policy improvement method in EBOLSI. We hope this work sheds insight on EBOLSI in more general situations. © 2012 Chinese Assoc of Automati.

Shuo Liu,Nirupam Gupta,Nitin H. Vaidya

2024-05-21

Abstract:This paper considers the problem of Byzantine fault-tolerance in distributed multi-agent optimization. In this problem, each agent has a local cost function, and in the fault-free case, the goal is to design a distributed algorithm that allows all the agents to find a minimum point of all the agents' aggregate cost function. We consider a scenario where some agents might be Byzantine faulty that renders the original goal of computing a minimum point of all the agents' aggregate cost vacuous. A more reasonable objective for an algorithm in this scenario is to allow all the non-faulty agents to compute the minimum point of only the non-faulty agents' aggregate cost. Prior work shows that if there are up to $f$ (out of $n$) Byzantine agents then a minimum point of the non-faulty agents' aggregate cost can be computed exactly if and only if the non-faulty agents' costs satisfy a certain redundancy property called $2f$-redundancy. However, $2f$-redundancy is an ideal property that can be satisfied only in systems free from noise or uncertainties, which can make the goal of exact fault-tolerance unachievable in some applications. Thus, we introduce the notion of $(f,\epsilon)$-resilience, a generalization of exact fault-tolerance wherein the objective is to find an approximate minimum point of the non-faulty aggregate cost, with $\epsilon$ accuracy. This approximate fault-tolerance can be achieved under a weaker condition that is easier to satisfy in practice, compared to $2f$-redundancy. We obtain necessary and sufficient conditions for achieving $(f,\epsilon)$-resilience characterizing the correlation between relaxation in redundancy and approximation in resilience. In case when the agents' cost functions are differentiable, we obtain conditions for $(f,\epsilon)$-resilience of the distributed gradient-descent method when equipped with robust gradient aggregation.

Distributed, Parallel, and Cluster Computing

Meghal Gupta,Rachel Yun Zhang

DOI: https://doi.org/10.48550/arXiv.2110.15395

2021-11-06

Abstract:In interactive coding, Alice and Bob wish to compute some function $f$ of their individual private inputs $x$ and $y$. They do this by engaging in a non-adaptive (fixed order, fixed length) protocol to jointly compute $f(x,y)$. The goal is to do this in an error-resilient way, such that even given some fraction of adversarial corruptions to the protocol, both parties still learn $f(x,y)$. In this work, we study the optimal error resilience of such a protocol in the face of adversarial bit flip or erasures. While the optimal error resilience of such a protocol over a large alphabet is well understood, the situation over the binary alphabet has remained open. In this work, we resolve this problem of determining the optimal error resilience over binary channels. In particular, we construct protocols achieving $\frac16$ error resilience over the binary bit flip channel and $\frac12$ error resilience over the binary erasure channel, for both of which matching upper bounds are known. We remark that the communication complexity of our binary bit flip protocol is polynomial in the size of the inputs, and the communication complexity of our binary erasure protocol is linear in the size of the minimal noiseless protocol computing $f$.

Data Structures and Algorithms

S. J. Russell,D. Subramanian

DOI: https://doi.org/10.48550/arXiv.cs/9505103

1995-05-01

Abstract:Since its inception, artificial intelligence has relied upon a theoretical foundation centered around perfect rationality as the desired property of intelligent systems. We argue, as others have done, that this foundation is inadequate because it imposes fundamentally unsatisfiable requirements. As a result, there has arisen a wide gap between theory and practice in AI, hindering progress in the field. We propose instead a property called bounded optimality. Roughly speaking, an agent is bounded-optimal if its program is a solution to the constrained optimization problem presented by its architecture and the task environment. We show how to construct agents with this property for a simple class of machine architectures in a broad class of real-time environments. We illustrate these results using a simple model of an automated mail sorting facility. We also define a weaker property, asymptotic bounded optimality (ABO), that generalizes the notion of optimality in classical complexity theory. We then construct universal ABO programs, i.e., programs that are ABO no matter what real-time constraints are applied. Universal ABO programs can be used as building blocks for more complex systems. We conclude with a discussion of the prospects for bounded optimality as a theoretical basis for AI, and relate it to similar trends in philosophy, economics, and game theory.

Artificial Intelligence

Liang Zhang,Haibin Kan,Feiyang Qiu,Feng Hao

DOI: https://doi.org/10.1093/comjnl/bxad039

2023-01-01

Abstract:Fair exchange is a challenging problem for two mutually distrusting players. It is widely known that fair exchange is impossible without a trusted third party (TTP). However, relying on a single TTP can cause a single-point failure. An intuitive idea is to adopt multiple TTPs to distribute trust. This paper constructs a two-party optimistic fair exchange (OFE) protocol using decentralized ciphertext-policy attribute-based encryption (CP-ABE), achieving decentralized TTPs. This is achievable because decentralized CP-ABE ciphertext supports a nested access control policy. A nested access control policy fits perfectly in a fair exchange protocol which contains multiple roles (i.e. players and TTPs). Further, we apply non-interactive zero knowledge proofs to prove the well-formedness of ciphertexts, so as to enforce players to follow the protocol specification honestly. Consequently, we construct an OFE protocol in which each player's operations are publicly verifiable without revealing secret information. Also, we obtain decentralized TTPs with optimism (i.e. the TTPs are involved only when arbitration is required), autonomy (i.e. the TTPs do not need to interact with each other), statelessness (i.e. the TTPs do not need to store data for the exchange protocol) and verifiability (i.e. the TTPs are publicly verifiable). Compared with previous work, our protocol assumes only a public communication channel and each party's operations are publicly verifiable. Besides, it achieves a favorable $O(n)$ verification complexity in the normal case, where $n$ is the number of TTPs. Finally, we present a proof-of-concept implementation to demonstrate the feasibility.

Mose Mizrahi Erbes,Roger Wattenhofer

2024-10-01

Abstract:We consider an asynchronous network of $n$ message-sending parties, up to $t$ of which are byzantine. We study approximate agreement, where the parties obtain approximately equal outputs in the convex hull of their inputs. In their seminal work, Abraham, Amit and Dolev [OPODIS '04] achieve this with the optimal resilience $t < \frac{n}{3}$ with a protocol where each party reliably broadcasts its input every iteration. This takes $\Theta(n^2)$ messages per reliable broadcast, or $\Theta(n^3)$ messages per iteration. In this work, we present optimally resilient asynchronous approximate agreement protocols where we forgo reliable broadcast to require communication proportional to $n^2$ instead of $n^3$. We begin with a protocol for $\omega$-dimensional barycentric agreement with $\mathcal{O}(\omega n^2)$ small messages that does not use reliable broadcast. Then, we achieve edge agreement in a tree of diameter $D$ with $\lceil \log_2 D \rceil$ iterations of a multivalued graded consensus variant. This results in a $\mathcal{O}(\log\frac{1}{\varepsilon})$-round protocol for $\varepsilon$-agreement in $[0, 1]$ with $\mathcal{O}(n^2\log\frac{1}{\varepsilon})$ messages and $\mathcal{O}(n^2\log\frac{1}{\varepsilon}\log\log\frac{1}{\varepsilon})$ bits of communication, improving over the state of the art which matches this complexity only when the inputs are all either $0$ or $1$. Finally, we extend our edge agreement protocol for edge agreement in $\mathbb{Z}$ and thus $\varepsilon$-agreement in $\mathbb{R}$ with quadratic communication, in $\mathcal{O}(\log\frac{M}{\varepsilon})$ rounds where $M$ is the maximum honest input magnitude.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Natalie Collina,Surbhi Goel,Varun Gupta,Aaron Roth

2024-11-29

Abstract:We present an efficient reduction that converts any machine learning algorithm into an interactive protocol, enabling collaboration with another party (e.g., a human) to achieve consensus on predictions and improve accuracy. This approach imposes calibration conditions on each party, which are computationally and statistically tractable relaxations of Bayesian rationality. These conditions are sensible even in prior-free settings, representing a significant generalization of Aumann's classic "agreement theorem." In our protocol, the model first provides a prediction. The human then responds by either agreeing or offering feedback. The model updates its state and revises its prediction, while the human may adjust their beliefs. This iterative process continues until the two parties reach agreement. Initially, we study a setting that extends Aumann's Agreement Theorem, where parties aim to agree on a one-dimensional expectation by iteratively sharing their current estimates. Here, we recover the convergence theorem of Aaronson'05 under weaker assumptions. We then address the case where parties hold beliefs over distributions with d outcomes, exploring two feedback mechanisms. The first involves vector-valued estimates of predictions, while the second adopts a decision-theoretic approach: the human, needing to take an action from a finite set based on utility, communicates their utility-maximizing action at each round. In this setup, the number of rounds until agreement remains independent of d. Finally, we generalize to scenarios with more than two parties, where computational complexity scales linearly with the number of participants. Our protocols rely on simple, efficient conditions and produce predictions that surpass the accuracy of any individual party's alone.

Machine Learning,Data Structures and Algorithms,Computer Science and Game Theory