Shang-En Huang,Seth Pettie,Leqi Zhu

DOI: https://doi.org/10.1145/3639454

IF: 2.269

2024-01-02

Journal of the ACM

Abstract:Since the mid-1980s it has been known that Byzantine Agreement can be solved with probability 1 asynchronously, even against an omniscient, computationally unbounded adversary that can adaptively corrupt up to f < n /3 parties. Moreover, the problem is insoluble with f ≥ n /3 corruptions. However, Bracha’s [13] 1984 protocol (see also Ben-Or [8]) achieved f < n /3 resilience at the cost of exponential expected latency 2 Θ ( n ) , a bound that has never been improved in this model with f = ⌊( n − 1)/3⌋ corruptions. In this paper, we prove that Byzantine Agreement in the asynchronous, full information model can be solved with probability 1 against an adaptive adversary that can corrupt f < n /3 parties, while incurring only polynomial latency with high probability . Our protocol follows an earlier polynomial latency protocol of King and Saia [33,34], which had suboptimal resilience, namely f ≈ n /10 9 [33,34]. Resilience f = ( n − 1)/3 is uniquely difficult, as this is the point at which the influence of the Byzantine and honest players are of roughly equal strength. The core technical problem we solve is to design a collective coin-flipping protocol that eventually lets us flip a coin with an unambiguous outcome. In the beginning, the influence of the Byzantine players is too powerful to overcome, and they can essentially fix the coin’s behavior at will. We guarantee that after just a polynomial number of executions of the coin-flipping protocol, either (a) the Byzantine players fail to fix the behavior of the coin (thereby ending the game) or (b) we can “blacklist” players such that the blacklisting rate for Byzantine players is at least as large as the blacklisting rate for good players. The blacklisting criterion is based on a simple statistical test of fraud detection .

computer science, information systems, theory & methods, software engineering, hardware & architecture

Cheng Wang

DOI: https://doi.org/10.48550/arXiv.1507.06165

2015-07-22

Distributed, Parallel, and Cluster Computing

Abstract:Given a system with $n > 3t + 1$ processes, where $t$ is the tolerated number of faulty ones, we present a fast asynchronous Byzantine agreement protocol that can reach agreement in $O(t)$ expected running time. This improves the $O(n^2)$ expected running time of Abraham, Dolev, and Halpern [PODC 2008]. Furthermore, if $n = (3 + \varepsilon) t$ for any $\varepsilon > 0$, our protocol can reach agreement in $O (1 / \varepsilon)$ expected running time. This improves the result of Feldman and Micali [STOC 1988] (with constant expected running time when $n > 4 t$).

Longcheng Li,Xiaoming Sun,Jiadong Zhu

2024-09-03

Abstract:We exhibit that, when given a classical Byzantine agreement protocol designed in the private-channel model, it is feasible to construct a quantum agreement protocol that can effectively handle a full-information adversary. Notably, both protocols have equivalent levels of resilience, round complexity, and communication complexity. In the classical private-channel scenario, participating players are limited to exchanging classical bits, with the adversary lacking knowledge of the exchanged messages. In contrast, in the quantum full-information setting, participating players can exchange qubits, while the adversary possesses comprehensive and accurate visibility into the system's state and messages. By showcasing the reduction from quantum to classical frameworks, this paper demonstrates the strength and flexibility of quantum protocols in addressing security challenges posed by adversaries with increased visibility. It underscores the potential of leveraging quantum principles to improve security measures without compromising on efficiency or resilience. By applying our reduction, we demonstrate quantum advantages in the round complexity of asynchronous Byzantine agreement protocols in the full-information model. It is well known that in the full-information model, any classical protocol requires $\Omega(n)$ rounds to solve Byzantine agreement with probability one even against Fail-stop adversary when resilience $t=\Theta(n)$. We show that quantum protocols can achieve $O(1)$ rounds (i) with resilience $t<n/2$ against a Fail-stop adversary, and (ii) with resilience $t<n/(3+\epsilon)$ against a Byzantine adversary for any constant $\epsilon>0$, therefore surpassing the classical lower bound.

Quantum Physics,Distributed, Parallel, and Cluster Computing

Yingzi Gao,Yuan Lu,Zhenliang Lu,Qiang Tang,Jing Xu,Zhenfeng Zhang

DOI: https://doi.org/10.48550/arXiv.2106.07831

2022-04-27

Abstract:Efficient asynchronous Byzantine agreement (BA) protocols were mostly studied with private setups, e.g., pre-setup threshold cryptosystem. Challenges remain to reduce the large communication in the absence of such setups. Recently, Abraham et al. (PODC'21) presented the first asynchronous validated BA (VBA) with expected $O(n^3)$ messages and $O(1)$ rounds, relying on only public key infrastructure (PKI) setup, but the design still costs $O({\lambda}n^3 \log n)$ bits. Here $n$ is the number of parties, and $\lambda$ is a cryptographic security parameter. In this paper, we reduce the communication of private-setup free asynchronous BA to expected $O(\lambda n^3)$ bits. At the core of our design, we give a systematic treatment of common randomness protocols in the asynchronous network, and proceed as: - We give an efficient reasonably fair common coin protocol in the asynchronous setting with only PKI setup. It costs only $O(\lambda n^3)$ bits and $O(1)$ rounds, and ensures that with at least 1/3 probability, all honest parties can output a common bit that is as if randomly flipped. This directly renders more efficient private-setup free asynchronous binary agreement (ABA) with expected $O(\lambda n^3)$ bits and $O(1)$ rounds. - Then, we lift our common coin to attain perfect agreement by using a single ABA. This gives us a reasonably fair random leader election protocol with expected $O(\lambda n^3)$ communication and expected constant rounds. It is pluggable in all existing VBA protocols (e.g., Cachin et al., CRYPTO'01; Abraham et al., PODC'19; Lu et al., PODC'20) to remove the needed private setup or distributed key generation (DKG). As such, the communication of private-setup free VBA is reduced to expected $O(\lambda n^3)$ bits while preserving fast termination in expected $O(1)$ rounds.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Nasit S Sony,Xianzhong Ding,Mukesh Singhal

2024-06-06

Abstract:The multi-valued byzantine agreement protocol (MVBA) in the authenticated setting has been widely used as a core to design atomic broadcast and fault-tolerant state machine replication protocols in asynchronous networks. Originating from the seminal work of Cachin et al. \cite{CACHIN01}, subsequent research endeavors have sought to optimize protocol efficiency in terms of communication complexity. Notable advancements following Cachin's contributions include: i) VABA \cite{BYZ17}, requiring multiple protocol instances to achieve agreement on a party's request, and ii) Dumbo-MVBA \cite{LU20}, employing a cryptographic asynchronous dispersal and recovery methods to manage communication complexity alongside additional computational and communication rounds overheads. Our objective is to devise an MVBA protocol that achieves agreement in each instance without extra computation and communication rounds while maintaining the optimal metrics. Central to our design approach is the introduction of the committee in the classic MVBA protocol, wherein a randomly selected subset of ($f+1$, where $n=3f+1$) parties get selected and simultaneously broadcast their requests (transactions) to gather verifiable proofs. Successive distributions of these proofs afford us the necessary properties to employ the asynchronous binary Byzantine agreement (ABBA) protocol for reaching an agreement on a selected party's requests. By integrating the committee and ABBA protocols, we devise the optimal MVBA protocol, termed pMVBA (Prioritized-MVBA). This protocol exhibits resilience to tolerate up to $\lfloor \frac{n}{3}\rfloor$ Byzantine failures, with an expected runtime of $O(1)$, optimal message complexity of $O(n^2)$, and optimal communication complexity $O((l+\lambda)n^2)$ .

Distributed, Parallel, and Cluster Computing

Vicent Cholvi

DOI: https://doi.org/10.48550/arXiv.2112.09437

2021-12-17

Abstract:Reaching agreement in the presence of arbitrary faults is a fundamental problem in distributed computation, which has been shown to be unsolvable if one-third of the processes can fail, unless signed messages are used. In this paper, we propose a solution to a variation of the original BA problem, called Detectable Byzantine Agreement (DBA), that does not need to use signed messages. The proposed algorithm uses what we call $Q$-correlated lists, which are generated by a quantum source device. Once each process has one of these lists, they use them to reach the agreement in a classical manner. Although, in general, the agreement is reached by using $m+1$ rounds (where $m$ is the number of processes that can fail), if less than one-third of the processes fail it only needs one round to reach the agreement.

Distributed, Parallel, and Cluster Computing

Andrei Constantinescu,Marc Dufay,Diana Ghinea,Roger Wattenhofer

2024-10-26

Abstract:In Byzantine Agreement (BA), there is a set of $n$ parties, from which up to $t$ can act byzantine. All honest parties must eventually decide on a common value (agreement), which must belong to a set determined by the inputs (validity). Depending on the use case, this set can grow or shrink, leading to various possible desiderata collectively known as validity conditions. Varying the validity property requirement can affect the regime under which BA is solvable. We study how the selected validity property impacts BA solvability in the network-agnostic model, where the network can either be synchronous with up to $t_s$ byzantine parties or asynchronous with up to $t_a \leq t_s$ byzantine parties. We show that for any non-trivial validity property the condition $2t_s + t_a < n$ is necessary for BA to be solvable, even with cryptographic setup. Noteworthy, specializing this claim to $t_a = 0$ gives that $t < n / 2$ is required when one expects a purely synchronous protocol to also work in asynchrony when there are no corruptions. This is especially surprising given that for some validity properties $t < n$ are known to be achievable without the last stipulation. Thereafter, we give necessary and sufficient conditions for a validity property to render BA solvable, both for the case with cryptographic setup and for the one without. This traces the precise boundary of solvability in the network-agnostic model for every validity property. Our proof of sufficiency provides a universal protocol, that achieves BA for a given validity property whenever the provided conditions are satisfied.

Distributed, Parallel, and Cluster Computing

Elette Boyle,Ran Cohen,Aarushi Goel

2023-10-20

Abstract:Byzantine agreement (BA), the task of $n$ parties to agree on one of their input bits in the face of malicious agents, is a powerful primitive that lies at the core of a vast range of distributed protocols. Interestingly, in protocols with the best overall communication, the demands of the parties are highly unbalanced: the amortized cost is $\tilde O(1)$ bits per party, but some parties must send $\Omega(n)$ bits. In best known balanced protocols, the overall communication is sub-optimal, with each party communicating $\tilde O(\sqrt{n})$. In this work, we ask whether asymmetry is inherent for optimizing total communication. Our contributions in this line are as follows: 1) We define a cryptographic primitive, succinctly reconstructed distributed signatures (SRDS), that suffices for constructing $\tilde O(1)$ balanced BA. We provide two constructions of SRDS from different cryptographic and Public-Key Infrastructure (PKI) assumptions. 2) The SRDS-based BA follows a paradigm of boosting from "almost-everywhere" agreement to full agreement, and does so in a single round. We prove that PKI setup and cryptographic assumptions are necessary for such protocols in which every party sends $o(n)$ messages. 3) We further explore connections between a natural approach toward attaining SRDS and average-case succinct non-interactive argument systems (SNARGs) for a particular type of NP-Complete problems (generalizing Subset-Sum and Subset-Product). Our results provide new approaches forward, as well as limitations and barriers, towards minimizing per-party communication of BA. In particular, we construct the first two BA protocols with $\tilde O(1)$ balanced communication, offering a tradeoff between setup and cryptographic assumptions, and answering an open question presented by King and Saia (DISC'09).

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Pierre Civit,Seth Gilbert,Rachid Guerraoui,Jovan Komatovic,Manuel Vidigueira

2023-08-07

Abstract:The strong Byzantine agreement (SBA) problem is defined among n processes, out of which t < n can be faulty and behave arbitrarily. SBA allows correct (non-faulty) processes to agree on a common value. Moreover, if all correct processes have proposed the same value, only that value can be agreed upon. It has been known for a long time that any solution to the SBA problem incurs quadratic worst-case word complexity; additionally, the bound was known to be tight. However, no existing protocol achieves adaptive word complexity, where the number of exchanged words depends on the actual number of faults, and not on the upper bound. Therefore, it is still unknown whether SBA with adaptive word complexity exists. This paper answers the question in the affirmative. Namely, we introduce STRONG, a synchronous protocol that solves SBA among n = (2 + Omega(1))t + 1 processes and achieves adaptive word complexity. We show that the fundamental challenge of adaptive SBA lies in efficiently solving certification, the problem of obtaining a constant-sized, locally-verifiable proof that a value can safely be decided.

Distributed, Parallel, and Cluster Computing

Daniel Collins,Yuval Efron,Jovan Komatovic

2024-10-16

Abstract:It is well known that a trusted setup allows one to solve the Byzantine agreement problem in the presence of $t<n/2$ corruptions, bypassing the setup-free $t<n/3$ barrier. Alas, the overwhelming majority of protocols in the literature have the caveat that their security crucially hinges on the security of the cryptography and setup, to the point where if the cryptography is broken, even a single corrupted party can violate the security of the protocol. Thus these protocols provide higher corruption resilience ($n/2$ instead of $n/3$) for the price of increased assumptions. Is this trade-off necessary? We further the study of crypto-agnostic Byzantine agreement among $n$ parties that answers this question in the negative. Specifically, let $t_s$ and $t_i$ denote two parameters such that (1) $2t_i + t_s < n$, and (2) $t_i \leq t_s < n/2$. Crypto-agnostic Byzantine agreement ensures agreement among honest parties if (1) the adversary is computationally bounded and corrupts up to $t_s$ parties, or (2) the adversary is computationally unbounded and corrupts up to $t_i$ parties, and is moreover given all secrets of all parties established during the setup. We propose a compiler that transforms any pair of resilience-optimal Byzantine agreement protocols in the authenticated and information-theoretic setting into one that is crypto-agnostic. Our compiler has several attractive qualities, including using only $O(\lambda n^2)$ bits over the two underlying Byzantine agreement protocols, and preserving round and communication complexity in the authenticated setting. In particular, our results improve the state-of-the-art in bit complexity by at least two factors of $n$ and provide either early stopping (deterministic) or expected constant round complexity (randomized). We therefore provide fallback security for authenticated Byzantine agreement for free for $t_i \leq n/4$.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Mose Mizrahi Erbes,Roger Wattenhofer

2024-10-01

Abstract:We consider an asynchronous network of $n$ message-sending parties, up to $t$ of which are byzantine. We study approximate agreement, where the parties obtain approximately equal outputs in the convex hull of their inputs. In their seminal work, Abraham, Amit and Dolev [OPODIS '04] achieve this with the optimal resilience $t < \frac{n}{3}$ with a protocol where each party reliably broadcasts its input every iteration. This takes $\Theta(n^2)$ messages per reliable broadcast, or $\Theta(n^3)$ messages per iteration. In this work, we present optimally resilient asynchronous approximate agreement protocols where we forgo reliable broadcast to require communication proportional to $n^2$ instead of $n^3$. We begin with a protocol for $\omega$-dimensional barycentric agreement with $\mathcal{O}(\omega n^2)$ small messages that does not use reliable broadcast. Then, we achieve edge agreement in a tree of diameter $D$ with $\lceil \log_2 D \rceil$ iterations of a multivalued graded consensus variant. This results in a $\mathcal{O}(\log\frac{1}{\varepsilon})$-round protocol for $\varepsilon$-agreement in $[0, 1]$ with $\mathcal{O}(n^2\log\frac{1}{\varepsilon})$ messages and $\mathcal{O}(n^2\log\frac{1}{\varepsilon}\log\log\frac{1}{\varepsilon})$ bits of communication, improving over the state of the art which matches this complexity only when the inputs are all either $0$ or $1$. Finally, we extend our edge agreement protocol for edge agreement in $\mathbb{Z}$ and thus $\varepsilon$-agreement in $\mathbb{R}$ with quadratic communication, in $\mathcal{O}(\log\frac{M}{\varepsilon})$ rounds where $M$ is the maximum honest input magnitude.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Ittai Abraham,Srinivas Devadas,Danny Dolev,Kartik Nayak,Ling Ren

DOI: https://doi.org/10.48550/arXiv.1704.02397

2017-09-13

Abstract:We present new protocols for Byzantine state machine replication and Byzantine agreement in the synchronous and authenticated setting. The celebrated PBFT state machine replication protocol tolerates $f$ Byzantine faults in an asynchronous setting using $3f+1$ replicas, and has since been studied or deployed by numerous works. In this work, we improve the Byzantine fault tolerance threshold to $n=2f+1$ by utilizing a relaxed synchrony assumption. We present a synchronous state machine replication protocol that commits a decision every 3 rounds in the common case. The key challenge is to ensure quorum intersection at one honest replica. Our solution is to rely on the synchrony assumption to form a post-commit quorum of size $2f+1$, which intersects at $f+1$ replicas with any pre-commit quorums of size $f+1$. Our protocol also solves synchronous authenticated Byzantine agreement in expected 8 rounds. The best previous solution (Katz and Koo, 2006) requires expected 24 rounds. Our protocols may be applied to build Byzantine fault tolerant systems or improve cryptographic protocols such as cryptocurrencies when synchrony can be assumed.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

Kaya Alpturer,Joseph Y. Halpern,Ron van der Meyden

DOI: https://doi.org/10.48550/arXiv.2305.06271

2023-05-10

Distributed, Parallel, and Cluster Computing

Abstract:Work on \emph{optimal} protocols for \emph{Eventual Byzantine Agreement} (EBA) -- protocols that, in a precise sense, decide as soon as possible in every run and guarantee that all nonfaulty agents decide on the same value -- has focused on emph{full-information protocols} (FIPs), where agents repeatedly send messages that completely describe their past observations to every other agent. While it can be shown that, without loss of generality, we can take an optimal protocol to be an FIP, full information exchange is impractical to implement for many applications due to the required message size. We separate protocols into two parts, the \emph{information-exchange protocol} and the \emph{action protocol}, so as to be able to examine the effects of more limited information exchange. We then define a notion of optimality with respect to an information-exchange protocol. Roughly speaking, an action protocol $P$ is optimal with respect to an information-exchange protocol $\mathcal{E}$ if, with $P$, agents decide as soon as possible among action protocols that exchange information according to $\mathcal{E}$. We present a knowledge-based EBA program for omission failures all of whose implementations are guaranteed to be correct and are optimal if the information exchange satisfies a certain safety condition. We then construct concrete programs that implement this knowledge-based program in two settings of interest that are shown to satisfy the safety condition. Finally, we show that a small modification of our program results in an FIP that is both optimal and efficiently implementable, settling an open problem posed by Halpern, Moses, and Waarts (SIAM J. Comput., 2001).

Nasit S Sony

2024-12-05

Abstract:Byzantine agreement protocols in asynchronous networks have gained renewed attention due to their independence from network timing assumptions to ensure termination. Traditional asynchronous Byzantine agreement protocols require every party to broadcast its requests (e.g., transactions), leading to high communication costs as parties ultimately agree on one party's request. This inefficiency is particularly significant in multi-valued Byzantine agreement protocols, where parties aim to agree on one party's requests under the assumption $n=3f+1$, where $n$ is the total number of parties, and $f$ is the number of Byzantine parties. To address these inefficiencies, we propose Efficient-VABA (eVABA), an optimized protocol for the asynchronous Byzantine agreement (ABA) problem. By limiting broadcasts to a selected subset of parties, the protocol reduces the number of messages and computation overhead.

Distributed, Parallel, and Cluster Computing

Nasit S Sony,Xianzhong Ding,Mukesh Singhal

2024-10-06

Abstract:The Byzantine Agreement (BA) problem is a fundamental challenge in distributed systems, focusing on achieving reaching an agreement among parties, some of which may behave maliciously. With the rise of cryptocurrencies, there has been significant interest in developing atomic broadcast protocols, which facilitate agreement on a subset of parties' requests. However, these protocols often come with high communication complexity ($O(ln^2 + \lambda n^3 \log n)$, where $l$ is the bit length of the input, $n$ is the number of parties, and $\lambda$ represents the security parameter bit length). This can lead to inefficiency, especially when the requests across parties exhibit little variation, resulting in unnecessary resource consumption. In this paper, we introduce Slim-ABC, a novel atomic broadcast protocol that eliminates the $O(ln^2 + \lambda n^3 \log n)$ term associated with traditional atomic broadcast protocols. While Slim-ABC reduces the number of accepted requests, it significantly mitigates resource wastage, making it more efficient. The protocol leverages the asynchronous common subset and provable-broadcast mechanisms to achieve a communication complexity of $O(ln^2 + \lambda n^2)$. Despite the trade-off in accepted requests, Slim-ABC maintains robust security by allowing only a fraction ($f+1$) of parties to broadcast requests. We present an extensive efficiency analysis of Slim-ABC, evaluating its performance across key metrics such as message complexity, communication complexity, and time complexity. Additionally, we provide a rigorous security analysis, demonstrating that Slim-ABC satisfies the \textit{agreement}, \textit{validity}, and \textit{totality} properties of the asynchronous common subset protocol.

Distributed, Parallel, and Cluster Computing

Matthew Prest,Kuan-Cheng Chen

2023-11-06

Abstract:In the burgeoning domain of distributed quantum computing, achieving consensus amidst adversarial settings remains a pivotal challenge. We introduce an enhancement to the Quantum Byzantine Agreement (QBA) protocol, uniquely incorporating advanced error mitigation techniques: Twirled Readout Error Extinction (T-REx) and dynamical decoupling (DD). Central to this refined approach is the utilization of a Noisy Intermediate Scale Quantum (NISQ) source device for heightened performance. Extensive tests on both simulated and real-world quantum devices, notably IBM's quantum computer, provide compelling evidence of the effectiveness of our T-REx and DD adaptations in mitigating prevalent quantum channel errors. Subsequent to the entanglement distribution, our protocol adopts a verification method reminiscent of Quantum Key Distribution (QKD) schemes. The Commander then issues orders encoded in specific quantum states, like Retreat or Attack. In situations where received orders diverge, lieutenants engage in structured games to reconcile discrepancies. Notably, the frequency of these games is contingent upon the Commander's strategies and the overall network size. Our empirical findings underscore the enhanced resilience and effectiveness of the protocol in diverse scenarios. Nonetheless, scalability emerges as a concern with the growth of the network size. To sum up, our research illuminates the considerable potential of fortified quantum consensus systems in the NISQ era, highlighting the imperative for sustained research in bolstering quantum ecosystems.

Quantum Physics,Hardware Architecture,Distributed, Parallel, and Cluster Computing

Mohammad T. Hajiaghayi,Dariusz R. Kowalski,Jan Olkowski

2024-05-24

Abstract:We study the problem of reaching agreement in a synchronous distributed system by $n$ autonomous parties, when the communication links from/to faulty parties can omit messages. The faulty parties are selected and controlled by an adaptive, full-information, computationally unbounded adversary. We design a randomized algorithm that works in $O(\sqrt{n}\log^2 n)$ rounds and sends $O(n^2\log^3 n)$ communication bits, where the number of faulty parties is $\Theta(n)$. Our result is simultaneously tight for both these measures within polylogarithmic factors: due to the $\Omega(n^2)$ lower bound on communication by Abraham et al. (PODC'19) and $\Omega(\sqrt{n/\log n})$ lower bound on the number of rounds by Bar-Joseph and Ben-Or (PODC'98). We also quantify how much randomness is necessary and sufficient to reduce time complexity to a certain value, while keeping the communication complexity (nearly) optimal. We prove that no MC algorithm can work in less than $\Omega(\frac{n^2}{\max\{R,n\}\log n})$ rounds if it uses less than $O(R)$ calls to a random source, assuming a constant fraction of faulty parties. This can be contrasted with a long line of work on consensus against an {\em adversary limited to polynomial computation time}, thus unable to break cryptographic primitives, culminating in a work by Ghinea et al. (EUROCRYPT'22), where an optimal $O(r)$-round solution with probability $1-(cr)^{-r}$ is given. Our lower bound strictly separates these two regimes, by excluding such results if the adversary is computationally unbounded. On the upper bound side, we show that for $R\in\tilde{O}(n^{3/2})$ there exists an algorithm solving consensus in $\tilde{O}(\frac{n^2}{R})$ rounds with high probability, where tilde notation hides a polylogarithmic factor. The communication complexity of the algorithm does not depend on the amount of randomness $R$ and stays optimal within polylogarithmic factor.

Distributed, Parallel, and Cluster Computing,Cryptography and Security,Data Structures and Algorithms

Chen-Xun Weng,Rui-Qi Gao,Yu Bao,Bing-Hong Li,Wen-Bo Liu,Yuan-Mei Xie,Yu-Shuo Lu,Hua-Lei Yin,Zeng-Bing Chen

DOI: https://doi.org/10.34133/research.0272

2023-11-22

Abstract:Byzantine agreement, the underlying core of blockchain, aims to make every node in a decentralized network reach consensus. Classical Byzantine agreements unavoidably face two major problems. One is $1/3$ fault-tolerance bound, which means that the system to tolerate $f$ malicious players requires at least $3f+1$ players. The other is the security loopholes from its classical cryptography methods. Here, we propose a Byzantine agreement framework with unconditional security to break this bound with nearly $1/2$ fault tolerance due to multiparty correlation provided by quantum digital signatures. \textcolor{black}{It is intriguing that quantum entanglement is not necessary to break the $1/3$ fault-tolerance bound, and we show that weaker correlation, such as asymmetric relationship of quantum digital signature, can also work.} Our work strictly obeys two Byzantine conditions and can be extended to any number of players without requirements for multiparticle entanglement. We experimentally demonstrate three-party and five-party consensus for a digital ledger. Our work indicates the quantum advantage in terms of consensus problems and suggests an important avenue for quantum blockchain and quantum consensus networks.

Quantum Physics,Cryptography and Security

Pierre Civit,Muhammad Ayaz Dzulfikar,Seth Gilbert,Rachid Guerraoui,Jovan Komatovic,Manuel Vidigueira,Igor Zablotchi

2024-10-24

Abstract:Byzantine agreement allows n processes to decide on a common value, in spite of arbitrary failures. The seminal Dolev-Reischuk bound states that any deterministic solution to Byzantine agreement exchanges Omega(n^2) bits. In synchronous networks, solutions with optimal O(n^2) bit complexity, optimal fault tolerance, and no cryptography have been established for over three decades. However, these solutions lack robustness under adverse network conditions. Therefore, research has increasingly focused on Byzantine agreement for partially synchronous networks. Numerous solutions have been proposed for the partially synchronous setting. However, these solutions are notoriously hard to prove correct, and the most efficient cryptography-free algorithms still require O(n^3) exchanged bits in the worst case. In this paper, we introduce Oper, the first generic transformation of deterministic Byzantine agreement algorithms from synchrony to partial synchrony. Oper requires no cryptography, is optimally resilient (n >= 3t+1, where t is the maximum number of failures), and preserves the worst-case per-process bit complexity of the transformed synchronous algorithm. Leveraging Oper, we present the first partially synchronous Byzantine agreement algorithm that (1) achieves optimal O(n^2) bit complexity, (2) requires no cryptography, and (3) is optimally resilient (n >= 3t+1), thus showing that the Dolev-Reischuk bound is tight even in partial synchrony. Moreover, we adapt Oper for long values and obtain several new partially synchronous algorithms with improved complexity and weaker (or completely absent) cryptographic assumptions.

Distributed, Parallel, and Cluster Computing