Sublinear message bounds of authenticated implicit Byzantine agreement

IF 0.9 4区计算机科学 Q3 COMPUTER SCIENCE, THEORY & METHODS

Theoretical Computer Science Pub Date : 2024-09-25 DOI:10.1016/j.tcs.2024.114888

{"title":"Sublinear message bounds of authenticated implicit Byzantine agreement","authors":"","doi":"10.1016/j.tcs.2024.114888","DOIUrl":null,"url":null,"abstract":"<div><div>This paper studies the message complexity of authenticated Byzantine agreement (BA) in synchronous, fully-connected distributed networks under an honest majority. We focus on the so-called implicit Byzantine agreement problem where each node starts with an input value and at the end a non-empty subset of the honest nodes should agree on a common input value by satisfying the BA properties (i.e., there can be undecided nodes)3. We show that a sublinear (in n, number of nodes) message complexity BA protocol under honest majority is possible in the standard PKI model when the nodes have access to an unbiased global coin and hash function. In particular, we present a randomized Byzantine agreement algorithm which, with high probability achieves implicit agreement, uses <math><mover><mrow><mi>O</mi></mrow><mrow><mo>˜</mo></mrow></mover><mo>(</mo><msqrt><mrow><mi>n</mi></mrow></msqrt><mo>)</mo></math> messages, and runs in <math><mover><mrow><mi>O</mi></mrow><mrow><mo>˜</mo></mrow></mover><mo>(</mo><mn>1</mn><mo>)</mo></math> rounds while tolerating <math><mo>(</mo><mn>1</mn><mo>/</mo><mn>2</mn><mo>−</mo><mi>ϵ</mi><mo>)</mo><mi>n</mi></math> Byzantine nodes for any fixed <math><mi>ϵ</mi><mo>></mo><mn>0</mn></math>, the notation <math><mover><mrow><mi>O</mi></mrow><mrow><mo>˜</mo></mrow></mover></math> hides a <math><mi>O</mi><mo>(</mo><mi>polylog</mi><mspace></mspace><mi>n</mi><mo>)</mo></math> factor4. The algorithm requires standard cryptographic setup PKI and hash function with a static Byzantine adversary. The algorithm works in the CONGEST model and each node does not need to know the identity of its neighbors, i.e., works in the <math><mi>K</mi><msub><mrow><mi>T</mi></mrow><mrow><mn>0</mn></mrow></msub></math> model. The message complexity (and also the time complexity) of our algorithm is optimal up to a polylog n factor, as we show a <math><mi>Ω</mi><mo>(</mo><msqrt><mrow><mi>n</mi></mrow></msqrt><mo>)</mo></math> lower bound on the message complexity. We further extend the result to Byzantine subset agreement, where a non-empty subset of nodes should agree on a common value. Lastly, we analyze several relevant results that follow from the construction of the main result.</div><div>To the best of our knowledge, this is the first sublinear message complexity result of Byzantine agreement. A quadratic message lower bound is known for any deterministic BA protocol (due to Dolev-Reischuk [JACM 1985]). The existing randomized BA protocols have at least quadratic message complexity in the honest majority setting. Our result shows the power of a global coin in achieving significant improvement over the existing results. It can be viewed as a step towards understanding the message complexity of randomized Byzantine agreement in distributed networks with PKI.</div></div>","PeriodicalId":49438,"journal":{"name":"Theoretical Computer Science","volume":null,"pages":null},"PeriodicalIF":0.9000,"publicationDate":"2024-09-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Theoretical Computer Science","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S030439752400505X","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

This paper studies the message complexity of authenticated Byzantine agreement (BA) in synchronous, fully-connected distributed networks under an honest majority. We focus on the so-called implicit Byzantine agreement problem where each node starts with an input value and at the end a non-empty subset of the honest nodes should agree on a common input value by satisfying the BA properties (i.e., there can be undecided nodes)³. We show that a sublinear (in n, number of nodes) message complexity BA protocol under honest majority is possible in the standard PKI model when the nodes have access to an unbiased global coin and hash function. In particular, we present a randomized Byzantine agreement algorithm which, with high probability achieves implicit agreement, uses

\tilde{O} (\sqrt{n})

messages, and runs in

\tilde{O} (1)

rounds while tolerating

(1 / 2 - ϵ) n

Byzantine nodes for any fixed

ϵ > 0

, the notation

\tilde{O}

hides a

O (polylog n)

factor⁴. The algorithm requires standard cryptographic setup PKI and hash function with a static Byzantine adversary. The algorithm works in the CONGEST model and each node does not need to know the identity of its neighbors, i.e., works in the

K T_{0}

model. The message complexity (and also the time complexity) of our algorithm is optimal up to a polylog n factor, as we show a

Ω (\sqrt{n})

lower bound on the message complexity. We further extend the result to Byzantine subset agreement, where a non-empty subset of nodes should agree on a common value. Lastly, we analyze several relevant results that follow from the construction of the main result.

To the best of our knowledge, this is the first sublinear message complexity result of Byzantine agreement. A quadratic message lower bound is known for any deterministic BA protocol (due to Dolev-Reischuk [JACM 1985]). The existing randomized BA protocols have at least quadratic message complexity in the honest majority setting. Our result shows the power of a global coin in achieving significant improvement over the existing results. It can be viewed as a step towards understanding the message complexity of randomized Byzantine agreement in distributed networks with PKI.

查看原文本刊更多论文

认证隐式拜占庭协议的次线性信息边界

本文研究了在诚实多数下同步全连接分布式网络中验证拜占庭协议（BA）的信息复杂度。我们重点研究了所谓的隐式拜占庭协议问题，即每个节点开始时都有一个输入值，最后诚实节点的一个非空子集应通过满足拜占庭协议特性（即可能存在未决定的节点）就一个共同的输入值达成一致3。我们的研究表明，在标准 PKI 模型中，当节点可以访问无偏的全局硬币和哈希函数时，诚实多数下的亚线性（n，节点数）消息复杂度拜占庭协议是可能的。具体而言，我们提出了一种随机拜占庭协议算法，该算法在任何固定ϵ>0 条件下都能以高概率达成隐式协议，使用 O˜(n)条消息，并以 O˜(1)轮运行，同时还能容忍 (1/2-ϵ)n 个拜占庭节点。该算法需要标准加密设置 PKI 和哈希函数以及静态拜占庭对手。该算法在 CONGEST 模型中运行，每个节点无需知道其邻居的身份，即在 KT0 模型中运行。我们的算法的信息复杂度（以及时间复杂度）在多对数 n 因子以内都是最优的，因为我们展示了信息复杂度的 Ω(n) 下限。我们进一步将这一结果扩展到拜占庭子集协议，即节点的非空子集应就一个共同值达成一致。最后，我们分析了主要结果构建后的几个相关结果。据我们所知，这是拜占庭协议的第一个亚线性信息复杂度结果。任何确定性 BA 协议的二次消息下界都是已知的（归功于 Dolev-Reischuk [JACM 1985]）。在诚实多数设置中，现有的随机 BA 协议至少具有二次信息复杂度。我们的结果显示了全局硬币在显著改善现有结果方面的威力。我们可以把它看作是朝着理解带有 PKI 的分布式网络中随机拜占庭协议的信息复杂度迈出的一步。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Theoretical Computer Science 工程技术-计算机：理论方法

CiteScore

2.60

自引率

18.20%

发文量

471

审稿时长

12.6 months

期刊介绍： Theoretical Computer Science is mathematical and abstract in spirit, but it derives its motivation from practical and everyday computation. Its aim is to understand the nature of computation and, as a consequence of this understanding, provide more efficient methodologies. All papers introducing or studying mathematical, logic and formal concepts and methods are welcome, provided that their motivation is clearly drawn from the field of computing.