Leveraging Democracy to Optimize Distributed Random Beacons

Random beacons, protocols that produce a reliable source of randomness, are crucial in a variety of applications. However, solving the random beacon problem has recently been shown to be at least as hard as solving consensus. In this work, we propose Kleroterion, a random beacon protocol that builds on top of recent works in order to ensure a trustless setup that is not costly, and that tolerates up to less than a third of Byzantine processes under partial synchrony. Kleroterion executes n instances of Pinakion, our novel Publicly-Verifiable Secret Sharing (PVSS) protocol, in order to share one input per process. Then, Kleroterion runs a consensus protocol that selects and aggregates a third of these shared inputs. Compared to previous works that are also quadratic in the communication complexity, Kleroterion allows for inputs to be shared without having to be routed through a specific node, a so-called leader. We refer thus to Kleroterion as a democratic protocol. We show that democratizing protocols improves both communication and computation performance, in that shared bits and computation are scattered across all channels and processes, thus removing the bottleneck at the leader. This is shown in that Kleroterion has linear computation complexity and a number of bits sent per channel of the network independent of the number of processes, except for the reconstruction phase and for one message per leader during agreement. Contrary to leader-less protocols, Kleroterion has a leader of the embedded consensus protocol that proposes a bitmask referencing one bit per shared input. This bitmask can thus reference more information shared by processes, enabling batching with other information. An example of this is a blockchain application in which the output of the random beacon can be used for a secure committee sortition protocol, and the bitmask references both a set of proposed blocks of transactions and of shared inputs.