[Paper Review] Optimal Communication Complexity of Authenticated Byzantine Agreement
This paper presents a novel protocol for Validated Asynchronous Byzantine Agreement (VABA) that achieves optimal resilience (f < n/3), asymptotically optimal expected running time of O(1), and optimal expected word communication of O(n²). The protocol uses adaptively secure threshold signatures and a novel view-based structure with provable broadcast abstractions to reduce message complexity from O(n³) to O(n²), resolving a 20-year open problem in distributed systems.
Byzantine Agreement (BA) is one of the most fundamental problems in distributed computing, and its communication complexity is an important efficiency metric. It is well known that quadratic communication is necessary for BA in the worst case due to a lower bound by Dolev and Reischuk. This lower bound has been shown to be tight for the unauthenticated setting with f < n/3 by Berman et al. but a considerable gap remains for the authenticated setting with n/3 ≤ f < n/2. This paper provides two results towards closing this gap. Both protocols have a quadratic communication complexity and have different trade-offs in resilience and assumptions. The first protocol achieves the optimal resilience of f < n/2 but requires a trusted setup for threshold signature. The second protocol achieves near optimal resilience f ≤ (1/2 - ε)n in the standard PKI model.
Motivation & Objective
- To close the gap between theoretical lower bounds and practical protocols for Validated Asynchronous Byzantine Agreement (VABA) in terms of communication complexity.
- To achieve optimal resilience (f < n/3) and asymptotically optimal expected running time (O(1)) while minimizing expected word communication.
- To resolve the open problem posed by Cachin et al. (2001) of reducing expected word communication from O(n³) to O(n²) in VABA protocols.
- To design a protocol secure against an adaptive adversary using adaptively secure threshold signatures and a common coin protocol.
- To provide a communication-efficient building block for atomic broadcast and state machine replication in asynchronous distributed systems.
Proposed method
- Employs a view-based protocol structure where each view uses a leader to initiate a 4-Stage-f+1-Provable-Broadcast to disseminate values.
- Uses adaptively secure threshold signatures to ensure message authenticity and integrity under adaptive corruption.
- Introduces a 'skip' mechanism where honest parties can skip views if they receive sufficient valid 'skip' messages from others.
- Leverages a common coin protocol to achieve randomness in leader election, ensuring unpredictability and fairness.
- Employs a termination condition based on receiving 2f+1 'view-change' messages with valid threshold signatures, ensuring progress.
- Uses provable broadcast abstractions to ensure that if a value is delivered by f+1 honest parties, it is considered valid and can be used for decision.
Experimental results
Research questions
- RQ1Can a VABA protocol achieve optimal resilience and asymptotically optimal time with O(n²) expected word communication?
- RQ2Is it possible to reduce the expected word communication of VABA from O(n³) to O(n²) while maintaining security against an adaptive adversary?
- RQ3Can a provable broadcast abstraction be used to efficiently coordinate decisions in an asynchronous, adaptive setting?
- RQ4Does the use of threshold signatures and a common coin enable both security and communication efficiency in VABA?
- RQ5Can the protocol ensure that all honest parties decide with high probability in a constant number of expected views?
Key findings
- The protocol achieves optimal resilience with f < n/3 Byzantine faults and asymptotically optimal expected running time of O(1).
- The expected total word communication is O(n²), which is asymptotically optimal and represents a strict improvement over the prior O(n³) bound.
- The protocol ensures that all honest parties decide with probability at least 2/3 in a single completed view, under the assumption of externally valid inputs.
- The protocol uses only O(n²) expected messages per view, and since decisions occur in expected constant views, the total communication remains O(n²).
- The protocol is secure against an adaptive adversary using adaptively secure threshold signatures and a common coin protocol.
- A lower bound of Ω(n²) expected messages is established for any VABA protocol under an adaptive adversary, proving that the O(n²) communication is asymptotically optimal.
Better researchstarts right now
From paper design to paper writing, dramatically reduce your research time.
No credit card · Free plan available
This review was created by AI and reviewed by human editors.