Sublinear Message Bounds of Authenticated Implicit Byzantine Agreement

TL;DR

This paper introduces a randomized Byzantine agreement protocol in synchronous networks that achieves sublinear message complexity of approximately ( n) messages, tolerates nearly half the nodes being Byzantine, and operates efficiently in the standard PKI model.

Contribution

It presents the first sublinear message complexity Byzantine agreement protocol with high probability in the PKI model under honest majority.

Findings

Achieves ( n) message complexity with high probability.

Tolerates up to (1/2 - )n Byzantine nodes.

Proves a ( n) lower bound on message complexity.

Abstract

This paper studies the message complexity of authenticated Byzantine agreement (BA) in synchronous, fully-connected distributed networks under an honest majority. We focus on the so-called {\em implicit} Byzantine agreement problem where each node starts with an input value and at the end a non-empty subset of the honest nodes should agree on a common input value by satisfying the BA properties (i.e., there can be undecided nodes). We show that a sublinear (in $n$, number of nodes) message complexity BA protocol under honest majority is possible in the standard PKI model when the nodes have access to an unbiased global coin and hash function. In particular, we present a randomized Byzantine agreement algorithm which, with high probability achieves implicit agreement, uses $\tilde{O}(\sqrt{n})$ messages, and runs in $\tilde{O}(1)$ rounds while tolerating $(1/2 - \epsilon)n$ Byzantine nodes for any fixed $\epsilon > 0$, the notation $\Tilde{O}$ hides a $O(\polylog{n})$ factor. The algorithm requires standard cryptographic setup PKI and hash function with a static Byzantine adversary. The algorithm works in the CONGEST model and each node does not need to know the identity of its neighbors, i.e., works in the $KT_0$ model. The message complexity (and also the time complexity) of our algorithm is optimal up to a $\polylog n$ factor, as we show a $\Omega(\sqrt{n})$ lower bound on the message complexity.