Search citation statements
Paper Sections
Citation Types
Year Published
Publication Types
Relationship
Authors
Journals
Though recent breakthroughs have greatly improved the efficiency of asynchronous Byzantine agreement protocols, they mainly focused on the setting with private setups, e.g., assuming a trusted dealer to establish non-interactive threshold cryptosystems. Challenges remain to reduce the large communication complexities in the absence of private setups, for example: (i) for asynchronous binary agreement (ABA) with optimal resilience, prior private-setup free protocols (Cachin et al., CCS' 2002; Kokoris-Kogias et al., CCS' 2020) have to incur O(λn 4 ) bits and O(n 3 ) messages; (ii) for asynchronous multi-valued agreement with external validity (VBA), Abraham et al. [2] very recently gave the first elegant construction with O(n 3 ) messages, relying on only public key infrastructure (PKI), but the design still costs O(λn 3 log n) bits. Here n is the number of participating parties and λ is the cryptographic security parameter. We for the first time close the remaining efficiency gap between the communication complexity and the message complexity of private-setup free asynchronous Byzantine agreements, i.e., reducing their communication cost to only O(λn 3 ) bits on average. At the core of our design, we give a systematic treatment of reasonably fair common randomness, and proceed as follows:-We construct a reasonably fair common coin (Canetti and Rabin, STOC' 1993) in the asynchronous setting with PKI instead of private setup, using only O(λn 3 ) bit and constant asynchronous rounds. The common coin protocol ensures that with at least 1/3 probability, all honest parties can output a common bit that is as if uniformly sampled, rendering a more efficient private-setup free ABA with expected O(λn 3 ) bit communication and constant running time.-More interestingly, we lift our reasonably fair common coin protocol to attain perfect agreement without incurring any extra factor in the asymptotic complexities, resulting in an efficient reasonably fair leader election primitive pluggable in all existing VBA protocols (including Cachin et al., CRYPTO' 2001; Abraham et al., PODC' 2019; Lu et al., PODC' 2020), thus reducing the communication of private-setup free VBA to expected O(λn 3 ) bits while preserving expected constant running time. This leader election primitive and its construction might be of independent interest. -Along the way, we also improve an important building block, asynchronous verifiable secret sharing (Canetti and Rabin, STOC' 1993) by presenting a private-setup free implementation costing only O(λn 2 ) bits in the PKI setting. By contrast, prior art having the same communication complexity (Backes et al., CT-RSA' 2013) has to rely on a private setup.
Though recent breakthroughs have greatly improved the efficiency of asynchronous Byzantine agreement protocols, they mainly focused on the setting with private setups, e.g., assuming a trusted dealer to establish non-interactive threshold cryptosystems. Challenges remain to reduce the large communication complexities in the absence of private setups, for example: (i) for asynchronous binary agreement (ABA) with optimal resilience, prior private-setup free protocols (Cachin et al., CCS' 2002; Kokoris-Kogias et al., CCS' 2020) have to incur O(λn 4 ) bits and O(n 3 ) messages; (ii) for asynchronous multi-valued agreement with external validity (VBA), Abraham et al. [2] very recently gave the first elegant construction with O(n 3 ) messages, relying on only public key infrastructure (PKI), but the design still costs O(λn 3 log n) bits. Here n is the number of participating parties and λ is the cryptographic security parameter. We for the first time close the remaining efficiency gap between the communication complexity and the message complexity of private-setup free asynchronous Byzantine agreements, i.e., reducing their communication cost to only O(λn 3 ) bits on average. At the core of our design, we give a systematic treatment of reasonably fair common randomness, and proceed as follows:-We construct a reasonably fair common coin (Canetti and Rabin, STOC' 1993) in the asynchronous setting with PKI instead of private setup, using only O(λn 3 ) bit and constant asynchronous rounds. The common coin protocol ensures that with at least 1/3 probability, all honest parties can output a common bit that is as if uniformly sampled, rendering a more efficient private-setup free ABA with expected O(λn 3 ) bit communication and constant running time.-More interestingly, we lift our reasonably fair common coin protocol to attain perfect agreement without incurring any extra factor in the asymptotic complexities, resulting in an efficient reasonably fair leader election primitive pluggable in all existing VBA protocols (including Cachin et al., CRYPTO' 2001; Abraham et al., PODC' 2019; Lu et al., PODC' 2020), thus reducing the communication of private-setup free VBA to expected O(λn 3 ) bits while preserving expected constant running time. This leader election primitive and its construction might be of independent interest. -Along the way, we also improve an important building block, asynchronous verifiable secret sharing (Canetti and Rabin, STOC' 1993) by presenting a private-setup free implementation costing only O(λn 2 ) bits in the PKI setting. By contrast, prior art having the same communication complexity (Backes et al., CT-RSA' 2013) has to rely on a private setup.
Cordial Miners is a family of simple, efficient, self-contained, Byzantine Atomic Broadcast protocols, with optimal instances for asynchrony and eventual synchrony. Its simplicity-cum-efficiency stems from using the blocklace-a partially-ordered generalization of the totally-ordered blockchain-for all key algorithmic tasks, including block dissemination, equivocation exclusion, leader finality, block ordering, and for the identification and exclusion of faulty miners. The algorithm employs piecemeal topological sort of the partially-ordered blocklace into a totally-ordered sequence of blocks, excluding equivocations as well as the Byzantine miners perpetrating them along the way. The conversion process is monotonic in that the output sequence only extends as the input blocklace increases, which implies (i) safety -the outputs of two correct miners are consistent (one is a prefix of the other), and (ii) finality -any output of a correct miner is final.The Cordial Miners protocols are self-contained, using simple all-to-all block communication to realize blocklace-based dissemination and equivocation exclusion. They promptly excommunicate equivocating Byzantine miners, and thus can reduce the supermajority required for finality and eventually enjoy equivocation-free execution. In contrast, state-of-the-art protocols such as DAG-Rider and its successor Bullshark employ reliable broadcast as a black box and thus allow Byzantine miners to participate and equivocate indefinitely.We present two instances of the protocol family: One for the eventual synchrony model, employing deterministic/predicted leader selection and 3 rounds of communication to leader finality in the good case, which is three-quarters of the latency of state-of-the-art protocols. The second for the asynchrony model, employing retroactive random leader selection, 6 rounds to leader finality in the good case, and 9 rounds in the expected case, which is half the latency of state-of-the-art protocols in the good case and three-quarters of their latency in the expected case. In both protocols, message complexity is the same as the state-of-the-art.
A distributed system is grassroots if it can have autonomous, independently-deployed instances-geographically and over time-that can interoperate once interconnected. An example would be a serverless smartphone-based social network supporting multiple independently-budding communities that merge when a member of one community becomes also a member of another. Grassroots applications are potentially important as they may better distribute power and wealth within a society and allow citizens to better defend themselves against surveillance, manipulation, exploitation and control by global digital platforms and authoritarian regimes. Here, we formalize the notion of grassroots distributed systems and grassroots implementations; specify an abstract grassroots dissemination protocol; describe and prove an implementation of grassroots dissemination for the model of asynchrony; and illustrate how grassroots dissemination can implement serverless social networking and sovereign cryptocurrencies. The mathematical construction employs distributed multiagent transition systems to define the notion of grassroots protocols and grassroots implementations, to specify grassroots dissemination protocols, and to prove their correctness. It uses the blocklace-a partially-ordered generalization of the blockchain-for the grassroots implementation.CCS Concepts: • Computer systems organization → Peer-to-peer architectures; • Networks → Network protocol design; Formal specifications; • Software and its engineering → Distributed systems organizing principles.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.