Reaching Consensus for Asynchronous Distributed Key Generation

Abraham, Ittai; Jovanovic, Philipp; Maller, Mary; Meiklejohn, Sarah; Stern, Gilad; Tomescu, Alin

doi:10.1145/3465084.3467914

Cited by 34 publications

(22 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Cryptography We assume a public-key infrastructure (PKI) in which each party has a public key and a private key, and any party's public key is known to all [44]. As with other protocols that use this standard assumption [44,1], we do not require the use of revocation lists (we will remove processes from the committee, but not from their keys from the PKI). We refer to λ as the security parameter, i.e., the number of bits of the keys.…”

Section: Model and Problemmentioning

confidence: 99%

Basilic: Resilient Optimal Consensus Protocols With Benign and Deceitful Faults

Ranchal-Pedrosa¹,

Gramoli²

2022

Preprint

View full text Add to dashboard Cite

The problem of Byzantine consensus has been key to designing secure distributed systems. However, it is particularly difficult, mainly due to the presence of Byzantine processes that act arbitrarily and the unknown message delays in general networks. Although it is well known that both safety and liveness are at risk as soon as n/3 Byzantine processes fail, very few works attempted to characterize precisely the faults that produce safety violations from the faults that produce termination violations.In this paper, we present a new lower bound on the solvability of the consensus problem by distinguishing deceitful faults violating safety and benign faults violating termination from the more general Byzantine faults, in what we call the Byzantine-deceitful-benign fault model. We show that one cannot solve consensus if n ≤ 3t + d + 2q with t Byzantine processes, d deceitful processes, and q benign processes.In addition, we show that this bound is tight by presenting the Basilic class of consensus protocols that solve consensus when n > 3t + d + 2q. These protocols differ in the number of processes from which they wait to receive messages before progressing. Each of these protocols is thus better suited for some applications depending on the predominance of benign or deceitful faults.Finally, we study the fault tolerance of the Basilic class of consensus protocols in the context of blockchains that need to solve the weaker problem of eventual consensus. We demonstrate that Basilic solves this problem with only n > 2t + d + q, hence demonstrating how it can strengthen blockchain security.

show abstract

Section: Model and Problemmentioning

confidence: 99%

Basilic: Resilient Optimal Consensus Protocols With Benign and Deceitful Faults

Ranchal-Pedrosa¹,

Gramoli²

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…None of them are completely new, but some of them are modified according to our needs. In particular, we introduce the Random Secret Draw abstraction inspired by the ideas from [10] and [2] (Section 3.3 and appendix D). We also provide a bundled version of the Approximate Agreement [15,1] abstraction (Section 3.5).…”

Section: Building Blocksmentioning

confidence: 99%

“…We, therefore, give two possible implementations. The first one is secure against an adaptive adversary and does not rely on PKI, while the second one uses the implementation from [2] that relies of Aggregatable Publicly Verifiable Secret Sharing (described in Appendix D.2.1) instead of AVSS. While saving a linear factor in communication complexity, this solution lacks security against adaptive adversary and requires PKI.…”

Section: Random Secret Drawmentioning

confidence: 99%

“…While saving a linear factor in communication complexity, this solution lacks security against adaptive adversary and requires PKI. Since both [10] and [2] did not considered RSD as a separate abstraction and did not provide separate pseudocode for it, we present both RSD implementations in Appendix D.…”

Section: Random Secret Drawmentioning

confidence: 99%

“…We also introduce the concept of a Monte Carlo common coin which is a probabilistic common coin whose success rate δ can be parameterized as follows: the more rounds of the protocol are executed, the more reliable the outcome is. In our case δ starts at 2 3 in the first round of the protocol and converges to 1 at an exponential rate in the number of rounds. In most probabilistic common coins, δ could be increased by decreasing the resilience level (the allowed fraction of Byzantine processes).…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Distributed Randomness from Approximate Agreement

Freitas¹,

Kuznetsov²,

Tonkikh³

2022

Preprint

View full text Add to dashboard Cite

Randomisation is a critical tool in designing distributed systems. The common coin primitive, enabling the system members to agree on an unpredictable random number, has proven to be particularly useful. We observe, however, that it is impossible to implement a truly random common coin protocol in a fault-prone asynchronous system.To circumvent this impossibility, we introduce two relaxations of the perfect common coin: (1) approximate common coin generating random numbers that are close to each other; and (2) Monte Carlo common coin generating a common random number with an arbitrarily small, but non-zero, probability of failure. Building atop the approximate agreement primitive, we obtain efficient asynchronous implementations of the two abstractions, tolerating up to one third of Byzantine processes. Our protocols do not assume trusted setup or public key infrastructure and converge to the perfect coin exponentially fast in the protocol running time.By plugging one of our protocols for Monte Carlo common coin in a well-known consensus algorithm, we manage to get a binary Byzantine agreement protocol with O(n 3 log n) communication complexity, resilient against an adaptive adversary, and tolerating the optimal number f < n/3 of failures without trusted setup or PKI. To the best of our knowledge, the best communication complexity for binary Byzantine agreement achieved so far in this setting is O(n 4 ). We also show how the approximate common coin, combined with a variant of Gray code, can be used to solve an interesting problem of Intersecting Random Subsets, which we introduce in this paper. ACM Subject Classification Theory of computation → Design and analysis of algorithmsKeywords and phrases Asynchronous, approximate agreement, weak common coin, consensus, Byzantine agreement 1 Termination: every correct process eventually outputs some value; Agreement: no two correct processes output different values; Randomness: the value output by a correct process must be uniformly distributed over some domain D, |D| ≥ 2.

show abstract