ETH Zürich » Computer Science » Theory » Cryptography

Publications: Abstract

Efficient {B}yzantine Agreement with Faulty Minority

Zuzana {Beerliova-Trubiniova} and Martin Hirt and Micha Riser

Byzantine Agreement (BA) among $n$ players allows the players to agree on a value, even when up to $t$ of the players are faulty.

In the broadcast variant of BA, one dedicated player holds a message, and all players shall learn this message. In the consensus variant of BA, every player holds (presumably the same) message, and the players shall agree on this message. BA is the probably most important primitive in distributed protocols, hence its efficiency is of particular importance. BA from scratch, i.e., without a trusted setup, is possible only for $t<n/3$. In this setting, the known BA protocols are highly efficient ($\O(n^2)$ bits of communication) and provide information-theoretic security.

When a trusted setup is available, then BA is possible for $t<n/2$ (consensus), respectively for $t<n$ (broadcast). In this setting, only computationally secure BA protocols are reasonably efficient ($\O(n^3\kappa)$ bits). When information-theoretic security is required, the most efficient known BA protocols require $\O(n^{17}\kappa)$ bits of communication per BA, where $\kappa$ denotes a security parameter. The main reason for this huge communication is that in the information-theoretic world, parts of the setup are consumed with every invocation to BA, and hence the setup must be refreshed. This refresh operation is highly complex and communication-intensive. In this paper we present BA protocols (both broadcast and consensus) with information-theoretic security for $t<n/2$, communicating $\O(n^5\kappa)$ bits per BA.