Abstract

Broadcasting guarantees the recipient of a message that everyone else has received the same message. This guarantee no longer exists in a setting in which all communication is person-to-person and some of the people involved are untrustworthy: though he may claim to send the same message to everyone, an untrustworthy sender may send different messages to different people. In such a setting, Byzantine agreement offers the "best alternative" to broadcasting. Thus far, however, reaching Byzantine agreement has required either many rounds of communication (i.e., messages had to be sent back and forth a number of times that grew with the size of the network) or the help of some external trusted party.
In this paper, for the standard communication model of synchronous networks in which each pair of processors is connected by a private communication line, we exhibit a protocol that, in probabilistic polynomial time and without relying on any external trusted party, reaches Byzantine agreement in an expected constant number of rounds and in the worst natural fault model. In fact, our protocol successfully tolerates that up to 1/3 of the processors in the network may deviate from their prescribed instructions in an arbitrary way, cooperate with each other, and perform arbitrarily long computations.
Our protocol effectively demonstrates the power of randomization and zero-knowledge computation against errors. Indeed, it proves that "privacy" (a fundamental ingredient of one of our primitives), even when is not a desired goal in itself (as for the Byzantine agreement problem), can be a crucial tool for achieving correctness.
Our protocol also introduces three new primitives---graded broadcast, graded verifiable secret sharing, and oblivious common coin---that are of independent interest, and may be effectively used in more practical protocols than ours.

MSC codes

  1. 68Q22
  2. 68R05
  3. 68M15
  4. 94A60
  5. 94A99
  6. 94B99

Keywords

  1. broadcasting
  2. Byzantine agreement
  3. fault-tolerant computation
  4. randomization

Get full access to this article

View all available purchase options and get full access to this article.

References

1.
L. M. Adleman and M. A. Huang, Recognizing primes in random polynomial time, in Proc. 19th ACM Symposium on Theory of Computing, ACM, New York, 1987, pp. 462–469.
2.
D. Beaver, S. Micali, and P. Rogaway, The round complexity of secure protocols, in Proc. 22th ACM Symposium on Theory of Computing, ACM, New York, 1990.
3.
M. Ben‐Or, S. Goldwasser, and A. Wigderson, Completeness theorems for fault‐tolerant distributed computing, in Proc. 20th ACM Symposium on Theory of Computing, ACM, New York, 1988, pp. 1–10.
4.
M. Ben‐Or and R. El‐Yaniv, Interactive consistency in constant time, Distrib. Comput., 1991, submitted.
5.
M. Ben‐Or, Another advantage of free choice: Completely asynchronous agreement protocols, in Proc. 2nd Annual Symposium on Principles of Distributed Computing, ACM, New York, 1983, pp. 27–30.
6.
G. Bracha, An “o(logn)” expected rounds randomized Byzantine generals protocol, in Proc. 17th ACM Symposium on Theory of Computing, ACM, New York, 1985.
7.
R. Canetti and T. Rabin, Fast asynchronous agreement with optimal resilience, in Proc. 25th ACM Symposium on Theory of Computing, ACM, New York, 1993, pp. 42–51.
8.
B. Chor and B. Coan, A simple and efficient randomized Byzantine agreement problem, IEEE Trans. Software Engrg., SE‐11 (1985), pp. 531–539.
9.
B. Chor, S. Goldwasser, S. Micali, and B. Awerbuch, Verifiable secret sharing and achieving simultaneity in the presence of faults, in Proc. 26th Annual IEEE Symposium on Foundations of Computer Science, IEEE Computer Society Press, Los Alamitos, CA, 1985, pp. 383–395.
10.
D. Chaum, C. Crepeau, and I. Damgård, Multi‐party unconditionally secure protocols, in Proc. 20th ACM Symposium on Theory of Computing, ACM, New York, 1988.
11.
B. Chor and C. Dwork, Randomization in Byzantine agreement, in Randomness and Computation, S. Micali, ed., JAI Press, Greenwich, CT, 1989, pp. 433–498.
12.
Danny Dolev, Michael Fischer, Rob Fowler, Nancy Lynch, H. Strong, An efficient algorithm for Byzantine agreement without authentication, Inform. and Control, 52 (1982), 257–274
13.
Danny Dolev, The Byzantine generals strike again, J. Algorithms, 3 (1982), 14–30
14.
D. Dolev and C. Dwork, manuscript, 1987.
15.
D. Dolev, C. Dwork, and M. Naor, Non‐malleable cryptography, in Proc. 23rd ACM Symposium on Theory of Computing, ACM, New York, 1993, pp. 542–552.
16.
C. Dwork, D. Shmoys, and L. Stockmeyer, Flipping persuasively in constant expected time, SIAM J. Comput., 19 (1990), pp. 472–499.
17.
P. Feldman, Optimal algorithms for Byzantine agreement, Ph.D. thesis, Massachusetts Institute of Technology, Cambridge, MA, 1988.
18.
P. Feldman and S. Micali, Byzantine agreement in constant expected time (and trusting no one), in Proc. 26th Annual IEEE Symposium on Foundations of Computer Science, IEEE Computer Society Press, Los Alamitos, CA, 1985, pp. 267–276.
19.
Michael Fischer, The consensus problem in unreliable distributed systems (a brief survey), Lecture Notes in Comput. Sci., Vol. 158, Springer, Berlin, 1983, 127–140
20.
Michael Fischer, Nancy Lynch, A lower bound for the time to assure interactive consistency, Inform. Process. Lett., 14 (1982), 183–186
21.
Z. Galil, S. Haber, and M. Yung, Cryptographic computation: Secure falt‐tolerant protocols and public‐key model, in Proc. CRYPTO ’87, Springer‐Verlag, Berlin, 1987, pp. 135–155.
22.
S. Goldwasser and J. Kilian, Almost all primes can be quickly certified, in Proc. 18th ACM Symposium on Theory of Computing, ACM, New York, 1986, pp. 316–329.
23.
S. Goldwasser and S. Micali, Probabilistic encryption, J. Comput. System Sci., 28 (1984), pp. 270–299.
24.
Shafi Goldwasser, Silvio Micali, Charles Rackoff, The knowledge complexity of interactive proof systems, SIAM J. Comput., 18 (1989), 186–208
25.
Shafi Goldwasser, Silvio Micali, Ronald Rivest, A digital signature scheme secure against adaptive chosen‐message attacks, SIAM J. Comput., 17 (1988), 281–308, Special issue on cryptography
26.
O. Goldreich, S. Micali, and A. Wigderson, How to play any mental game, or a completeness theorem for protocols with honest majority, in Proc. 19th ACM Symposium on Theory of Computing, ACM, New York, 1987, pp. 218–229.
27.
Oded Goldreich, Erez Petrank, The best of both worlds: guaranteeing termination in fast randomized Byzantine agreement protocols, Inform. Process. Lett., 36 (1990), 45–49
28.
A. Karlin and A. Yao, manuscript, 1987.
29.
S. Micali and T. Rabin, Collective coin tossing without assumptions nor broadcasting, in Proc. CRYPTO ’90, Springer‐Verlag, Berlin, 1990, pp. 253–266.
30.
S. Micali and P. Rogaway, Secure computation, in Proc. CRYPTO ’91, Springer‐Verlag, Berlin, 1992;
full paper available from authors.
31.
Y. Moses and O. Waarts, Coordinated travel: (t+1)‐round Byzantine agreement in polynomial time, in Proc. 29th Annual IEEE Symposium on Foundations of Computer Science, IEEE Computer Society Press, Los Alamitos, CA, 1988, pp. 246–255.
32.
M. Pease, R. Shostak, L. Lamport, Reaching agreement in the presence of faults, J. Assoc. Comput. Mach., 27 (1980), 228–234
33.
Michael Rabin, Probabilistic algorithm for testing primality, J. Number Theory, 12 (1980), 128–138
34.
M. Rabin, Randomized Byzantine generals, in Proc. 24th Annual IEEE Symposium on Foundations of Computer Science, IEEE Computer Society Press, Los Alamitos, CA, 1983, pp. 403–409.
35.
T. Rabin and M. Ben‐Or, Verifiable secret sharing and multiparty protocols with honest majority, in Proc. 21th ACM Symposium on Theory of Computing, ACM, New York, 1989.
36.
R. Solovay and V. Strassen, A fast Monte‐Carlo test for primality, SIAM J. Comput., 6 (1977), pp. 84–85.
37.
R. Turpin and B. Coan, Extending binary Byzantine agreement to multivalued Byzantine agreement, Inform. Process. Lett., 18 (1984), pp. 73–76.

Information & Authors

Information

Published In

cover image SIAM Journal on Computing
SIAM Journal on Computing
Pages: 873 - 933
ISSN (online): 1095-7111

History

Published online: 28 July 2006

MSC codes

  1. 68Q22
  2. 68R05
  3. 68M15
  4. 94A60
  5. 94A99
  6. 94B99

Keywords

  1. broadcasting
  2. Byzantine agreement
  3. fault-tolerant computation
  4. randomization

Authors

Affiliations

Metrics & Citations

Metrics

Citations

If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download.

Cited By

View Options

View options

PDF

View PDF

Media

Figures

Other

Tables

Share

Share

Copy the content Link

Share with email

Email a colleague

Share on social media