TY - JOUR
T1 - On the Round Complexity of Randomized Byzantine Agreement
AU - Cohen, Ran
AU - Haitner, Iftach
AU - Makriyannis, Nikolaos
AU - Orland, Matan
AU - Samorodnitsky, Alex
N1 - Publisher Copyright:
© 2022, International Association for Cryptologic Research.
PY - 2022/4
Y1 - 2022/4
N2 - We prove lower bounds on the round complexity of randomized Byzantine agreement (BA) protocols, bounding the halting probability of such protocols after one and two rounds. In particular, we prove that: 1. BA protocols resilient against n/3 [resp., n/4] corruptions terminate (under attack) at the end of the first round with probability at most o(1) [resp., 1 / 2 + o(1)]. 2. BA protocols resilient against a fraction of corruptions greater than 1/4 terminate at the end of the second round with probability at most 1 - Θ (1). 3. For a large class of protocols (including all BA protocols used in practice) and under a plausible combinatorial conjecture, BA protocols resilient against a fraction of corruptions greater than 1/3 [resp., 1/4] terminate at the end of the second round with probability at most o(1) [resp., 1 / 2 + o(1)]. The above bounds hold even when the parties use a trusted setup phase, e.g., a public-key infrastructure (PKI). The third bound essentially matches the recent protocol of Micali (ITCS’17) that tolerates up to n/3 corruptions and terminates at the end of the third round with constant probability.
AB - We prove lower bounds on the round complexity of randomized Byzantine agreement (BA) protocols, bounding the halting probability of such protocols after one and two rounds. In particular, we prove that: 1. BA protocols resilient against n/3 [resp., n/4] corruptions terminate (under attack) at the end of the first round with probability at most o(1) [resp., 1 / 2 + o(1)]. 2. BA protocols resilient against a fraction of corruptions greater than 1/4 terminate at the end of the second round with probability at most 1 - Θ (1). 3. For a large class of protocols (including all BA protocols used in practice) and under a plausible combinatorial conjecture, BA protocols resilient against a fraction of corruptions greater than 1/3 [resp., 1/4] terminate at the end of the second round with probability at most o(1) [resp., 1 / 2 + o(1)]. The above bounds hold even when the parties use a trusted setup phase, e.g., a public-key infrastructure (PKI). The third bound essentially matches the recent protocol of Micali (ITCS’17) that tolerates up to n/3 corruptions and terminates at the end of the third round with constant probability.
KW - Byzantine agreement
KW - Lower bound
KW - Round complexity
UR - http://www.scopus.com/inward/record.url?scp=85126180781&partnerID=8YFLogxK
U2 - 10.1007/s00145-022-09421-7
DO - 10.1007/s00145-022-09421-7
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:85126180781
SN - 0933-2790
VL - 35
JO - Journal of Cryptology
JF - Journal of Cryptology
IS - 2
M1 - 10
ER -