TY - JOUR

T1 - On the Round Complexity of Randomized Byzantine Agreement

AU - Cohen, Ran

AU - Haitner, Iftach

AU - Makriyannis, Nikolaos

AU - Orland, Matan

AU - Samorodnitsky, Alex

N1 - Publisher Copyright:
© 2022, International Association for Cryptologic Research.

PY - 2022/4

Y1 - 2022/4

N2 - We prove lower bounds on the round complexity of randomized Byzantine agreement (BA) protocols, bounding the halting probability of such protocols after one and two rounds. In particular, we prove that: 1. BA protocols resilient against n/3 [resp., n/4] corruptions terminate (under attack) at the end of the first round with probability at most o(1) [resp., 1 / 2 + o(1)]. 2. BA protocols resilient against a fraction of corruptions greater than 1/4 terminate at the end of the second round with probability at most 1 - Θ (1). 3. For a large class of protocols (including all BA protocols used in practice) and under a plausible combinatorial conjecture, BA protocols resilient against a fraction of corruptions greater than 1/3 [resp., 1/4] terminate at the end of the second round with probability at most o(1) [resp., 1 / 2 + o(1)]. The above bounds hold even when the parties use a trusted setup phase, e.g., a public-key infrastructure (PKI). The third bound essentially matches the recent protocol of Micali (ITCS’17) that tolerates up to n/3 corruptions and terminates at the end of the third round with constant probability.

AB - We prove lower bounds on the round complexity of randomized Byzantine agreement (BA) protocols, bounding the halting probability of such protocols after one and two rounds. In particular, we prove that: 1. BA protocols resilient against n/3 [resp., n/4] corruptions terminate (under attack) at the end of the first round with probability at most o(1) [resp., 1 / 2 + o(1)]. 2. BA protocols resilient against a fraction of corruptions greater than 1/4 terminate at the end of the second round with probability at most 1 - Θ (1). 3. For a large class of protocols (including all BA protocols used in practice) and under a plausible combinatorial conjecture, BA protocols resilient against a fraction of corruptions greater than 1/3 [resp., 1/4] terminate at the end of the second round with probability at most o(1) [resp., 1 / 2 + o(1)]. The above bounds hold even when the parties use a trusted setup phase, e.g., a public-key infrastructure (PKI). The third bound essentially matches the recent protocol of Micali (ITCS’17) that tolerates up to n/3 corruptions and terminates at the end of the third round with constant probability.

KW - Byzantine agreement

KW - Lower bound

KW - Round complexity

UR - http://www.scopus.com/inward/record.url?scp=85126180781&partnerID=8YFLogxK

U2 - 10.1007/s00145-022-09421-7

DO - 10.1007/s00145-022-09421-7

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:85126180781

SN - 0933-2790

VL - 35

JO - Journal of Cryptology

JF - Journal of Cryptology

IS - 2

M1 - 10

ER -