Partial Synchrony for Free? New Upper Bounds for Byzantine Agreement

2402.10059

Published 4/8/2024 by Pierre Civit, Muhammad Ayaz Dzulfikar, Seth Gilbert, Rachid Guerraoui, Jovan Komatovic, Manuel Vidigueira, Igor Zablotchi

cs.DC

📈

Abstract

Byzantine agreement allows n processes to decide on a common value, in spite of arbitrary failures. The seminal Dolev-Reischuk bound states that any deterministic solution to Byzantine agreement exchanges Omega(n^2) bits. In synchronous networks, solutions with optimal O(n^2) bit complexity, optimal fault tolerance, and no cryptography have been established for over three decades. However, these solutions lack robustness under adverse network conditions. Therefore, research has increasingly focused on Byzantine agreement for partially synchronous networks. Numerous solutions have been proposed for the partially synchronous setting. However, these solutions are notoriously hard to prove correct, and the most efficient cryptography-free algorithms still require O(n^3) exchanged bits in the worst case. In this paper, we introduce Oper, the first generic transformation of deterministic Byzantine agreement algorithms from synchrony to partial synchrony. Oper requires no cryptography, is optimally resilient (n >= 3t+1, where t is the maximum number of failures), and preserves the worst-case per-process bit complexity of the transformed synchronous algorithm. Leveraging Oper, we present the first partially synchronous Byzantine agreement algorithm that (1) achieves optimal O(n^2) bit complexity, (2) requires no cryptography, and (3) is optimally resilient (n >= 3t+1), thus showing that the Dolev-Reischuk bound is tight even in partial synchrony. Moreover, we adapt Oper for long values and obtain several new partially synchronous algorithms with improved complexity and weaker (or completely absent) cryptographic assumptions.

Create account to get full access

Overview

Byzantine agreement allows multiple processes to agree on a common value, even if some processes fail in arbitrary ways
The Dolev-Reischuk bound states that any deterministic solution to Byzantine agreement must exchange at least Ω(n²) bits, where n is the number of processes
Optimal solutions with O(n²) bit complexity and optimal fault tolerance have been known for decades, but lack robustness under adverse network conditions
Recent research has focused on Byzantine agreement in partially synchronous networks, but existing solutions are complex and require O(n³) bits in the worst case

Plain English Explanation

Optimizing Distributed Protocols for Query Rewrites - Technical Report describes a fundamental problem in distributed computing called Byzantine agreement. In this problem, a group of n processes needs to agree on a common value, even if some of the processes are behaving in unexpected or malicious ways (e.g., sending incorrect information).

The researchers explain that an important theoretical result, the Dolev-Reischuk bound, shows that any deterministic solution to Byzantine agreement must exchange at least Ω(n²) bits of information. This means that the amount of data that needs to be communicated grows quadratically with the number of processes.

Over the past few decades, researchers have developed solutions to Byzantine agreement that achieve this optimal O(n²) bit complexity and are also optimally resilient (able to tolerate up to n-1 failures). However, these solutions assume a perfectly synchronous network, where all processes can reliably communicate with each other at the same time. In reality, networks often experience delays and other disruptions, so these solutions may not be robust enough.

Therefore, the researchers have been focusing on Byzantine agreement in partially synchronous networks, where the timing of communications is not as reliable. The Robust Constrained Consensus for Inequality Constrained Distributed Optimization paper and the OLYMPIA: A Simulation Framework for Evaluating Concrete Scalability and Security of Decentralized Systems paper explore this more realistic setting. However, the existing solutions for partially synchronous Byzantine agreement are complex and still require a lot of communication, up to O(n³) bits in the worst case.

Technical Explanation

In this paper, the researchers introduce a new technique called Oper, which is a generic transformation that can convert deterministic Byzantine agreement algorithms designed for synchronous networks into algorithms that work in partially synchronous networks. Oper has several key properties:

It does not require any cryptography, making it simpler and more efficient.
It is optimally resilient, meaning it can tolerate up to n-1 faulty processes (as long as n ≥ 3t+1, where t is the maximum number of failures).
It preserves the worst-case per-process bit complexity of the original synchronous algorithm.

By leveraging Oper, the researchers present the first partially synchronous Byzantine agreement algorithm that:

Achieves the optimal O(n²) bit complexity.
Requires no cryptography.
Is optimally resilient (n ≥ 3t+1).

This shows that the Dolev-Reischuk bound is tight even in partially synchronous networks, meaning that the lower bound on communication complexity cannot be improved.

Furthermore, the researchers adapt Oper to handle long input values and obtain several new partially synchronous algorithms with improved complexity and weaker (or completely absent) cryptographic assumptions.

Critical Analysis

The researchers acknowledge that their Oper transformation and the resulting partially synchronous Byzantine agreement algorithms are not without limitations. For example, they assume a partially synchronous network model, which may not capture all the complexities of real-world distributed systems.

Additionally, the Adversary Augmented Simulation to Evaluate Fairness of Hyperledger Fabric's Ordering Service paper highlights the importance of considering adversarial network conditions when evaluating the performance and robustness of distributed protocols.

The researchers also mention that their solutions may not be as efficient as some existing partially synchronous Byzantine agreement algorithms that rely on cryptography. The trade-off between cryptographic assumptions and communication complexity is an active area of research, and the Round-Optimal Dollar(n)Dollar Block Broadcast Schedules in Logarithmic Time paper explores this topic further.

Despite these potential limitations, the researchers' work represents a significant contribution to the field of Byzantine agreement, as it provides a generic transformation that can bridge the gap between synchronous and partially synchronous solutions, while preserving key properties like optimal resilience and communication complexity.

Conclusion

This paper introduces a novel technique called Oper, which allows deterministic Byzantine agreement algorithms designed for synchronous networks to be adapted for partially synchronous networks. The key benefits of Oper are that it requires no cryptography, is optimally resilient, and preserves the communication complexity of the original synchronous algorithm.

By leveraging Oper, the researchers present the first partially synchronous Byzantine agreement algorithm that achieves optimal O(n²) bit complexity, optimal resilience, and no cryptographic assumptions. This is a significant result, as it shows that the Dolev-Reischuk lower bound on communication complexity is tight even in the more realistic partially synchronous setting.

The researchers' work advances the state of the art in Byzantine agreement and could have important implications for the design of robust and efficient distributed systems that need to reach consensus in the face of potential failures or malicious behavior.

This summary was produced with help from an AI and may contain inaccuracies - check out the links to read the original source documents!

Related Papers

Synchronous Consensus in Partial Synchrony

Ivan Klianev

We demonstrate a deterministic Byzantine consensus algorithm with synchronous operation in partial synchrony. It is naturally leaderless, tolerates any number of $ f<n/2 $ Byzantine processes with 2 rounds of exchange of originator-only signed messages, and terminates within a bounded interval of time. The algorithm is resilient to transient faults and asynchrony in a fraction of links with known size per number of faulty processes. It circumvents asynchronous and faulty links with 3-hop epidemic dissemination. Key finding: the resilience to asynchrony of links and the enabled by it leaderless consensus in partial synchrony ensure algorithm operation with simultaneous validity, safety, and bounded liveness.

5/16/2024

cs.DC

Efficient Signature-Free Validated Agreement

Pierre Civit, Muhammad Ayaz Dzulfikar, Seth Gilbert, Rachid Guerraoui, Jovan Komatovic, Manuel Vidigueira, Igor Zablotchi

Byzantine agreement enables n processes to agree on a common L-bit value, despite up to t > 0 arbitrary failures. A long line of work has been dedicated to improving the bit complexity of Byzantine agreement in synchrony. This has culminated in COOL, an error-free (deterministically secure against a computationally unbounded adversary) solution that achieves O(nL + n^2 logn) worst-case bit complexity (which is optimal for L > n logn according to the Dolev-Reischuk lower bound). COOL satisfies strong validity: if all correct processes propose the same value, only that value can be decided. Strong validity is, however, not appropriate for today's state machine replication (SMR) and blockchain protocols. These systems value progress and require a decided value to always be valid, excluding default decisions (such as EMPTY) even in cases where there is no unanimity a priori. Validated Byzantine agreement satisfies this property (called external validity). Yet, the best error-free (or even signature-free) validated agreement solutions achieve only O(n^2L) bit complexity, a far cry from the Omega(nL + n^2) Dolev-Reishcuk lower bound. In this paper, we present two new synchronous algorithms for validated Byzantine agreement, HashExt and ErrorFreeExt, with different trade-offs. Both algorithms are (1) signature-free, (2) optimally resilient (tolerate up to t n^2 kappa (where kappa is the size of a hash). On the other hand, ErrorFreeExt is error-free, using no cryptography whatsoever, and achieves O( (nL + n^2) logn ) bit complexity, which is near-optimal for any L.

5/20/2024

cs.DC

🛠️

Nearly-Optimal Consensus Tolerating Adaptive Omissions: Why is a Lot of Randomness is Needed?

Mohammad T. Hajiaghayi, Dariusz R. Kowalski, Jan Olkowski

We study the problem of reaching agreement in a synchronous distributed system by $n$ autonomous parties, when the communication links from/to faulty parties can omit messages. The faulty parties are selected and controlled by an adaptive, full-information, computationally unbounded adversary. We design a randomized algorithm that works in $O(sqrt{n}log^2 n)$ rounds and sends $O(n^2log^3 n)$ communication bits, where the number of faulty parties is $Theta(n)$. Our result is simultaneously tight for both these measures within polylogarithmic factors: due to the $Omega(n^2)$ lower bound on communication by Abraham et al. (PODC'19) and $Omega(sqrt{n/log n})$ lower bound on the number of rounds by Bar-Joseph and Ben-Or (PODC'98). We also quantify how much randomness is necessary and sufficient to reduce time complexity to a certain value, while keeping the communication complexity (nearly) optimal. We prove that no MC algorithm can work in less than $Omega(frac{n^2}{max{R,n}log n})$ rounds if it uses less than $O(R)$ calls to a random source, assuming a constant fraction of faulty parties. This can be contrasted with a long line of work on consensus against an {em adversary limited to polynomial computation time}, thus unable to break cryptographic primitives, culminating in a work by Ghinea et al. (EUROCRYPT'22), where an optimal $O(r)$-round solution with probability $1-(cr)^{-r}$ is given. Our lower bound strictly separates these two regimes, by excluding such results if the adversary is computationally unbounded. On the upper bound side, we show that for $Rintilde{O}(n^{3/2})$ there exists an algorithm solving consensus in $tilde{O}(frac{n^2}{R})$ rounds with high probability, where tilde notation hides a polylogarithmic factor. The communication complexity of the algorithm does not depend on the amount of randomness $R$ and stays optimal within polylogarithmic factor.

5/27/2024

cs.DC cs.CR cs.DS

👀

Delphi: Efficient Asynchronous Approximate Agreement for Distributed Oracles

Akhil Bandarupalli, Adithya Bhat, Saurabh Bagchi, Aniket Kate, Chen-Da Liu-Zhang, Michael K. Reiter

Agreement protocols are crucial in various emerging applications, spanning from distributed (blockchains) oracles to fault-tolerant cyber-physical systems. In scenarios where sensor/oracle nodes measure a common source, maintaining output within the convex range of correct inputs, known as convex validity, is imperative. Present asynchronous convex agreement protocols employ either randomization, incurring substantial computation overhead, or approximate agreement techniques, leading to high $mathcal{tilde{O}}(n^3)$ communication for an $n$-node system. This paper introduces Delphi, a deterministic protocol with $mathcal{tilde{O}}(n^2)$ communication and minimal computation overhead. Delphi assumes that honest inputs are bounded, except with negligible probability, and integrates agreement primitives from literature with a novel weighted averaging technique. Experimental results highlight Delphi's superior performance, showcasing a significantly lower latency compared to state-of-the-art protocols. Specifically, for an $n=160$-node system, Delphi achieves an 8x and 3x improvement in latency within CPS and AWS environments, respectively.

5/8/2024

cs.DC cs.CR