TY - GEN
T1 - An almost-surely terminating polynomial protocol for asynchronous Byzantine agreement with optimal resilience
AU - Abraham, Ittai
AU - Dolev, Danny
AU - Halpern, Joseph Y.
PY - 2008
Y1 - 2008
N2 - Consider an asynchronous system with private channels and n processes, up to t of which may be faulty. We settle a longstanding open question by providing a Byzantine agreement protocol that simultaneously achieves three properties: 1. (optimal) resilience: it works as long as n > 3t; 2. (almost-sure) termination: with probability one, all nonfaulty processes terminate; 3. (polynomial) efficiency: the expected computation time, memory consumption, message size, and number of messages sent are all polynomial in n. Earlier protocols have achieved only two of these three properties. In particular, the protocol of Bracha is not polynomially efficient, the protocol of Feldman and Micali is not optimally resilient, and the protocol of Canetti and Rabin does not have almost-sure termination. Our protocol utilizes a new primitive called shunning (asynchronous) verifiable secret sharing (SVSS), which ensures, roughly speaking, that either a secret is successfully shared or a new faulty process is ignored from this point onwards by some nonfaulty process.
AB - Consider an asynchronous system with private channels and n processes, up to t of which may be faulty. We settle a longstanding open question by providing a Byzantine agreement protocol that simultaneously achieves three properties: 1. (optimal) resilience: it works as long as n > 3t; 2. (almost-sure) termination: with probability one, all nonfaulty processes terminate; 3. (polynomial) efficiency: the expected computation time, memory consumption, message size, and number of messages sent are all polynomial in n. Earlier protocols have achieved only two of these three properties. In particular, the protocol of Bracha is not polynomially efficient, the protocol of Feldman and Micali is not optimally resilient, and the protocol of Canetti and Rabin does not have almost-sure termination. Our protocol utilizes a new primitive called shunning (asynchronous) verifiable secret sharing (SVSS), which ensures, roughly speaking, that either a secret is successfully shared or a new faulty process is ignored from this point onwards by some nonfaulty process.
KW - Byzantine agreement
KW - Distributed computing
KW - Secret sharing
UR - http://www.scopus.com/inward/record.url?scp=57549095453&partnerID=8YFLogxK
U2 - 10.1145/1400751.1400804
DO - 10.1145/1400751.1400804
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:57549095453
SN - 9781595939890
T3 - Proceedings of the Annual ACM Symposium on Principles of Distributed Computing
SP - 405
EP - 414
BT - PODC'08
PB - Association for Computing Machinery
T2 - 27th ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing
Y2 - 18 August 2008 through 21 August 2008
ER -