Byzantine Agreement. 17.2 How Many Byzantine Nodes?
Byzantine Agreement. A general proof without the restriction to decide for the minimum value exists as well. Since byzantine nodes can also just crash, this lower bound also holds for byzantine agreement, so Algorithm 17.14 has an asymptotically optimal runtime. So far all our byzantine agreement algorithms assume the synchronous model. Can byzantine agreement be solved in the asynchronous model?
Byzantine Agreement. If the correct nodes have different (binary) input values, the validity condition becomes trivial as any result is fine. What about agreement? Let u be the first node to decide on value x (in Line 8). Due to asynchrony another node v received messages from a different subset of the nodes, however, at most f senders may be different. Taking into account that byzantine nodes may lie (send different propose messages to different nodes), f additional propose messages received by v may differ from those received by u. Since node u had at least n 2f propose messages with value x, node v has at least n 4f propose messages with value x. Hence every correct node will propose x in the next round, and then decide on x. So we only need to worry about termination: We have already seen that as soon as one correct node terminates (Line 8) everybody terminates in the next round. So what are the chances that some node u terminates in Line 8? Well, we can hope that all correct nodes randomly propose the same value (in Line 12). Maybe there are some nodes not choosing at random (entering Line 10 instead of 12), but according to Lemma 3.22 they will all propose the same. Thus, at worst all n f correct nodes need to randomly choose the same bit, which happens with probability 2−(n−f)+1. If so, all correct nodes will send the same propose message, and the algorithm terminates. So the expected running time is exponential in the number of nodes n.
Byzantine Agreement. In this paper, we focus on unconditionally secure protocols for Byzantine agree- ment, i.
Byzantine Agreement agree on the same minimum value. The nodes agree on a value proposed by any node, so any-input validity holds. Moreover, the algorithm terminates after two rounds.
Byzantine Agreement. Finding consensus as in Definition 2.1 in a system with byzantine nodes is called byzantine agreement. An algorithm is f-resilient if it still works correctly with f byzantine nodes.
Byzantine Agreement. Informally, in an n-party, t-resilient Byzantine agreement protocol, the honest parties must agree on one of their input bits, even when t parties collude and actively try to prevent it. We provide two definitions for BA: the first is the standard, property-based definition and the second is based on the real/ideal paradigm. We start with the property-based definition. This definition captures the core properties re- quired for consensus; namely, agreement, validity, and termination. This is a weaker definition than the simulation-based one, and as such is most suitable for proving lower bounds. ∈ { } ∈ { } Definition 2.1 (BA, property-based). Let π be an n-party protocol in which every party Pi has an input bit xi 0, 1 and outputs a bit yi 0, 1 at the end of the protocol. The protocol π is an n-party, t-resilient BA protocol (according to the property-based definition) if the following properties are satisfied with all but negligible probability when up to t parties maliciously attack the protocol: • Agreement. For every pair of honest parties Pi and Pj it holds that yi = yj.
Byzantine Agreement. 3.2 How Many Byzantine Nodes? Algorithm 3.9 Byzantine Agreement with f = 1. 1: Code for node u, with input value x:
Byzantine Agreement. A protocol Π where initially each party Pi holds an input value xi 0, 1 and terminates upon generating an output yi is a Byzantine agreement protocol, resilient against t corruptions, if the following properties are satisfied whenever up to t parties are corrupted: – Validity: If all honest parties have as input x, then every honest party out- puts yi = x. – Consistency: Any two honest parties Pi and Pj output the same value yi = yj.
Byzantine Agreement. Let Π be a protocol executed by parties p1, . . . , pn, where each party pi begins by calling propose with input vi ∈ V . The BA problem pertains to the following properties. – Validity: Π is sabotaged (authenticated) t-valid if the following holds in the sabotaged (authenticated) setting when at most t parties are corrupted: If every honest party’s input is equal to the same value v, then every honest party outputs v.
