Paper 2020/851

Asynchronous Byzantine Agreement with Subquadratic Communication

Abstract

Understanding the communication complexity of Byzantine agreement (BA) is a fundamental problem in distributed computing. In particular, as protocols are run with a large number of parties (as, e.g., in the context of blockchain protocols), it is important to understand the dependence of the communication on the number of parties $$. Although adaptively secure BA protocols with $$ communication are known in the synchronous and partially synchronous settings, no such protocols are known in the fully asynchronous case. We show here an asynchronous BA protocol with subquadratic communication tolerating an adaptive adversary who can corrupt $$ of the parties (for any $$). One variant of our protocol assumes initial setup done by a trusted dealer, after which an unbounded number of BA executions can be run; alternately, we can achieve subquadratic amortized communication with no prior setup. We also show that some form of setup is needed for (non-amortized) subquadratic BA tolerating $$ corrupted parties. As a contribution of independent interest, we show a secure-computation protocol in the same threat model that has $$ communication when computing no-input functionalities with short output (e.g., coin tossing).