Paper 2023/1003
Concurrent Asynchronous Byzantine Agreement in Expected-Constant Rounds, Revisited
Abstract
It is well known that without randomization, Byzantine agreement (BA) requires a linear number of rounds in the synchronous setting, while it is flat out impossible in the asynchronous setting. The primitive which allows to bypass the above limitation is known as oblivious common coin (OCC). It allows parties to agree with constant probability on a random coin, where agreement is oblivious, i.e., players are not aware whether or not agreement has been achieved. The starting point of our work is the observation that no known protocol exists for information-theoretic multi-valued OCC---i.e., OCC where the coin might take a value from a domain of cardinality larger than 2---with optimal resiliency in the asynchronous (with eventual message delivery) setting. This apparent hole in the literature is particularly problematic, as multi-valued OCC is implicitly or explicitly used in several constructions. (In fact, it is often falsely attributed to the asynchronous BA result by Canetti and Rabin [STOC ’93], which, however, only achieves binary OCC and does not translate to a multi-valued OCC protocol.) In this paper, we present the first information-theoretic multi-valued OCC protocol in the asynchronous setting with optimal resiliency, i.e., tolerating $t<n/3$ corruptions, thereby filling this important gap. Further, our protocol efficiently implements OCC with an exponential-size domain, a property which is not even achieved by known constructions in the simpler, synchronous setting. We then turn to the problem of round-preserving parallel composition of asynchronous BA. A protocol for this task was proposed by Ben-Or and El-Yaniv [Distributed Computing ’03]. Their construction, however, is flawed in several ways: For starters, it relies on multi-valued OCC instantiated by Canetti and Rabin's result (which, as mentioned above, only provides binary OCC). This shortcoming can be repaired by plugging in our above multi-valued OCC construction. However, as we show, even with this fix it remains unclear whether the protocol of Ben-Or and El-Yaniv achieves its goal of expected-constant-round parallel asynchronous BA, as the proof is incorrect. Thus, as a second contribution, we provide a simpler, more modular protocol for the above task. Finally, and as a contribution of independent interest, we provide proofs in Canetti's Universal Composability framework; this makes our work the first one offering composability guarantees, which are important as BA is a core building block of secure multi-party computation protocols.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- A major revision of an IACR publication in TCC 2023
- DOI
- 10.1007/978-3-031-48624-1_16
- Keywords
- Byzantine agreementasynchronous networksconcurrent composition(multi-valued) oblivious common coin
- Contact author(s)
-
rancoen @ gmail com
pouyan forghani @ tamu edu
juan a garay @ gmail com
rsp7 @ tamu edu
vassilis zikas @ gmail com - History
- 2023-12-22: revised
- 2023-06-27: received
- See all versions
- Short URL
- https://ia.cr/2023/1003
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1003, author = {Ran Cohen and Pouyan Forghani and Juan Garay and Rutvik Patel and Vassilis Zikas}, title = {Concurrent Asynchronous Byzantine Agreement in Expected-Constant Rounds, Revisited}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/1003}, year = {2023}, doi = {10.1007/978-3-031-48624-1_16}, url = {https://eprint.iacr.org/2023/1003} }