# The Contest between Simplicity and Efficiency in Asynchronous Byzantine Agreement Allison Lewko The University of Texas at Austin TexPoint fonts used in.

## Presentation on theme: "The Contest between Simplicity and Efficiency in Asynchronous Byzantine Agreement Allison Lewko The University of Texas at Austin TexPoint fonts used in."— Presentation transcript:

The Contest between Simplicity and Efficiency in Asynchronous Byzantine Agreement Allison Lewko The University of Texas at Austin TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAA

Byzantine Agreement n parties each has an input bit t corrupt parties Goal: agree on a bit equal to input of some ``good party 0 000 0 1

Byzantine Agreement Simple problem, worst case adversary

History Impossibility Constraints: >= 1/3 corrupted processors deterministic algorithm, 1 crash failure [FLP] Algorithms: termination with prob =1 adaptive adversary exponential expected running time [Ben-Or, Bracha] [KKKSS] termination/correctness with prob 1 – o(1) non-adaptive adversary polylogarithmic running time

Landscape of possible algorithms? [Ben-Or, Bracha] [KKKSS] ??? L Las Vegas polytime algorithm? L Adaptive adversary polytime algorithm?

Our Result [Ben-Or, Bracha]

Simple Algorithm Recipe One Round: bit b broadcast b validate set of responses = S Compute b = N(S) b Repeat Randomized function

Ben-Or, Bracha Algorithms S = Set of bits overwhelming majority strong majority mixed Decide Fix b to majority Define b randomly

Why Exponential Time? Decide 0 Fix 0 Random Decide 1 Fix 1 S: mostly 0........ mixed......... mostly 1 Exponential Loop!

Generalizing the Algorithm Recipe Round i: bit b broadcast b validate set of responses = S Compute b = N(S) Randomized function value v broadcast v i S 1, S 2, …, S i Compute v = N(S 1, S 2, …, S i ) Randomized function with constant size range

Key Restrictions S 1,..., S i are considered as sets N(S 1,..., S i ) chooses randomly from a constant number of possible values - messages divorced from senders - values themselves can vary

How to Prove Exponential Time? Classic strategy: Execution deciding 0 Execution deciding 1 Indistinguishable to some uncorrupted processor Chain of executions, each execution of exponential length Not deciding!

Challenge for Randomized Algorithms Any single execution may be unlikely Takes a class of executions to add up to constant probability

Execution Classes Divide processors into groups S S S Class defined by sets per group per round

Source of Adversarys Control Suppose Ω(n) processors receive the same sets: S 1, S 2,..., S i... N(S 1,..., S i )... Independent samples from same distribution

Chernoff Bound...

Adversary Can Match Expectations S 1, S 2,..., S i Output = Expectation [ N(S 1, …, S i )]

Chain of Execution Classes Each group kept in sync Output sets match expectations Execution class deciding 0 Execution class deciding 1 Execution class Execution class … Indistinguishable to some group One of these must be non-deciding

Generating the Chain of Execution Classes E rounds … 0 0 0 1 1 1 Change group inputs one group at a time:

Adversary Strategy adversary divides processors into groups of t corrupts constant fraction per group all group members see same message sets tries to stay in the non-deciding execution class

Adversarys Success Probability S 1, S 2, …, S i Z 1, Z 2, …, Z i V 1, V 2, …, V i Output = Expectation With Prob = 1 – 1/exp Output = Expectation With Prob = 1 – 1/exp Output = Expectation With Prob = 1 – 1/exp By Union bound over groups and rounds, # of rounds = Exp with constant probability

Observations Adversary Strategy : -Only leverages message scheduling and random coins of bad processors -No hope to detect bad behavior without risk Impossibility proof crucially leverages: -Received messages treated as sets -Random Variables have bounded support

Open Problems [KKKSS] ??? L Las Vegas polytime algorithm? L Adaptive adversary polytime algorithm? Still simple structure, unbounded randomness? Weaken symmetry in processing received messages? [Ben-Or, Bracha]

Thank you! Questions?

Similar presentations