Toward Optimal-Complexity Hash-Based Asynchronous MVBA with Optimal Resilience

TL;DR

This paper tackles the problem of adaptively secure, hash-based asynchronous MVBA by introducing Reducer and Reducer++ to merge optimal complexity with near-optimal resilience. Reducer preserves HMVBA’s $O(n^2)$ message and $O(n\ell + n^2\lambda\log n)$ bit complexity and achieves resilience $t < \tfrac{1}{4}n$ by leveraging a cryptography-free SMBA primitive to bound the number of candidate digests and guarantee termination in good iterations. Reducer++ pushes resilience further to $t < (\tfrac{1}{3}-\varepsilon)n$ by employing a hash-as-random-oracle adoption mechanism over $C$ trials per iteration, yielding constant-time per trial but requiring random-oracle hash modeling; overall, Reducer++ retains quadratic message and quasi-quadratic bit complexity with constants depending on $\varepsilon$. A cryptography-free SMBA construction is introduced as a primitive of independent interest, while Reducer++ relies on a random-oracle hash to ensure termination. Compared to prior hash-based MVBA (e.g., HMVBA, FIN-MVBA) and concurrent FLT24-MVBA work, the proposed protocols achieve improved resilience bounds with comparable or better complexity, and they preserve a quality property ensuring a correct-proposer outcome with non-negligible probability, making them practical for repeated MVBA deployments in asynchronous systems.

Abstract

Multi-valued validated Byzantine agreement (MVBA), a fundamental primitive of distributed computing, allows $n$ processes to agree on a valid $\ell$-bit value, despite $t$ faulty processes behaving maliciously. Among hash-based solutions for the asynchronous setting with adaptive faults, the state-of-the-art HMVBA protocol achieves optimal $O(n^2)$ message complexity, (near-)optimal $O(n\ell+n^2 λ\log n)$ bit complexity, and optimal $O(1)$ time complexity. However, it only tolerates up to $t < \frac15 n$ adaptive failures. In contrast, the best known optimally resilient protocol, FIN-MVBA, exchanges $O(n^3)$ messages and $O(n^2\ell + n^3λ)$ bits. This highlights a fundamental question: can a hash-based protocol be designed for the asynchronous setting with adaptive faults that simultaneously achieves both optimal complexity and optimal resilience? In this paper, we take a significant step toward answering the question. Namely, we introduce Reducer, an MVBA protocol that retains HMVBA's complexity while improving its resilience to $t<\frac14 n$. Like HMVBA and FIN-MVBA, Reducer relies exclusively on collision-resistant hash functions. A key innovation in Reducer's design is its internal use of strong multi-valued Byzantine agreement (SMBA), a variant of strong consensus we introduce and construct, which ensures agreement on a correct process's proposal. To further advance resilience toward the optimal one-third bound, we then propose Reducer++, an MVBA protocol that tolerates up to $t < (\frac13-ε)n$ adaptive failures, for any fixed constant $ε> 0$. Unlike Reducer, Reducer++ does not rely on SMBA. Instead, it employs a novel approach involving hash functions modeled as random oracles to ensure termination. Reducer++ maintains constant time complexity, quadratic message complexity, and quasi-quadratic bit complexity, with constants dependent on $ε$.

Figures (4)

• Figure 1: Depiction of HMVBA's structure. The depiction focuses on a good iteration $k$, where $\mathsf{leader}(k)$ has disseminated its valid proposal $v^{\star}(k)$ and the corresponding digest $z^{\star}(k)$. We abridge $\mathsf{leader} \triangleq \mathsf{leader}(k)$, $z^\star \triangleq z^\star(k)$, $v^\star \triangleq v^\star(k)$.
• Figure 2: Depiction of Reducer's structure. The depiction focuses on a good iteration $k$ in which the first two SMBA invocations decide adversarial digests $z_1$ and $z_2$, respectively. Finally, the third invocation decides the "good" digest $z^{\star}(k)$ of the $\mathsf{leader}(k)$'s valid proposal $v^{\star}(k)$. See \ref{['fig:hmvba-recap']} for "Dissemination" and "Reconstruct & Agree" sub-protocols. We abridge $\mathsf{leader} \triangleq \mathsf{leader}(k)$, $z^\star \triangleq z^\star(k)$, $v^\star \triangleq v^\star(k)$.
• Figure 3: Depiction of Reducer++'s structure. The depiction focuses on a good iteration $k$ where correct processes decide on the $\mathsf{leader}(k)$'s valid proposal $v^{\star}(k)$ whose digest is $z^{\star}(k)$. See \ref{['fig:hmvba-recap', 'fig:reducerpp-game']} for "Dissemination" and "Trial" sub-protocols, respectively. We abridge $\mathsf{leader} \triangleq \mathsf{leader}(k)$, $z^\star \triangleq z^\star(k)$, $v^\star \triangleq v^\star(k)$.
• Figure 4: Depiction of Reducer++'s adoption procedure. The depiction focuses on a case where $\phi$ happens to be such that the "good" digest $z^{\star}(k)$ is smallest according to $\mathsf{hash}(\cdot, \phi)$ and is thus adopted by all correct processes. See \ref{['fig:hmvba-recap']} for "Reconstruct & Agree" sub-protocol. We abridge $z^\star \triangleq z^\star(k)$, $v^\star \triangleq v^\star(k)$.

Theorems & Definitions (172)

• Theorem 1: Reducer is correct
• Definition 1: Good iterations
• Theorem 2: Reducer's expected complexity
• Theorem 3: Reducer++ is correct
• Theorem 4: Reducer++'s expected complexity
• Lemma 1: $\textsf{MBA}_\ell\xspace$ is correct
• Claim 1
• proof
• Proposition 1: $\textsf{MBA}_\ell\xspace$ satisfies strong unanimity
• proof