Extending Asynchronous Byzantine Agreement with Crusader Agreement
Mose Mizrahi Erbes, Roger Wattenhofer
TL;DR
The paper addresses asynchronous Byzantine agreement for $n$ parties with up to $t < \frac{n}{3}$ faults by reducing multivalued BA to binary BA via a Crusader Agreement (CA)–based extension called EXT. It introduces two information-theoretic CA protocols, CA$_1$ (statistical) and CA$_2$ (perfect), enabling BA on $\ell$-bit inputs with one binary-BA instance and one CA instance, plus $Θ(\ell n + n^2)$ extra communication; CA$_1$ uses almost-universal hashing to achieve security with probability $1 - 2^{-\lambda}$, while CA$_2$ replaces hashes with error-correcting codes and a preliminary COOL-based step to achieve perfect security tolerating $t \leq \frac{n}{3+\varepsilon}$ with $O\bigl(\frac{\ell n}{\min(1, \varepsilon^2)} + n^2 \max\bigl(1, \log \frac{1}{\varepsilon}\bigr)\bigr)$ bits. The EXT construction enables information-theoretic asynchronous BA extensions with constant-round overhead and quadratic-in-$n$ communication, matching or surpassing prior protocols in several fault-tolerance regimes and providing a practical path to multivalued BA with unconditional security.
Abstract
In this work, we study multivalued byzantine agreement (BA) in an asynchronous network of $n$ parties where up to $t < \frac{n}{3}$ parties are byzantine. We present a new reduction from multivalued BA to binary BA. It allows one to achieve BA on $\ell$-bit inputs with one instance of binary BA, one instance of crusader agreement (CA) on $\ell$-bit inputs and $Θ(\ell n + n^2)$ bits of additional communication. As our reduction uses multivalued CA, we also design two new information-theoretic CA protocols for $\ell$-bit inputs. In the first one, we use almost-universal hashing to achieve statistical security with probability $1 - 2^{-λ}$ against $t < \frac{n}{3}$ faults with $Θ(\ell n + n^2(λ+ \log n))$ bits of communication. Following this, we replace the hashes with error correcting code symbols and add a preliminary step based on the synchronous multivalued BA protocol COOL [DISC '21] to obtain a second, perfectly secure CA protocol that can for any $\varepsilon > 0$ be set to tolerate $t \leq \frac{n}{3 + \varepsilon}$ faults with $\mathcal{O}\bigl(\frac{\ell n}{\min(1, \varepsilon^2)} + n^2\max\bigl(1, \log \frac{1}{\varepsilon}\bigr) \bigr)$ bits of communication. Our CA protocols allow one to extend binary BA to multivalued BA with a constant round overhead, a quadratic-in-$n$ communication overhead, and information-theoretic security.