1 / 24

The Contest between Simplicity and Efficiency in Asynchronous Byzantine Agreement

The Contest between Simplicity and Efficiency in Asynchronous Byzantine Agreement. Allison Lewko. The University of Texas at Austin. TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A A A. Byzantine Agreement. n parties each has an input bit

kyna
Télécharger la présentation

The Contest between Simplicity and Efficiency in Asynchronous Byzantine Agreement

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Contest between Simplicity and Efficiency in Asynchronous Byzantine Agreement Allison Lewko The University of Texas at Austin TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAAA

  2. Byzantine Agreement • n parties • each has an input bit • t corrupt parties 1 0 0 0 0 0 Goal: agree on a bit equal to input of some ``good” party

  3. Byzantine Agreement • Simple problem, worst case adversary

  4. History Impossibility Constraints: • >= 1/3 corrupted processors • deterministic algorithm, 1 crash failure [FLP] Algorithms: [Ben-Or, Bracha] • termination with prob =1 • adaptive adversary • exponential expected running time [KKKSS] • termination/correctness with prob 1 – o(1) • non-adaptive adversary • polylogarithmicrunning time

  5. Landscape of possible algorithms? L Las Vegas polytime algorithm? [Ben-Or, Bracha] ??? L Adaptive adversary polytime algorithm? [KKKSS]

  6. Our Result [Ben-Or, Bracha]

  7. Simple Algorithm Recipe One Round: broadcast b Repeat validate set of responses = S Compute b’ = N(S) bit b b’ Randomized function

  8. Ben-Or, Bracha Algorithms S = Set of bits • overwhelming majority • strong majority • mixed Decide Fix b’ to majority Define b’ randomly

  9. Why Exponential Time? S: mostly 0 . . . . . . . . mixed . . . . . . . . . mostly 1 Decide 0 Fix 0 Random Fix 1 Decide 1 Exponential Loop! ± O(

  10. Generalizing the Algorithm Recipe Round i: broadcast b broadcast v validate set of responses = S i Compute v’ = N(S1, S2, … ,Si ) Compute b’ = N(S) bit b value v S1 , S2 , …, Si Randomized function with constant size range Randomized function

  11. Key Restrictions • S1, . . . , Siare considered as sets • N(S1 , . . . , Si) chooses randomly from • a constant number of possible values - messages divorced from senders - values themselves can vary

  12. How to Prove Exponential Time? Classic strategy: Chain of executions, each execution of exponential length Not deciding! Execution deciding 1 Execution deciding 0 Indistinguishable to some uncorrupted processor

  13. Challenge for Randomized Algorithms Any single execution may be unlikely Takes a class of executions to add up to constant probability

  14. Execution Classes Divide processors into groups S S Class defined by sets per group per round S

  15. Source of Adversary’s Control Suppose Ω(n) processors receive the same sets: S1, S2, . . . , Si S1, S2, . . . , Si S1, S2, . . . , Si . . . . . . N(S1 , . . . , Si) N(S1 , . . . , Si) N(S1 , . . . , Si) Independent samples from same distribution

  16. Chernoff Bound . . .

  17. Adversary Can Match Expectations S1, S2, . . . , Si Output = Expectation [N(S1, … , Si)]

  18. Chain of Execution Classes • Each group kept in sync • Output sets match expectations … Execution class deciding 1 Execution class deciding 0 Execution class Execution class Indistinguishable to some group One of these must be non-deciding

  19. Generating the Chain of Execution Classes E rounds Change group inputs one group at a time: … 1 0 1 0 1 0

  20. Adversary Strategy • adversary divides processors into groups of t • corrupts constant fraction per group • all group members see same message sets • tries to stay in the non-deciding execution class

  21. Adversary’s Success Probability V1, V2, …,Vi S1, S2, … , Si Z1, Z2, … , Zi Output = Expectation With Prob = 1 – 1/exp Output = Expectation With Prob = 1 – 1/exp Output = Expectation With Prob = 1 – 1/exp By Union bound over groups and rounds, # of rounds = Exp with constant probability

  22. Observations • Adversary Strategy : • Only leverages message scheduling • and random coins of bad processors • No hope to detect bad behavior without risk • Impossibility proof crucially leverages: • Received messages treated as sets • Random Variables have bounded support

  23. Open Problems [Ben-Or, Bracha] L Las Vegas polytime algorithm? ??? L Adaptive adversary polytime algorithm? [KKKSS] • Still simple structure, unbounded randomness? • Weaken symmetry in processing received messages?

  24. Thank you! Questions?

More Related