# Synchronous Consensus with Optimal Asynchronous Fallback Guarantees

## Abstract

Typically, protocols for Byzantine agreement (BA) are designed to run in either a *synchronous* network (where all messages are guaranteed to be delivered within some known time \(\varDelta \) from when they are sent) or an *asynchronous* network (where messages may be arbitrarily delayed). Protocols designed for synchronous networks are generally insecure if the network in which they run does not ensure synchrony; protocols designed for asynchronous networks are (of course) secure in a synchronous setting as well, but in that case tolerate a lower fraction of faults than would have been possible if synchrony had been assumed from the start.

Fix some number of parties *n*, and \(0< t_a< n/3 \le t_s < n/2\). We ask whether it is possible (given a public-key infrastructure) to design a BA protocol that is resilient to (1) \(t_s\) corruptions when run in a synchronous network and (2) \(t_a\) faults even if the network happens to be asynchronous. We show matching feasibility and infeasibility results demonstrating that this is possible if and only if \(t_a + 2\cdot t_s < n\).

## Notes

### Acknowledgments

Julian Loss was supported by ERC Project ERCC (FP7/615074).

## References

- 1.Abraham, I., Dolev, D., Halpern, J.Y.: An almost-surely terminating polynomial protocol for asynchronous Byzantine agreement with optimal resilience. In: 27th Annual ACM Symposium on Principles of Distributed Computing (PODC), pp. 405–414. ACM Press (2008)Google Scholar
- 2.Abraham, I., Malkhi, D., Nayak, K., Ren, L., Yin, M.: Sync HotStuff: simple and practical synchronous state machine replication (2019). http://eprint.iacr.org/2019/270
- 3.Beerliová-Trubíniová, Z., Hirt, M., Nielsen, J.B.: On the theoretical gap between synchronous and asynchronous MPC protocols. In: 29th Annual ACM Symposium on Principles of Distributed Computing (PODC), pp. 211–218. ACM Press (2010)Google Scholar
- 4.Cachin, C., Kursawe, K., Shoup, V.: Random oracles in Constantinople: practical asynchronous Byzantine agreement using cryptography. J. Cryptology
**18**(3), 219–246 (2005)MathSciNetCrossRefGoogle Scholar - 5.Canetti, R., Rabin, T.: Fast asynchronous Byzantine agreement with optimal resilience. In: 25th Annual ACM Symposium on Theory of Computing (STOC), pp. 42–51. ACM Press (1993)Google Scholar
- 6.Castro, M., Liskov, B.: Practical Byzantine fault tolerance and proactive recovery. ACM Trans. Comput. Syst.
**20**(4), 398–461 (2002)CrossRefGoogle Scholar - 7.Damgård, I., Geisler, M., Krøigaard, M., Nielsen, J.B.: Asynchronous multiparty computation: theory and implementation. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 160–179. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00468-1_10CrossRefGoogle Scholar
- 8.Dolev, D., Strong, H.R.: Authenticated algorithms for Byzantine agreement. SIAM J. Comput.
**12**(4), 656–666 (1983)MathSciNetCrossRefGoogle Scholar - 9.Feldman, P., Micali, S.: An optimal probabilistic protocol for synchronous Byzantine agreement. SIAM J. Comput.
**26**(4), 873–933 (1997)MathSciNetCrossRefGoogle Scholar - 10.Fischer, M.J., Lynch, N.A., Paterson, M.: Impossibility of distributed consensus with one faulty process. J. ACM
**32**(2), 374–382 (1985)MathSciNetCrossRefGoogle Scholar - 11.Fitzi, M., Hirt, M., Holenstein, T., Wullschleger, J.: Two-threshold broadcast and detectable multi-party computation. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 51–67. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_4CrossRefGoogle Scholar
- 12.Fitzi, M., Nielsen, J.B.: On the number of synchronous rounds sufficient for authenticated byzantine agreement. In: Keidar, I. (ed.) DISC 2009. LNCS, vol. 5805, pp. 449–463. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04355-0_46CrossRefGoogle Scholar
- 13.Garay, J.A., Katz, J., Kumaresan, R., Zhou, H.-S.: Adaptively secure broadcast, revisited. In: 30th Annual ACM Symposium on Principles of Distributed Computing (PODC), pp. 179–186. ACM Press (2011)Google Scholar
- 14.Gilad, Y., Hemo, R., Micali, S., Vlachos, G., Zeldovich, N.: Algorand: scaling Byzantine agreements for cryptocurrencies (2017). http://eprint.iacr.org/2017/454
- 15.Goldwasser, S., Lindell, Y.: Secure multi-party computation without agreement. J. Cryptology
**18**(3), 247–287 (2005)MathSciNetCrossRefGoogle Scholar - 16.Guo, Y., Pass, R., Shi, E.: Synchronous, with a chance of partition tolerance. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11692, pp. 499–529. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26948-7_18CrossRefGoogle Scholar
- 17.Hanke, T., Movahedi, M., Williams, D.: Dfinity technology overview series consensus system, rev. 1 (2018). https://dfinity.org/faq
- 18.Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on Bitcoin’s peer-to-peer network. In: 24th USENIX Security Symposium, pp. 129–144. USENIX Association (2015)Google Scholar
- 19.Hirt, M., Zikas, V.: Adaptively secure broadcast. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 466–485. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_24CrossRefGoogle Scholar
- 20.Katz, J., Koo, C.-Y.: On expected constant-round protocols for Byzantine agreement. J. Comput. Syst. Sci.
**75**(2), 91–112 (2009)MathSciNetCrossRefGoogle Scholar - 21.Kotla, R., Alvisi, L., Dahlin, M., Clement, A., Wong, E.L.: Zyzzyva: speculative Byzantine fault tolerance. ACM Trans. Comput. Syst.
**27**(4), 7:1–7:39 (2009)CrossRefGoogle Scholar - 22.Kursawe, K.: Optimistic Byzantine agreement. In: 21st Symposium on Reliable Distributed Systems (SRDS), pp. 262–267. IEEE Computer Society (2002)Google Scholar
- 23.Lamport, L.: The part-time parliament. Technical Report 49, DEC Systems Research Center (1989)Google Scholar
- 24.Lamport, L., Shostak, R.E., Pease, M.C.: The Byzantine generals problem. ACM Trans. Program. Lang. Syst.
**4**(3), 382–401 (1982)CrossRefGoogle Scholar - 25.Liu, S., Viotti, P., Cachin, C., Quéma, V., Vukolic, M.: XFT: practical fault tolerance beyond crashes. In: 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pp. 485–500. USENIX Association (2016)Google Scholar
- 26.Liu-Zhang, C.-D., Loss, J., Moran, T., Maurer, U., Tschudi, D.: Robust MPC: asynchronous responsiveness yet synchronous security (2019). http://eprint.iacr.org/2019/159
- 27.Loss, J., Moran, T.: Combining asynchronous and synchronous Byzantine agreement: the best of both worlds (2018). http://eprint.iacr.org/2018/235
- 28.Malkhi, D., Nayak, K., Ren, L.: Flexible Byzantine fault tolerance (2019). https://arxiv.org/abs/1904.10067
- 29.Mostéfaoui, A., Moumen, H., Raynal, M.: Signature-free asynchronous binary Byzantine consensus with \(t<n/3\), \(O(n^2)\) messages, and \(O(1)\) expected time. J. ACM
**62**(4), 31:1–31:21 (2015)MathSciNetCrossRefGoogle Scholar - 30.Ongaro, D., Ousterhout, J.K.: In search of an understandable consensus algorithm. In: USENIX Annual Technical Conference, pp. 305–319. USENIX Association (2014)Google Scholar
- 31.Pass, R., Shi, E.: Hybrid consensus: efficient consensus in the permissionless model. In: 31st International Symposium on Distributed Computing (DISC), volume 91 of LIPIcs, pp. 39:1–39:16. Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik (2017)Google Scholar
- 32.Pass, R., Shi, E.: Thunderella: blockchains with optimistic instant confirmation. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 3–33. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_1CrossRefGoogle Scholar
- 33.Patra, A., Choudhary, A., Pandu Rangan, C.: Simple and efficient asynchronous byzantine agreement with optimal resilience. In: 28th Annual ACM Symposium on Principles of Distributed Computing (PODC), pp. 92–101. ACM Press (2009)Google Scholar
- 34.Patra, A., Ravi, D.: On the power of hybrid networks in multi-party computation. IEEE Trans. Inf. Theory
**64**(6), 4207–4227 (2018)MathSciNetCrossRefGoogle Scholar - 35.Pease, M., Shostak, R.E., Lamport, L.: Reaching agreement in the presence of faults. J. ACM
**27**(2), 228–234 (1980)MathSciNetCrossRefGoogle Scholar - 36.Toueg, S.: Randomized Byzantine agreements. In: 3rd Annual ACM Symposium on Principles of Distributed Computing (PODC), pp. 163–178. ACM Press (1984)Google Scholar