Synchronous Consensus with Optimal Asynchronous Fallback Guarantees

  • Erica Blum
  • Jonathan KatzEmail author
  • Julian Loss
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11891)


Typically, protocols for Byzantine agreement (BA) are designed to run in either a synchronous network (where all messages are guaranteed to be delivered within some known time \(\varDelta \) from when they are sent) or an asynchronous network (where messages may be arbitrarily delayed). Protocols designed for synchronous networks are generally insecure if the network in which they run does not ensure synchrony; protocols designed for asynchronous networks are (of course) secure in a synchronous setting as well, but in that case tolerate a lower fraction of faults than would have been possible if synchrony had been assumed from the start.

Fix some number of parties n, and \(0< t_a< n/3 \le t_s < n/2\). We ask whether it is possible (given a public-key infrastructure) to design a BA protocol that is resilient to (1) \(t_s\) corruptions when run in a synchronous network and (2) \(t_a\) faults even if the network happens to be asynchronous. We show matching feasibility and infeasibility results demonstrating that this is possible if and only if \(t_a + 2\cdot t_s < n\).



Julian Loss was supported by ERC Project ERCC (FP7/615074).


  1. 1.
    Abraham, I., Dolev, D., Halpern, J.Y.: An almost-surely terminating polynomial protocol for asynchronous Byzantine agreement with optimal resilience. In: 27th Annual ACM Symposium on Principles of Distributed Computing (PODC), pp. 405–414. ACM Press (2008)Google Scholar
  2. 2.
    Abraham, I., Malkhi, D., Nayak, K., Ren, L., Yin, M.: Sync HotStuff: simple and practical synchronous state machine replication (2019).
  3. 3.
    Beerliová-Trubíniová, Z., Hirt, M., Nielsen, J.B.: On the theoretical gap between synchronous and asynchronous MPC protocols. In: 29th Annual ACM Symposium on Principles of Distributed Computing (PODC), pp. 211–218. ACM Press (2010)Google Scholar
  4. 4.
    Cachin, C., Kursawe, K., Shoup, V.: Random oracles in Constantinople: practical asynchronous Byzantine agreement using cryptography. J. Cryptology 18(3), 219–246 (2005)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Canetti, R., Rabin, T.: Fast asynchronous Byzantine agreement with optimal resilience. In: 25th Annual ACM Symposium on Theory of Computing (STOC), pp. 42–51. ACM Press (1993)Google Scholar
  6. 6.
    Castro, M., Liskov, B.: Practical Byzantine fault tolerance and proactive recovery. ACM Trans. Comput. Syst. 20(4), 398–461 (2002)CrossRefGoogle Scholar
  7. 7.
    Damgård, I., Geisler, M., Krøigaard, M., Nielsen, J.B.: Asynchronous multiparty computation: theory and implementation. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 160–179. Springer, Heidelberg (2009). Scholar
  8. 8.
    Dolev, D., Strong, H.R.: Authenticated algorithms for Byzantine agreement. SIAM J. Comput. 12(4), 656–666 (1983)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Feldman, P., Micali, S.: An optimal probabilistic protocol for synchronous Byzantine agreement. SIAM J. Comput. 26(4), 873–933 (1997)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Fischer, M.J., Lynch, N.A., Paterson, M.: Impossibility of distributed consensus with one faulty process. J. ACM 32(2), 374–382 (1985)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Fitzi, M., Hirt, M., Holenstein, T., Wullschleger, J.: Two-threshold broadcast and detectable multi-party computation. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 51–67. Springer, Heidelberg (2003). Scholar
  12. 12.
    Fitzi, M., Nielsen, J.B.: On the number of synchronous rounds sufficient for authenticated byzantine agreement. In: Keidar, I. (ed.) DISC 2009. LNCS, vol. 5805, pp. 449–463. Springer, Heidelberg (2009). Scholar
  13. 13.
    Garay, J.A., Katz, J., Kumaresan, R., Zhou, H.-S.: Adaptively secure broadcast, revisited. In: 30th Annual ACM Symposium on Principles of Distributed Computing (PODC), pp. 179–186. ACM Press (2011)Google Scholar
  14. 14.
    Gilad, Y., Hemo, R., Micali, S., Vlachos, G., Zeldovich, N.: Algorand: scaling Byzantine agreements for cryptocurrencies (2017).
  15. 15.
    Goldwasser, S., Lindell, Y.: Secure multi-party computation without agreement. J. Cryptology 18(3), 247–287 (2005)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Guo, Y., Pass, R., Shi, E.: Synchronous, with a chance of partition tolerance. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11692, pp. 499–529. Springer, Cham (2019). Scholar
  17. 17.
    Hanke, T., Movahedi, M., Williams, D.: Dfinity technology overview series consensus system, rev. 1 (2018).
  18. 18.
    Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on Bitcoin’s peer-to-peer network. In: 24th USENIX Security Symposium, pp. 129–144. USENIX Association (2015)Google Scholar
  19. 19.
    Hirt, M., Zikas, V.: Adaptively secure broadcast. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 466–485. Springer, Heidelberg (2010). Scholar
  20. 20.
    Katz, J., Koo, C.-Y.: On expected constant-round protocols for Byzantine agreement. J. Comput. Syst. Sci. 75(2), 91–112 (2009)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Kotla, R., Alvisi, L., Dahlin, M., Clement, A., Wong, E.L.: Zyzzyva: speculative Byzantine fault tolerance. ACM Trans. Comput. Syst. 27(4), 7:1–7:39 (2009)CrossRefGoogle Scholar
  22. 22.
    Kursawe, K.: Optimistic Byzantine agreement. In: 21st Symposium on Reliable Distributed Systems (SRDS), pp. 262–267. IEEE Computer Society (2002)Google Scholar
  23. 23.
    Lamport, L.: The part-time parliament. Technical Report 49, DEC Systems Research Center (1989)Google Scholar
  24. 24.
    Lamport, L., Shostak, R.E., Pease, M.C.: The Byzantine generals problem. ACM Trans. Program. Lang. Syst. 4(3), 382–401 (1982)CrossRefGoogle Scholar
  25. 25.
    Liu, S., Viotti, P., Cachin, C., Quéma, V., Vukolic, M.: XFT: practical fault tolerance beyond crashes. In: 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pp. 485–500. USENIX Association (2016)Google Scholar
  26. 26.
    Liu-Zhang, C.-D., Loss, J., Moran, T., Maurer, U., Tschudi, D.: Robust MPC: asynchronous responsiveness yet synchronous security (2019).
  27. 27.
    Loss, J., Moran, T.: Combining asynchronous and synchronous Byzantine agreement: the best of both worlds (2018).
  28. 28.
    Malkhi, D., Nayak, K., Ren, L.: Flexible Byzantine fault tolerance (2019).
  29. 29.
    Mostéfaoui, A., Moumen, H., Raynal, M.: Signature-free asynchronous binary Byzantine consensus with \(t<n/3\), \(O(n^2)\) messages, and \(O(1)\) expected time. J. ACM 62(4), 31:1–31:21 (2015)MathSciNetCrossRefGoogle Scholar
  30. 30.
    Ongaro, D., Ousterhout, J.K.: In search of an understandable consensus algorithm. In: USENIX Annual Technical Conference, pp. 305–319. USENIX Association (2014)Google Scholar
  31. 31.
    Pass, R., Shi, E.: Hybrid consensus: efficient consensus in the permissionless model. In: 31st International Symposium on Distributed Computing (DISC), volume 91 of LIPIcs, pp. 39:1–39:16. Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik (2017)Google Scholar
  32. 32.
    Pass, R., Shi, E.: Thunderella: blockchains with optimistic instant confirmation. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 3–33. Springer, Cham (2018). Scholar
  33. 33.
    Patra, A., Choudhary, A., Pandu Rangan, C.: Simple and efficient asynchronous byzantine agreement with optimal resilience. In: 28th Annual ACM Symposium on Principles of Distributed Computing (PODC), pp. 92–101. ACM Press (2009)Google Scholar
  34. 34.
    Patra, A., Ravi, D.: On the power of hybrid networks in multi-party computation. IEEE Trans. Inf. Theory 64(6), 4207–4227 (2018)MathSciNetCrossRefGoogle Scholar
  35. 35.
    Pease, M., Shostak, R.E., Lamport, L.: Reaching agreement in the presence of faults. J. ACM 27(2), 228–234 (1980)MathSciNetCrossRefGoogle Scholar
  36. 36.
    Toueg, S.: Randomized Byzantine agreements. In: 3rd Annual ACM Symposium on Principles of Distributed Computing (PODC), pp. 163–178. ACM Press (1984)Google Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of MarylandCollege ParkUSA
  2. 2.Department of Computer ScienceGeorge Mason UniversityFairfaxUSA
  3. 3.Ruhr University BochumBochumGermany

Personalised recommendations