# Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement Using Cryptography

@article{Cachin2005RandomOI, title={Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement Using Cryptography}, author={Christian Cachin and Klaus Kursawe and Victor Shoup}, journal={Journal of Cryptology}, year={2005}, volume={18}, pages={219-246} }

AbstractByzantine agreement requires a set of parties in a distributed system to
agree on a value even if some parties are maliciously misbehaving. A new
protocol for Byzantine agreement in a completely asynchronous network is
presented that makes use of new cryptographic protocols, specifically
protocols for threshold signatures and coin-tossing. These cryptographic
protocols have practical and provably secure implementations in the
random oracle model. In particular, a coin-tossing…

## 395 Citations

### Round-Efficient Byzantine Agreement and Multi-Party Computation with Asynchronous Fallback

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2021

Round-eﬀicient constructions for both primitives with optimal resilience are provided: fixed-round and expected constant-round BA protocols, and an MPC protocol whose round complexity is independent of the circuit depth.

### Efficient Asynchronous Byzantine Agreement without Private Setups

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2021

This work presents a systematic treatment of reasonably fair common randomness protocols in the asynchronous network, and gives a reasonably fair random leader election protocol with expected O ( λn 3 ) communication and expected constant rounds.

### Round-Optimal Byzantine Agreement

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2022

This work presents a protocol that matches the lower bound up to constant factors, and is the first protocol that decreases the failure probability (overall) by a super-constant factor per round.

### Practical Asynchronous Distributed Key Generation

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2021

This paper presents a simple and concretely efficient asynchronous DKG (ADKG) protocol, which produces a field element as the secret and is thus compatible with off-the-shelf threshold cryptosystems.

### Distributed Key Generation in the Wild

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2012

This work proposes a practical system model for the Internet and defines an efficient verifiable secret sharing (VSS) scheme in it and designs a provably secure DKG protocol, which is implemented and establishes its efficiency and reliability by extensively testing it on the PlanetLab platform.

### On the Number of Synchronous Rounds Sufficient for Authenticated Byzantine Agreement

- Computer Science, MathematicsDISC
- 2009

This paper shows that, in the model with a public-key infrastructure and signatures (aka authenticated Byzantine agreement), d + O(1) deterministic synchronous rounds are sufficient where d is the minimal integer such that n - d > 3(t - d).

### Almost-Asynchronous MPC under Honest Majority, Revisited

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2021

The novel computation framework that is introduced for (iii), revolves around players denoted as “kings”, which, in contrast to Podc’10, are now replaceable after every elementary step of the computation.

### Combining Asynchronous and Synchronous Byzantine Agreement: The Best of Both Worlds

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2018

The first generic compilers that combine BA protocols under different network and synchrony assumptions and preserve both the efficiency and robustness of their building blocks are given, giving the first efficient protocol for (binary) asynchronous byzantine agreement (ABA) which tolerates adaptive corruptions and matches the communication complexity of the best protocols in the static case.

### Asynchronous Byzantine Agreement with Subquadratic Communication

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2020

This work shows asynchronous BA protocols with (expected) subquadratic communication complexity tolerating an adaptive adversary who can corrupt f ≤ (1− )n/3 of the parties (for any > 0) and shows a secure-computation protocol in the same threat model that has o(n) communication when computing no-input functionalities with short output.

### Specification of Dependable Trusted Third Parties

- Computer Science
- 2003

An architecture for secure service replication in an asynchronous network like the Internet, where a malicious adversary may corrupt some servers and control the network is described, and a randomized asynchronous atomic broadcast protocol is presented that maintains liveness and safety at the same time.

## References

SHOWING 1-10 OF 68 REFERENCES

### An Optimal Probabilistic Protocol for Synchronous Byzantine Agreement

- Computer ScienceSIAM J. Comput.
- 1997

This paper exhibits a protocol that, in probabilistic polynomial time and without relying on any external trusted party, reaches Byzantine agreement in an expected constant number of rounds and in the worst natural fault model.

### Optimistic Asynchronous Byzantine Agreement

- Computer Science
- 1999

The optimistic approach to the Byzantine agreement problem is proposed, combining the eÆciency of fully synchronous protocols with the robustness of asynchronous ones, giving a maximum of security while being more e Æcient than most (less secure) protocols.

### An asynchronous protocol for distributed computation of RSA inverses and its applications

- Computer Science, MathematicsPODC '03
- 2003

An efficient asynchronous protocol to compute RSA inverses with respect to a public RSA modulus N whose factorization is secret and shared among a group of parties, without the use of random oracles is presented.

### Optimistic Byzantine agreement

- Computer Science21st IEEE Symposium on Reliable Distributed Systems, 2002. Proceedings.
- 2002

An optimized version of the randomized Byzantine agreement protocol of Cachin et al. (2000) is presented, which is computationally less expensive and not only tolerates malicious parties, but also some loss of messages; it might therefore be of independent interest.

### Secure INtrusion-Tolerant Replication on the Internet

- Computer ScienceProceedings International Conference on Dependable Systems and Networks
- 2002

The implementation of SINTRA in Java is described and timing measurements are given for a test-bed of servers distributed over three continents, showing that extensive use of public-key cryptography does not impose a large overhead for secure coordination in wide-area networks.

### Authenticated Algorithms for Byzantine Agreement

- Computer ScienceSIAM J. Comput.
- 1983

This paper presents algorithms for reaching agreement based on authentication that require a total number of messages sent by correctly operating processors that is polynomial in both t and the number of processors, n.

### Provably secure session key distribution: the three party case

- Computer Science, MathematicsSTOC '95
- 1995

This paper provides the first treatment of session key distribution in the three-party setting of Needham and Schroeder in the complexity-theoretic framework of modern cryptography, assuming the (minimal) assumption of a pseudorandom function.

### An Efficient Threshold Public Key Cryptosystem Secure Against Adaptive Chosen Ciphertext Attack

- Computer Science, MathematicsEUROCRYPT
- 1999

This paper proposes a simple threshold Public-Key Cryptosystem (PKC) which is secure against adaptive chosen ciphertext attack, under the Decisional Diffie-Hellman (DDH) intractability assumption.…

### Random oracles are practical: a paradigm for designing efficient protocols

- Computer Science, MathematicsCCS '93
- 1993

It is argued that the random oracles model—where all parties have access to a public random oracle—provides a bridge between cryptographic theory and cryptographic practice, and yields protocols much more efficient than standard ones while retaining many of the advantages of provable security.

### Randomized distributed agreement revisited

- Computer ScienceFTCS-23 The Twenty-Third International Symposium on Fault-Tolerant Computing
- 1993

The authors present a succint and efficient randomized distributed agreement protocol for asynchronous networks that works for n > 5t processors, where n is the size of the network and the protocol has low communication complexity and does not require any cryptographic assumption.