Byzantine agreement (BA) is a fundamental primitive in distributed systems and has received huge interest as an important building block for blockchain systems. Classical byzantine agreement considers a setting where n parties with fixed, known identities want to agree on an output in the presence of an adversary. Motivated by blockchain systems, the assumption of fixed identities is weakened by using a resource-based model. In such models, parties do not have fixed known identities but instead have to invest some expensive resources to participate in the protocol. Prominent examples for such resources are computation (measured by, e.g., proofs-of-work) or money (measured by proofs-of-stake). Unlike in the classical setting where BA without trusted setup (e.g., a PKI or an unpredictable beacon) is impossible for t ≥ n/3tcorruptions, in such resource-based models, BA can be constructed for the optimal threshold of t <n/2. In this work, we investigate BA without a PKI in the model where parties have restricted computational resources. Concretely, we consider sequential computation modeled via computing a verifiable delay function (VDF) and establish the following results: 1.Positive result: We present the first protocol for BA based on VDFs, with expected constant round complexity and termination under adaptive corruption, honest majority and without a PKI.2.Negative result: We give the first lower bound on the communication complexity of BA in a model where parties have restricted computational resources. Concretely, we show that a multicast complexity of O(\n) is necessary even if the parties have access to a VDF-oracle.
Conference on Security and Cryptography for Networks (SCN)
2024-09-10
2024-10-11