Byzantine agreement in polynomial time with near-optimal resilience

Abstract

It has been known since the early 1980s that Byzantine Agreement in the full information, asynchronous model is impossible to solve deterministically against even one crash fault [FLP85], but that it can be solved with probability 1 [Ben83], even against an adversary that controls the scheduling of all messages and corrupts up to $f<n/3$ players [Bra87]. The main downside of [Ben83, Bra87] is that they terminate in $2^{\Theta(n)}$ rounds in expectation whenever $f=\Theta(n)$. King and Saia [KS16, KS18(arXiv:1812.10169)] developed a polynomial protocol (polynomial rounds, polynomial computation) that is resilient to $f < (1.14\times 10^{-9})n$ Byzantine faults. The new idea in their protocol is to detect -- and blacklist -- coalitions of likely-bad players by analyzing the deviations of random variables generated by those players over many rounds. In this work we design a simple collective coin-flipping protocol such that if any coalition of faulty players repeatedly does not follow protocol, then they will eventually be detected by one of two simple statistical tests. Using this coin-flipping protocol, we solve Byzantine Agreement in a polynomial number of rounds, even in the presence of up to $f<n/4$ Byzantine faults. This comes close to the $f<n/3$ upper bound on the maximum number of faults [BT85,FLM86,LSP82].