Byzantine agreement (BA), the task of $n$ parties to agree on one of their input bits in the face of malicious agents, is a powerful primitive that lies at the core of a vast range of distributed protocols. Interestingly, in protocols with the best overall communication, the demands of the parties are highly unbalanced: the amortized cost is $\tilde O(1)$ bits per party, but some parties must send $\Omega(n)$ bits. In best known balanced protocols, the overall communication is sub-optimal, with each party communicating $\tilde O(\sqrt{n})$. In this work, we ask whether asymmetry is inherent for optimizing total communication. Our contributions in this line are as follows: 1) We define a cryptographic primitive, succinctly reconstructed distributed signatures (SRDS), that suffices for constructing $\tilde O(1)$ balanced BA. We provide two constructions of SRDS from different cryptographic and Public-Key Infrastructure (PKI) assumptions. 2) The SRDS-based BA follows a paradigm of boosting from "almost-everywhere" agreement to full agreement, and does so in a single round. We prove that PKI setup and cryptographic assumptions are necessary for such protocols in which every party sends $o(n)$ messages. 3) We further explore connections between a natural approach toward attaining SRDS and average-case succinct non-interactive argument systems (SNARGs) for a particular type of NP-Complete problems (generalizing Subset-Sum and Subset-Product). Our results provide new approaches forward, as well as limitations and barriers, towards minimizing per-party communication of BA. In particular, we construct the first two BA protocols with $\tilde O(1)$ balanced communication, offering a tradeoff between setup and cryptographic assumptions, and answering an open question presented by King and Saia (DISC'09).

翻译：拜占庭协议（BA）是n方在恶意代理存在的情况下对其输入比特之一达成一致的任务，是构成大量分布式协议核心的强大原语。有趣的是，在总通信量最优的协议中，各方的通信需求高度不平衡：每方的摊余成本为$\tilde O(1)$比特，但部分方必须发送$\Omega(n)$比特。在已知的最优平衡协议中，总通信量次优，每方通信量为$\tilde O(\sqrt{n})$。本文探究了优化总通信量时不对称性是否必然存在。我们的贡献如下：1）定义了一种密码原语——简洁重构分布式签名（SRDS），足以构建$\tilde O(1)$平衡BA。我们从不同的密码学假设和公钥基础设施（PKI）假设出发，给出了两种SRDS构造。2）基于SRDS的BA遵循从“几乎处处”一致到完全一致的提升范式，且仅需一轮。我们证明，对于每方发送$o(n)$消息的此类协议，PKI设置和密码学假设是必要的。3）进一步探索了实现SRDS的自然方法与针对某一类NP完全问题（推广子集和与子集积）的平均情况简洁非交互式论证系统（SNARG）之间的联系。我们的结果为最小化BA的每方通信量提供了新思路，同时揭示了局限性和障碍。特别地，我们构造了前两个具有$\tilde O(1)$平衡通信的BA协议，在设置和密码学假设之间提供了权衡，并回答了King和Saia（DISC'09）提出的开放问题。