This paper studies the message complexity of authenticated Byzantine agreement (BA) in synchronous, fully-connected distributed networks under an honest majority. We focus on the so-called {\em implicit} Byzantine agreement problem where each node starts with an input value and at the end a non-empty subset of the honest nodes should agree on a common input value by satisfying the BA properties (i.e., there can be undecided nodes). We show that a sublinear (in $n$, number of nodes) message complexity BA protocol under honest majority is possible in the standard PKI model when the nodes have access to an unbiased global coin and hash function. In particular, we present a randomized Byzantine agreement algorithm which, with high probability achieves implicit agreement, uses $\tilde{O}(\sqrt{n})$ messages, and runs in $\tilde{O}(1)$ rounds while tolerating $(1/2 - \epsilon)n$ Byzantine nodes for any fixed $\epsilon > 0$, the notation $\Tilde{O}$ hides a $O(\polylog{n})$ factor. The algorithm requires standard cryptographic setup PKI and hash function with a static Byzantine adversary. The algorithm works in the CONGEST model and each node does not need to know the identity of its neighbors, i.e., works in the $KT_0$ model. The message complexity (and also the time complexity) of our algorithm is optimal up to a $\polylog n$ factor, as we show a $\Omega(\sqrt{n})$ lower bound on the message complexity.

翻译：本文研究同步全连接分布式网络在诚实多数假设下认证拜占庭协议（BA）的消息复杂度。我们关注所谓的隐式拜占庭协议问题，其中每个节点初始拥有输入值，最终需满足BA性质（即允许存在未决策节点）使得诚实节点的非空子集就共同输入值达成一致。我们证明在标准PKI模型下，当节点可访问无偏全局硬币和哈希函数时，存在诚实多数场景下具有次线性（相对于节点数n）消息复杂度的BA协议。具体而言，我们提出一种随机化拜占庭协议算法，该算法能以高概率实现隐式一致，使用$\tilde{O}(\sqrt{n})$条消息，在$\tilde{O}(1)$轮内运行，并能容忍任意固定$\epsilon > 0$下$(1/2 - \epsilon)n$个拜占庭节点，其中符号$\Tilde{O}$隐藏了$O(\polylog{n})$因子。该算法需要标准密码学基础设施PKI和哈希函数，且对抗静态拜占庭敌手。算法适用于CONGEST模型，且每个节点无需知晓邻居身份（即适用于$KT_0$模型）。我们的算法在消息复杂度（以及时间复杂度）上达到最优（至多存在$\polylog n$因子偏差），同时证明消息复杂度的下界为$\Omega(\sqrt{n})$。