Is Byzantine agreement for cryptocurrencies n/2 or n/3?
Based on the paper "On Expected Constant-Round Protocols for Byzantine Agreement" by Jonathan Katz,
http://drona.csa.iisc.ernet.in/~arpita/BroadcastBAReadingGroup/KK.pdf
the author devised a Byzantine Agreement protocol using public-key authentication that is tolerant up to n/2 faults. He defines the Byzantine Agreement protocol as:
- All honest parties output the same result (agreement)
- If all honest parties start with the same initial value, they output that same initial value (validity)
This seems to be the same problem that concerns cryptocurrencies, where nodes are unsure which order of transactions to validate (transaction A before transaction B? or transaction B before transaction A?), so they need to reach a byzantine agreement on the ordering of the transactions. Some node may believe transaction A should go first, some believe transaction B, some are byzantine faulty, and the goal of the byzantine agreement protocol is for all the honest nodes to agree on the same ordering.
However, everywhere I read, and according to people much smarter than me, people say that for cryptocurrencies, byzantine consensus can only be reached with at most n/3 faults. An example is the HoneyBadger BFT protocol, which I think seems very well thought out:
https://eprint.iacr.org/2016/199.pdf
So what am I misunderstanding? There seems to be a disconnect to me, so I am sure I am missing something. But according to the paper above, it seems like we can do transaction validation up to n/2 byzantine faults, not n/3?
https://ift.tt/2Hu4JZx
Comments
Post a Comment