{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,12]],"date-time":"2026-02-12T17:36:12Z","timestamp":1770917772121,"version":"3.50.1"},"reference-count":44,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2020,5,18]],"date-time":"2020-05-18T00:00:00Z","timestamp":1589760000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"SERB Women Excellence Award from Science and Engineering Research Board of India"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["J. ACM"],"published-print":{"date-parts":[[2020,6,30]]},"abstract":"\n The problem of Byzantine Agreement (BA) is of interest to both the distributed computing and cryptography communities. Following well-known results from distributed computing literature, the BA problem in the\n asynchronous<\/jats:italic>\n network setting encounters inevitable non-termination issues. The impasse is overcome via randomization that allows construction of BA protocols in two flavors of termination guarantee\u2014with overwhelming probability and with probability one. The latter type, termed as\n almost-surely terminating<\/jats:italic>\n BA, is the main focus of this article. An eluding problem in the domain of almost-surely terminating BA is achieving a constant expected running time. Our primary contribution in this work makes significant progress in this direction.\n <\/jats:p>\n \n In a setting with\n n<\/jats:italic>\n parties and an adversary with\n unbounded<\/jats:italic>\n computing power controlling at most\n t<\/jats:italic>\n parties in a Byzantine fashion, we present two almost-surely terminating BA protocols in the asynchronous setting:\n <\/jats:p>\n \n \u25cb With the\n optimal resilience<\/jats:italic>\n of\n t<\/jats:italic>\n <\n n<\/jats:italic>\n \/3, our first protocol runs for an expected\n O<\/jats:italic>\n (\n n<\/jats:italic>\n ) time. The existing protocols in the same setting either run for an expected\n O<\/jats:italic>\n (\n n<\/jats:italic>\n 2<\/jats:sup>\n ) time (Abraham et al., PODC 2008) or require exponential computing power from the honest parties (Wang, CoRR 2015). In terms of communication complexity, our construction outperforms all the known constructions with\n t<\/jats:italic>\n <\n n<\/jats:italic>\n \/3 that offer almost-surely terminating feature.\n <\/jats:p>\n \n \u25cb With the resilience of\n t<\/jats:italic>\n <\n n<\/jats:italic>\n \/3 + \u03f5 for\n any<\/jats:italic>\n \u03f5 > 0, our second protocol runs for an expected\n O<\/jats:italic>\n (1\/\u03f5) time. The expected running time of our protocol turns constant when \u03f5 is a constant fraction. The known constructions with a constant expected running time either require \u03f5 to be at least 1 (Feldman-Micali, STOC 1988 and Patra-Pandu Rangan, PODC 2010), implying\n t<\/jats:italic>\n <\n n<\/jats:italic>\n \/4, or call for exponential computing power from the parties (Wang, CoRR 2015).\n <\/jats:p>\n \n We follow the traditional route of building BA via common coin protocol that in turn reduces to\n Asynchronous Verifiable Secret-Sharing<\/jats:italic>\n (AVSS). Our constructions are built on a variant of AVSS that is termed as\n shunning<\/jats:italic>\n . A shunning AVSS fails to offer the properties of AVSS when the corrupt parties strike, but allows the honest parties to\n locally<\/jats:italic>\n detect and shun a set of corrupt parties for any future communication. Our shunning AVSS with\n t<\/jats:italic>\n <\n n<\/jats:italic>\n \/3 and\n t<\/jats:italic>\n <\n n<\/jats:italic>\n \/3 + \u03f5 guarantee \u03a9(\n n<\/jats:italic>\n ) and, respectively, \u03a9(\u03f5\n t<\/jats:italic>\n 2<\/jats:sup>\n ) conflicts to be revealed when failure occurs. Turning this shunning AVSS to a common coin protocol efficiently constitutes yet another contribution of this work.\n <\/jats:p>\n \n As a secondary contribution, we show the power of the shunning technique and present a highly efficient cryptographically secure shunning AVSS, which is used further to design an asynchronous BA protocol with the optimal resilience of\n t<\/jats:italic>\n <\n n<\/jats:italic>\n \/3 in the cryptographic setting. Our construct achieves an amortized expected communication complexity of\n O<\/jats:italic>\n (\n n<\/jats:italic>\n 2<\/jats:sup>\n ) bits for reaching agreement on a single bit while consuming a constant expected running time. This property has been achieved for the first time in the cryptographic setting and that, too, with standard cryptographic assumptions. The best-known existing construction (Cachin et al., CCS 2002), while still needing more communication complexity than ours, is proven secure only in the Random-Oracle Model (ROM).\n <\/jats:p>","DOI":"10.1145\/3388788","type":"journal-article","created":{"date-parts":[[2020,5,22]],"date-time":"2020-05-22T23:48:14Z","timestamp":1590191294000},"page":"1-59","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":12,"title":["The Power of Shunning"],"prefix":"10.1145","volume":"67","author":[{"given":"Laasya","family":"Bangalore","sequence":"first","affiliation":[{"name":"University of Rochester, United States, Wegmans Hall, Rochester, NY"}]},{"given":"Ashish","family":"Choudhury","sequence":"additional","affiliation":[{"name":"International Institute of Information Technology Bangalore, India"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0188-6558","authenticated-orcid":false,"given":"Arpita","family":"Patra","sequence":"additional","affiliation":[{"name":"Indian Institute of Science, Bangalore, India"}]}],"member":"320","published-online":{"date-parts":[[2020,5,18]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Proceedings of the PODC. ACM, 405--414","author":"Abraham I.","unstructured":"I. Abraham , D. Dolev , and J. Y. Halpern . 2008. An almost-surely terminating polynomial protocol for asynchronous Byzantine agreement with optimal resilience . In Proceedings of the PODC. ACM, 405--414 . I. Abraham, D. Dolev, and J. Y. Halpern. 2008. An almost-surely terminating polynomial protocol for asynchronous Byzantine agreement with optimal resilience. In Proceedings of the PODC. ACM, 405--414."},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.5555\/983102"},{"key":"e_1_2_1_3_1","volume-title":"Proceedings of the CT-RSA (Lecture Notes in Computer Science)","volume":"7779","author":"Backes M.","unstructured":"M. Backes , A. Datta , and A. Kate . 2013. Asynchronous computational VSS with reduced communication complexity . In Proceedings of the CT-RSA (Lecture Notes in Computer Science) , Vol. 7779 . Springer, 259--276. M. Backes, A. Datta, and A. Kate. 2013. Asynchronous computational VSS with reduced communication complexity. In Proceedings of the CT-RSA (Lecture Notes in Computer Science), Vol. 7779. Springer, 259--276."},{"key":"e_1_2_1_4_1","volume-title":"Proceedings of the ASIACRYPT (Lecture Notes in Computer Science)","volume":"7073","author":"Backes M.","unstructured":"M. Backes , A. Kate , and A. Patra . 2011. Computational verifiable secret sharing revisited . In Proceedings of the ASIACRYPT (Lecture Notes in Computer Science) , Vol. 7073 . Springer, 590--609. M. Backes, A. Kate, and A. Patra. 2011. Computational verifiable secret sharing revisited. In Proceedings of the ASIACRYPT (Lecture Notes in Computer Science), Vol. 7073. Springer, 590--609."},{"key":"e_1_2_1_5_1","volume-title":"Proceedings of the TCC (Lecture Notes in Computer Science)","volume":"4948","author":"Beerliov\u00e1-Trub\u00edniov\u00e1 Z.","unstructured":"Z. Beerliov\u00e1-Trub\u00edniov\u00e1 and M. Hirt . 2008. Perfectly-secure MPC with linear communication complexity . In Proceedings of the TCC (Lecture Notes in Computer Science) , Vol. 4948 . Springer Verlag, 213--230. Z. Beerliov\u00e1-Trub\u00edniov\u00e1 and M. Hirt. 2008. Perfectly-secure MPC with linear communication complexity. In Proceedings of the TCC (Lecture Notes in Computer Science), Vol. 4948. Springer Verlag, 213--230."},{"key":"e_1_2_1_6_1","volume-title":"Proceedings of the CCS. ACM, 62--73","author":"Bellare M.","unstructured":"M. Bellare and P. Rogaway . 1993. Random oracles are practical: A paradigm for designing efficient protocols . In Proceedings of the CCS. ACM, 62--73 . M. Bellare and P. Rogaway. 1993. Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the CCS. ACM, 62--73."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/800221.806707"},{"key":"e_1_2_1_8_1","volume-title":"Proceedings of the STOC, J. Simon (Ed.). ACM, 1--10","author":"Ben-Or M.","unstructured":"M. Ben-Or , S. Goldwasser , and A. Wigderson . 1988. Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract) . In Proceedings of the STOC, J. Simon (Ed.). ACM, 1--10 . M. Ben-Or, S. Goldwasser, and A. Wigderson. 1988. Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In Proceedings of the STOC, J. Simon (Ed.). ACM, 1--10."},{"key":"e_1_2_1_9_1","volume-title":"Proceedings of the STOC. ACM, 179--186","author":"Ben-Or M.","unstructured":"M. Ben-Or , E. Pavlov , and V. Vaikuntanathan . 2006. Byzantine agreement in the full-information model in O(log n) rounds . In Proceedings of the STOC. ACM, 179--186 . M. Ben-Or, E. Pavlov, and V. Vaikuntanathan. 2006. Byzantine agreement in the full-information model in O(log n) rounds. In Proceedings of the STOC. ACM, 179--186."},{"key":"e_1_2_1_10_1","volume-title":"Proceedings of the EUROCRYPT (Lecture Notes in Computer Science)","volume":"3027","author":"Boneh D.","unstructured":"D. Boneh and X. Boyen . 2004. Short signatures without random oracles . In Proceedings of the EUROCRYPT (Lecture Notes in Computer Science) , Vol. 3027 . Springer, 56--73. D. Boneh and X. Boyen. 2004. Short signatures without random oracles. In Proceedings of the EUROCRYPT (Lecture Notes in Computer Science), Vol. 3027. Springer, 56--73."},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/800222.806743"},{"key":"e_1_2_1_12_1","volume-title":"Proceedings of the CCS. ACM, 88--97","author":"Cachin C.","unstructured":"C. Cachin , K. Kursawe , A. Lysyanskaya , and R. Strobl . 2002. Asynchronous verifiable secret sharing and proactive cryptosystems . In Proceedings of the CCS. ACM, 88--97 . C. Cachin, K. Kursawe, A. Lysyanskaya, and R. Strobl. 2002. Asynchronous verifiable secret sharing and proactive cryptosystems. In Proceedings of the CCS. ACM, 88--97."},{"key":"e_1_2_1_13_1","volume-title":"Proceedings of the PODC. ACM, 123--132","author":"Cachin C.","unstructured":"C. Cachin , K. Kursawe , and V. Shoup . 2000. Random oracles in Constantipole: Practical asynchronous Byzantine agreement using cryptography (extended abstract) . In Proceedings of the PODC. ACM, 123--132 . C. Cachin, K. Kursawe, and V. Shoup. 2000. Random oracles in Constantipole: Practical asynchronous Byzantine agreement using cryptography (extended abstract). In Proceedings of the PODC. ACM, 123--132."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-005-0318-0"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1008731.1008734"},{"key":"e_1_2_1_17_1","volume-title":"Proceedings of the STOC. 42--51","author":"Canetti R.","unstructured":"R. Canetti and T. Rabin . 1993. Fast asynchronous Byzantine agreement with optimal resilience . In Proceedings of the STOC. 42--51 . R. Canetti and T. Rabin. 1993. Fast asynchronous Byzantine agreement with optimal resilience. In Proceedings of the STOC. 42--51."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.1985.232245"},{"key":"e_1_2_1_19_1","doi-asserted-by":"crossref","unstructured":"R. Cramer and I. Damg\u00e5rd. 2005. Multiparty Computation an Introduction. Contemporary Cryptography. Birkh\u00e5user Basel. R. Cramer and I. Damg\u00e5rd. 2005. Multiparty Computation an Introduction. Contemporary Cryptography. Birkh\u00e5user Basel.","DOI":"10.1007\/3-7643-7394-6_2"},{"key":"e_1_2_1_20_1","doi-asserted-by":"crossref","unstructured":"R. Cramer I. Damg\u00e5rd and J. B. Nielsen. 2015. Secure Multiparty Computation and Secret Sharing. Cambridge University Press. R. Cramer I. Damg\u00e5rd and J. B. Nielsen. 2015. Secure Multiparty Computation and Secret Sharing. Cambridge University Press.","DOI":"10.1017\/CBO9781107337756"},{"key":"e_1_2_1_21_1","volume-title":"Proceedings of the CRYPTO (Lecture Notes in Computer Science)","volume":"4622","author":"Damg\u00e5rd I.","unstructured":"I. Damg\u00e5rd and J. B. Nielsen . 2007. Scalable and unconditionally secure multiparty computation . In Proceedings of the CRYPTO (Lecture Notes in Computer Science) , Vol. 4622 . Springer Verlag, 572--590. I. Damg\u00e5rd and J. B. Nielsen. 2007. Scalable and unconditionally secure multiparty computation. In Proceedings of the CRYPTO (Lecture Notes in Computer Science), Vol. 4622. Springer Verlag, 572--590."},{"key":"e_1_2_1_22_1","volume-title":"Proceedings of the STOC. ACM, 148--161","author":"Feldman P.","unstructured":"P. Feldman and S. Micali . 1988. Optimal algorithms for Byzantine agreement . In Proceedings of the STOC. ACM, 148--161 . P. Feldman and S. Micali. 1988. Optimal algorithms for Byzantine agreement. In Proceedings of the STOC. ACM, 148--161."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3149.214121"},{"key":"e_1_2_1_25_1","volume-title":"Proceedings of the STOC. ACM, 699--710","author":"Franklin M. K.","unstructured":"M. K. Franklin and M. Yung . 1992. Communication complexity of secure computation (extended abstract) . In Proceedings of the STOC. ACM, 699--710 . M. K. Franklin and M. Yung. 1992. Communication complexity of secure computation (extended abstract). In Proceedings of the STOC. ACM, 699--710."},{"key":"e_1_2_1_26_1","volume-title":"Proceedings of the PODC. ACM, 101--111","author":"Gennaro R.","unstructured":"R. Gennaro , M. O. Rabin , and T. Rabin . 1998. Simplified VSS and fact-track multiparty computations with applications to threshold cryptography . In Proceedings of the PODC. ACM, 101--111 . R. Gennaro, M. O. Rabin, and T. Rabin. 1998. Simplified VSS and fact-track multiparty computations with applications to threshold cryptography. In Proceedings of the PODC. ACM, 101--111."},{"key":"e_1_2_1_27_1","volume-title":"The Foundations of Cryptography -","author":"Goldreich O.","unstructured":"O. Goldreich . 2004. The Foundations of Cryptography - Volume 2 , Basic Applications. Cambridge University Press . O. Goldreich. 2004. The Foundations of Cryptography - Volume 2, Basic Applications. Cambridge University Press."},{"key":"e_1_2_1_28_1","volume-title":"Proceedings of the STOC. ACM, 218--229","author":"Goldreich O.","unstructured":"O. Goldreich , S. Micali , and A. Wigderson . 1987. How to play any mental game or a completeness theorem for protocols with honest majority . In Proceedings of the STOC. ACM, 218--229 . O. Goldreich, S. Micali, and A. Wigderson. 1987. How to play any mental game or a completeness theorem for protocols with honest majority. In Proceedings of the STOC. ACM, 218--229."},{"key":"e_1_2_1_29_1","volume-title":"Proceedings of the CCS. ACM, 430--443","author":"Grassi L.","unstructured":"L. Grassi , C. Rechberger , D. Rotaru , P. Scholl , and N. P. Smart . 2016. MPC-friendly symmetric key primitives . In Proceedings of the CCS. ACM, 430--443 . L. Grassi, C. Rechberger, D. Rotaru, P. Scholl, and N. P. Smart. 2016. MPC-friendly symmetric key primitives. In Proceedings of the CCS. ACM, 430--443."},{"key":"e_1_2_1_30_1","unstructured":"J. A. Garay and A. Kiayias. 2018. SoK: A Consensus Taxonomy in the Blockchain Era. IACR Cryptology ePrint Archive. Report number 754. https:\/\/eprint.iacr.org\/2018\/754. J. A. Garay and A. Kiayias. 2018. SoK: A Consensus Taxonomy in the Blockchain Era. IACR Cryptology ePrint Archive. Report number 754. https:\/\/eprint.iacr.org\/2018\/754."},{"key":"e_1_2_1_31_1","volume-title":"Proceedings of the ASIACRYPT (Lecture Notes in Computer Science)","volume":"6477","author":"Kate A.","unstructured":"A. Kate , G. M. Zaverucha , and I. Goldberg . 2010. Constant-size commitments to polynomials and their applications . In Proceedings of the ASIACRYPT (Lecture Notes in Computer Science) , Vol. 6477 . Springer, 177--194. A. Kate, G. M. Zaverucha, and I. Goldberg. 2010. Constant-size commitments to polynomials and their applications. In Proceedings of the ASIACRYPT (Lecture Notes in Computer Science), Vol. 6477. Springer, 177--194."},{"key":"e_1_2_1_32_1","doi-asserted-by":"crossref","unstructured":"J. Katz and Y. Lindell. 2014. Introduction to Modern Cryptography Second Edition. CRC Press. J. Katz and Y. Lindell. 2014. Introduction to Modern Cryptography Second Edition. CRC Press.","DOI":"10.1201\/b17668"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2837019"},{"key":"e_1_2_1_34_1","unstructured":"N. A. Lynch. 1996. Distributed Algorithms. Morgan Kaufmann. N. A. Lynch. 1996. Distributed Algorithms. Morgan Kaufmann."},{"key":"e_1_2_1_35_1","volume-title":"The Theory of Error Correcting Codes","author":"MacWilliams F. J.","unstructured":"F. J. MacWilliams and N. J. A. Sloane . 1978. The Theory of Error Correcting Codes . North-Holland Publishing Company . F. J. MacWilliams and N. J. A. Sloane. 1978. The Theory of Error Correcting Codes. North-Holland Publishing Company."},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-25873-2_4"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00446-013-0200-5"},{"key":"e_1_2_1_38_1","volume-title":"Proceedings of the PODC. ACM, 243--244","author":"Patra A.","unstructured":"A. Patra and C. Pandu Rangan . 2010. Brief announcement: Communication efficient asynchronous Byzantine agreement . In Proceedings of the PODC. ACM, 243--244 . A. Patra and C. Pandu Rangan. 2010. Brief announcement: Communication efficient asynchronous Byzantine agreement. In Proceedings of the PODC. ACM, 243--244."},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/322186.322188"},{"key":"e_1_2_1_40_1","volume-title":"Proceedings of the CRYPTO (Lecture Notes in Computer Science)","volume":"576","author":"Pedersen T. P.","year":"1991","unstructured":"T. P. Pedersen . 1991 . Non-interactive and information-theoretic secure verifiable secret sharing . In Proceedings of the CRYPTO (Lecture Notes in Computer Science) , Vol. 576 . Springer, 129--140. T. P. Pedersen. 1991. Non-interactive and information-theoretic secure verifiable secret sharing. In Proceedings of the CRYPTO (Lecture Notes in Computer Science), Vol. 576. Springer, 129--140."},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/SFCS.1983.48"},{"key":"e_1_2_1_42_1","volume-title":"Proceedings of the STOC. ACM, 73--85","author":"Rabin T.","unstructured":"T. Rabin and M. Ben-Or . 1989. Verifiable secret sharing and multiparty protocols with honest majority (extended abstract) . In Proceedings of the STOC. ACM, 73--85 . T. Rabin and M. Ben-Or. 1989. Verifiable secret sharing and multiparty protocols with honest majority (extended abstract). In Proceedings of the STOC. ACM, 73--85."},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/359168.359176"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45539-6_15"},{"key":"e_1_2_1_45_1","volume-title":"Asynchronous Byzantine agreement with optimal resilience and linear complexity. CoRR abs\/1507.06165","author":"Wang C.","year":"2015","unstructured":"C. Wang . 2015. Asynchronous Byzantine agreement with optimal resilience and linear complexity. CoRR abs\/1507.06165 ( 2015 ). C. Wang. 2015. Asynchronous Byzantine agreement with optimal resilience and linear complexity. CoRR abs\/1507.06165 (2015)."},{"key":"e_1_2_1_46_1","volume-title":"Proceedings of the FOCS. IEEE Computer Society, 160--164","author":"Yao A. C.","year":"1982","unstructured":"A. C. Yao . 1982 . Protocols for secure computations (extended abstract) . In Proceedings of the FOCS. IEEE Computer Society, 160--164 . A. C. Yao. 1982. Protocols for secure computations (extended abstract). In Proceedings of the FOCS. IEEE Computer Society, 160--164."}],"container-title":["Journal of the ACM"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3388788","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3388788","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:31:39Z","timestamp":1750195899000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3388788"}},"subtitle":["Efficient Asynchronous Byzantine Agreement Revisited*"],"short-title":[],"issued":{"date-parts":[[2020,5,18]]},"references-count":44,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2020,6,30]]}},"alternative-id":["10.1145\/3388788"],"URL":"https:\/\/doi.org\/10.1145\/3388788","relation":{},"ISSN":["0004-5411","1557-735X"],"issn-type":[{"value":"0004-5411","type":"print"},{"value":"1557-735X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,5,18]]},"assertion":[{"value":"2018-05-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-02-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-05-18","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}