Asynchronous Byzantine Agreement with Subquadratic Communication

Understanding the communication complexity of Byzantine agreement (BA) is a fundamental problem in distributed computing. In particular, for protocols involving a large number of parties (as in, e.g., the context of blockchain protocols), it is important to understand the dependence of the communication on the number of parties n. Although adaptively secure BA protocols with o(n(2)) communication are known in the synchronous and partially synchronous settings, no such protocols are known in the fully asynchronous case. We show asynchronous BA protocols with (expected) subquadratic communication complexity tolerating an adaptive adversary who can corrupt f < (1-c)n/3 of the parties (for any c > 0). One protocol assumes initial setup done by a trusted dealer, after which an unbounded number of BA executions can be run; alternately, we can achieve subquadratic amortized communication with no prior setup. We also show that some form of setup is needed for (non-amortized) subquadratic BA tolerating T(n) corrupted parties. As a contribution of independent interest, we show a securecomputation protocol in the same threat model that has o(n(2)) communication when computing no-input functionalities with short output (e.g., coin tossing).