🤖 AI Summary
This work addresses the vulnerability of existing Byzantine fault-tolerant (BFT) protocols to quantum attacks, which stems from their reliance on digital signatures, while signature-free alternatives often struggle to achieve both low latency and practicality. To bridge this gap, the paper proposes Simple-IT, a leader-based, signature-free BFT consensus protocol that requires only quantum-resistant authenticated channels and achieves a message latency of three rounds in the optimistic case and four rounds in the worst case. By incorporating practical optimizations such as speculative pipelining, Simple-IT maintains protocol simplicity while demonstrating, for the first time, a deployable high-performance signature-free BFT system. Wide-area network experiments show that its throughput and latency match those of current mainstream quantum-vulnerable BFT protocols.
📝 Abstract
Recent advances in quantum computing pose a looming threat to most current Byzantine fault-tolerant (BFT) consensus protocols, which rely on quantum-vulnerable public-key signature schemes such as Ed25519 and BLS12-381. Instead of switching to much more expensive post-quantum secure signature schemes, an alternative is to use signature-free protocols, which rely only on cheap, post-quantum secure authenticated channels.
In this paper, we ask whether signature-free BFT consensus protocols can match the performance of current state-of-the-art, quantum-vulnerable BFT consensus protocols. While previous work on the Sailfish++ protocol showed that state-of-the-art throughput is attainable signature-free, the question of latency is still open. Several recent signature-free protocols have low latency in theory, but they are all very intricate, and no practical implementation has so far been presented. In this work, we propose Simple-IT, a new leader-based, signature-free BFT consensus protocol that achieves a theoretical latency of 4 message delays (one more than the optimum), and only 3 on its optimistic path. Crucially, Simple-IT is simple enough to be amenable to implementation and to practical optimizations such as speculative pipelining, and, as we show experimentally in a geo-distributed testbed, it achieves both throughput and latency competitive with state-of-the-art quantum-vulnerable protocols.