Polygraph: Accountable Byzantine Agreement

In this paper, we introduce Polygraph, the first accountable Byzantine consensus algorithm. If among $n$ users $t < n/3$ are malicious then it ensures consensus; otherwise (if $t\geq n/3)$, it eventually detects malicious users that cause disagreement. Polygraph is appealing for blockchain applications as it allows them to totally order blocks in a chain whenever possible, hence avoiding forks and double spending and, otherwise, to punish (e.g., via slashing) at least $n/3$ malicious users when a fork occurs. This problem is more difficult than perhaps it first appears. One could try identifying malicious senders by extending classic Byzantine consensus algorithms to piggyback signed messages. We show however that to achieve accountability the resulting algorithms would then need to exchange $\Omega(\kappa^{2}\cdot n^{5})$ bits, where $\kappa$ is the security parameter of the signature scheme. By contrast, Polygraph has communication complexity $O(\kappa\cdot n^{4})$. Finally, we implement Polygraph in a blockchain and compare it to the Red Belly Blockchain to show that it commits more than 10,000 Bitcoin-like transactions per second when deployed on 80 geodistributed machines.