We give a protocol for Asynchronous Distributed Key Generation (A-DKG) that is optimally resilient (can withstand \({{\varvec{f}}}<\frac{{{\varvec{n}}}}{{{\varvec{3}}}}\) faulty parties), has a constant expected number of rounds, has \({{\varvec{O}}}({\varvec{\lambda }} {{\varvec{n}}}^{{\varvec{3}}})\) expected communication complexity, and assumes only the existence of a PKI. Prior to our work, the best A-DKG protocols required \({\varvec{\Omega }}({{\varvec{n}}})\) expected number of rounds, and \({\varvec{\Omega }}({{\varvec{n}}}^4)\) expected communication. Our A-DKG protocol relies on several building blocks that are of independent interest. We define and design a Proposal Election (PE) protocol that allows parties to retrospectively agree on a valid proposal after enough proposals have been sent from different parties. With constant probability the elected proposal was proposed by a nonfaulty party. In building our PE protocol, we design a Verifiable Gather protocol which allows parties to communicate which proposals they have and have not seen in a verifiable manner. The final building block to our A-DKG is a Validated Asynchronous Byzantine Agreement (VABA) protocol. We use our PE protocol to construct a VABA protocol that does not require leaders or an asynchronous DKG setup. Our VABA protocol can be used more generally when it is not possible to use threshold signatures.

我们为异步分布式密钥生成 (A-DKG) 提供了一种协议，该协议具有最佳弹性（可以承受\({{\varvec{f}}}<\frac{{{\varvec{n}}}}{{{\ varvec{3}}}}\)个错误方），具有恒定的预期回合数，有\({{\varvec{O}}}({\varvec{\lambda }} {{\varvec{n}} }^{{\varvec{3}}})\)预期的通信复杂性，并假设仅存在 PKI。在我们工作之前，最好的 A-DKG 协议需要\({\varvec{\Omega }}({{\varvec{n}}})\)预期的轮数，以及\({\varvec{\Omega } }({{\varvec{n}}}^4)\)预期的通信。我们的 A-DKG 协议依赖于几个独立感兴趣的构建块。我们定义和设计提案选举 (PE)协议允许各方在从不同方发送足够多的提案后追溯就有效提案达成一致。With constant probability the elected proposal was proposed by a nonfaulty party. 在构建我们的 PE 协议时，我们设计了一个Verifiable Gather协议，该协议允许各方以可验证的方式交流他们拥有和未看到的提案。我们 A-DKG 的最后一个构建块是经过验证的异步拜占庭协议 (VABA)协议。我们使用我们的 PE 协议来构建不需要领导者或异步 DKG 设置的 VABA 协议。当无法使用阈值签名时，可以更普遍地使用我们的 VABA 协议。