Papers
Topics
Authors
Recent
Search
2000 character limit reached

Quantum Detectable Byzantine Agreement (QDBA)

Updated 10 July 2026
  • QDBA is a quantum protocol that enables agreement-or-abort decisions by leveraging quantum correlations in distributed systems.
  • It integrates diverse quantum mechanisms, like correlated private lists, weak broadcast primitives, and EPR-based approaches, to detect and isolate Byzantine faults.
  • Recent schemes demonstrate experimental progress by combining classical consensus techniques with quantum error mitigation and scalable resource strategies.

Quantum Detectable Byzantine Agreement (QDBA) is the quantum-information analogue of detectable Byzantine agreement or detectable broadcast: in the presence of Byzantine behavior, loyal parties are not required to force a decision in every execution, but they must either agree on the same value or output an abort symbol such as \bot. In the sender-based formulation, if the commander is loyal, every loyal lieutenant must either follow the commander’s order or abort; if the commander is dishonest, loyal lieutenants must still avoid silent disagreement. The literature realizes this detectable guarantee through several distinct quantum mechanisms, including distribution of specially correlated private lists, abort-capable weak broadcast primitives, and more recent EPR- or signature-based constructions adapted to realistic quantum networks (Bourennane et al., 2010, Tavakoli et al., 2015, Andronikos et al., 2023).

1. Formal definition and problem scope

QDBA inherits the classical Byzantine-generals setting but replaces unconditional decision with decision-or-abort semantics. A standard formulation requires three properties: if all generals are loyal, the protocol achieves Byzantine agreement; all loyal generals either follow the same order or abort; and if the commanding general is loyal, then either all loyal lieutenant generals follow the commanding general’s order or abort (Andronikos et al., 2023). In the three-party detectable-broadcast formulation, this appears as “either all loyal generals follow the same plan or all abort,” and if the commander is loyal, “either every loyal general follows AA’s plan or aborts” (Bourennane et al., 2010).

This detectable relaxation is not a minor definitional detail. It is the point at which quantum resources enter: rather than solving classical agreement from scratch in an unauthenticated setting, many quantum protocols first distribute a correlation resource that makes inconsistency testable. In that sense, a large part of the QDBA literature is best understood as a two-layer stack: a quantum phase that creates authenticated correlated randomness or authenticated signed evidence, followed by a classical phase that converts those resources into agreement-or-abort behavior (Bourennane et al., 2010, Cholvi, 2021).

A related but narrower primitive is weak broadcast. In the three-party WBC(3,1)WBC(3,1) setting, validity requires that if the sender is correct, all correct parties decide the sender’s bit, while consistency is relaxed so that if one correct party outputs y{0,1}y\in\{0,1\}, every other correct party outputs either yy or \perp (Guba et al., 2022). Weak broadcast is therefore directly relevant to QDBA, even when it is not itself presented as full detectable agreement.

The same detectable abstraction also appears outside pure consensus. A nonrecursive single-qudit protocol for clock synchronization explicitly reduces synchronization to detectable Byzantine agreement, using abort to mark undefined timing values when consistency cannot be maintained (Tavakoli et al., 2015). This broader use underscores that QDBA is not only a consensus primitive but also a fault-detection substrate for distributed quantum control.

2. Quantum resources and protocol families

The earliest QDBA constructions relied on multipartite entanglement or multiple pairwise quantum channels. Three-party detectable broadcast was originally implemented using three-qutrit singlet states, four-qubit entangled states, or several pairwise QKD channels; later work showed that the same correlated-list resource can instead be distributed by sequential communication of a single qutrit (Bourennane et al., 2010). In that protocol, the algebraic core is the pair of identities

UII3=1,U(k)U(l)U(m)=1 if k+l+m0(mod3),U_{II}^3=\mathbb{1}, \qquad U(k)U(l)U(m)=\mathbb{1}\ \text{if}\ k+l+m\equiv 0 \pmod 3,

which force accepted runs into the four list triples

(0,0,0), (1,1,1), (2,0,1), (2,1,0).(0,0,0),\ (1,1,1),\ (2,0,1),\ (2,1,0).

Those are exactly the correlations needed by the subsequent classical detectable-broadcast phase (Bourennane et al., 2010).

A direct generalization replaces the qutrit by a single mm-dimensional qudit passed sequentially through mm processes. The sender’s list then takes values in AA0, while every other process records only bits, and accepted runs satisfy a modular sum condition generated by diagonal phase operators. This protocol is explicitly nonrecursive and is presented as tolerating arbitrary many faulty processes in the detectable-agreement sense, with abort allowed (Tavakoli et al., 2015).

A different line uses entanglement not to build hidden lists but to instantiate a broadcast primitive directly. The four-qubit singlet-state weak-broadcast protocol studies AA1 with explicit finite-size failure bounds and a two-parameter family indexed by AA2 and AA3 (Guba et al., 2022). Another line, EPRQDBA, removes multipartite entanglement entirely and uses only AA4 Bell pairs and AA5 fillers, irrespective of AA6, while keeping constant round complexity equal to AA7 (Andronikos et al., 2023).

These families embody three distinct QDBA design philosophies. The first treats quantum mechanics as a source of hidden correlated lists. The second treats it as a source of abort-capable broadcast evidence. The third uses only pairwise EPR anti-correlations to construct per-recipient proof strings, then resolves conflicts by cross-checking those strings. A plausible implication is that “quantum resource” in QDBA should not be identified solely with multipartite entanglement: higher-dimensional single systems and purely bipartite EPR resources both suffice in nontrivial models (Bourennane et al., 2010, Tavakoli et al., 2015, Andronikos et al., 2023).

3. Representative constructions

A canonical three-party resource-distribution protocol is the single-qutrit scheme. General AA8 prepares

AA9

each party chooses basis WBC(3,1)WBC(3,1)0 or WBC(3,1)WBC(3,1)1, and WBC(3,1)WBC(3,1)2 encode WBC(3,1)WBC(3,1)3, WBC(3,1)WBC(3,1)4, WBC(3,1)WBC(3,1)5, respectively. If WBC(3,1)WBC(3,1)6 detects WBC(3,1)WBC(3,1)7 and all basis choices coincide, the round is valid; the accepted triples are exactly WBC(3,1)WBC(3,1)8, WBC(3,1)WBC(3,1)9, y{0,1}y\in\{0,1\}0, and y{0,1}y\in\{0,1\}1. The output is not a decision bit but private lists y{0,1}y\in\{0,1\}2, which are then consumed by a classical detectable-broadcast procedure (Bourennane et al., 2010).

The single-qudit multiparty protocol keeps the same division of labor but removes recursion. It distributes lists y{0,1}y\in\{0,1\}3 such that if y{0,1}y\in\{0,1\}4, all other parties have the same bit at position y{0,1}y\in\{0,1\}5, while if y{0,1}y\in\{0,1\}6, then the other y{0,1}y\in\{0,1\}7 processes hold bits summing to y{0,1}y\in\{0,1\}8. The quantum phase passes a single qudit of dimension y{0,1}y\in\{0,1\}9 through all processes, using basis operators yy0 and encoding operators yy1, and accepted runs satisfy a modular identity. The resulting classical algorithm yy2 uses one sender-to-all step and one relay phase, with consistency decisions driven by whether position lists and local private lists match (Tavakoli et al., 2015).

The four-qubit-singlet weak-broadcast construction provides the most explicit finite-resource security analysis among the primitive-level papers. It defines yy3 and yy4, proves that for

yy5

the failure probability obeys

yy6

and then numerically optimizes resource usage. For yy7, yy8, and target failure probability yy9, the reported upper-bound resource requirement is \perp0 four-qubit singlets per broadcast bit (Guba et al., 2022). This construction is narrower than full QDBA, but it provides a concrete abort-capable broadcast primitive with quantified asymptotics.

EPRQDBA is the most explicit direct \perp1-party QDBA proposal using only Bell pairs. The trusted source distributes \perp2 EPR pairs and \perp3 \perp4 qubits so that lieutenant \perp5 shares EPR anti-correlation with Alice in exactly one residue class modulo \perp6. Alice measures all qubits, constructs a per-lieutenant command vector \perp7 or \perp8 by revealing only those tuples whose \perp9-th bit equals the claimed order, and sends this vector in Round 1. Rounds 2 and 3 propagate and compare these command vectors using three checking procedures—CheckAlice, CheckLTwCV, and CheckLTwBV—and Round 4 finalizes the decision. The command-vector tests use tuple-count conditions such as

UII3=1,U(k)U(l)U(m)=1 if k+l+m0(mod3),U_{II}^3=\mathbb{1}, \qquad U(k)U(l)U(m)=\mathbb{1}\ \text{if}\ k+l+m\equiv 0 \pmod 3,0

together with anti-correlation checks against local measurement outcomes (Andronikos et al., 2023).

4. Security semantics and proof techniques

QDBA papers differ sharply in where detectability lives and how it is justified. In single-system correlated-list protocols, the security argument is disturbance-based: an intercept-resend strategy or an ancilla attack turns the traveling pure state into an effectively mixed state on selected valid rounds, so the final detection of UII3=1,U(k)U(l)U(m)=1 if k+l+m0(mod3),U_{II}^3=\mathbb{1}, \qquad U(k)U(l)U(m)=\mathbb{1}\ \text{if}\ k+l+m\equiv 0 \pmod 3,1 ceases to be deterministic. Cheating is then exposed by sampling valid rounds and checking the modular relation UII3=1,U(k)U(l)U(m)=1 if k+l+m0(mod3),U_{II}^3=\mathbb{1}, \qquad U(k)U(l)U(m)=\mathbb{1}\ \text{if}\ k+l+m\equiv 0 \pmod 3,2 (Bourennane et al., 2010). This is a physically grounded information-disturbance argument rather than a modern composable proof.

The weak-broadcast line is more explicitly probabilistic. The four-qubit-singlet protocol derives separate failure bounds for the no-fault, faulty-sender, and faulty-receiver cases, all based on multinomial counting and Chernoff concentration, and then optimizes the state budget for a fixed target failure probability (Guba et al., 2022). By contrast, EPRQDBA argues security by counting hidden tuple positions: a traitorous lieutenant trying to fake the opposite order must guess the right subset of tuples, with success probability approximately

UII3=1,U(k)U(l)U(m)=1 if k+l+m0(mod3),U_{II}^3=\mathbb{1}, \qquad U(k)U(l)U(m)=\mathbb{1}\ \text{if}\ k+l+m\equiv 0 \pmod 3,3

which tends to zero as UII3=1,U(k)U(l)U(m)=1 if k+l+m0(mod3),U_{II}^3=\mathbb{1}, \qquad U(k)U(l)U(m)=\mathbb{1}\ \text{if}\ k+l+m\equiv 0 \pmod 3,4 grows (Andronikos et al., 2023).

A recurrent misconception is that every quantum Byzantine protocol with internal checks is a QDBA protocol. The literature is more heterogeneous. The UII3=1,U(k)U(l)U(m)=1 if k+l+m0(mod3),U_{II}^3=\mathbb{1}, \qquad U(k)U(l)U(m)=\mathbb{1}\ \text{if}\ k+l+m\equiv 0 \pmod 3,5-correlated-list protocol for arbitrary many dishonest parties explicitly states that abort is considered only in the list-distribution phase, while the subsequent agreement phase is claimed to satisfy full Byzantine Agreement with high probability (Cholvi, 2021). Ben-Or–Hassidim-style quantum-aided Byzantine agreement, as analyzed for quantum repeater networks, aims at full agreement with probabilistic termination rather than agreement-or-detect semantics, even though graded share-and-verify subroutines identify faulty behavior internally (Taherkhani et al., 2017). QDS-based protocols that claim strict Lamport conditions without an explicit final abort symbol likewise belong to a neighboring, stronger class rather than to canonical QDBA (Weng et al., 2022, Zhou et al., 8 Feb 2025).

This distinction matters because the proof obligations differ. In canonical QDBA, the central safety statement is that honest parties never silently diverge: any ambiguity must surface as abort. In stronger authenticated QBA, the aim is to maintain agreement directly, often by making forgery or equivocation information-theoretically impossible through quantum signatures or QKD-derived authentication. The papers themselves repeatedly caution against conflating these semantics (Weng et al., 2022, Zhou et al., 8 Feb 2025).

5. Experimental progress, systems studies, and noise

Experimental and systems work has shifted QDBA from idealized entanglement distribution to NISQ-era error management and network simulation. An experimental detectable-agreement study for distributed quantum computing integrates Twirled Readout Error Extinction (T-REx) and dynamical decoupling (DD) into a commander/lieutenant protocol based on a custom multipartite state. For UII3=1,U(k)U(l)U(m)=1 if k+l+m0(mod3),U_{II}^3=\mathbb{1}, \qquad U(k)U(l)U(m)=\mathbb{1}\ \text{if}\ k+l+m\equiv 0 \pmod 3,6, one randomly selected traitor, UII3=1,U(k)U(l)U(m)=1 if k+l+m0(mod3),U_{II}^3=\mathbb{1}, \qquad U(k)U(l)U(m)=\mathbb{1}\ \text{if}\ k+l+m\equiv 0 \pmod 3,7 exchanged indices/shots, and UII3=1,U(k)U(l)U(m)=1 if k+l+m0(mod3),U_{II}^3=\mathbb{1}, \qquad U(k)U(l)U(m)=\mathbb{1}\ \text{if}\ k+l+m\equiv 0 \pmod 3,8 Monte Carlo iterations per noise point, the reported DBA success probabilities were

UII3=1,U(k)U(l)U(m)=1 if k+l+m0(mod3),U_{II}^3=\mathbb{1}, \qquad U(k)U(l)U(m)=\mathbb{1}\ \text{if}\ k+l+m\equiv 0 \pmod 3,9

for unmitigated, EM alone, DD alone, and EM+DD, respectively. The same study reports an effective bit-flip-noise interpretation of (0,0,0), (1,1,1), (2,0,1), (2,1,0).(0,0,0),\ (1,1,1),\ (2,0,1),\ (2,1,0).0 unmitigated, (0,0,0), (1,1,1), (2,0,1), (2,1,0).(0,0,0),\ (1,1,1),\ (2,0,1),\ (2,1,0).1 with DD alone, and (0,0,0), (1,1,1), (2,0,1), (2,1,0).(0,0,0),\ (1,1,1),\ (2,0,1),\ (2,1,0).2 with EM+DD, while also noting that the number of shots required to reach (0,0,0), (1,1,1), (2,0,1), (2,1,0).(0,0,0),\ (1,1,1),\ (2,0,1),\ (2,1,0).3 grows exponentially with network size (Prest et al., 2023).

For EPRQDBA specifically, large-scale benchmarking now exists. A noisy-network study of the EPR-based protocol uses the Aliro Quantum Network Simulator across logical, superconducting, and photonic architectures. In noiseless simulations, (0,0,0), (1,1,1), (2,0,1), (2,1,0).(0,0,0),\ (1,1,1),\ (2,0,1),\ (2,1,0).4 entanglement tuples were sufficient for (0,0,0), (1,1,1), (2,0,1), (2,1,0).(0,0,0),\ (1,1,1),\ (2,0,1),\ (2,1,0).5 to ensure complete success for any tested traitor count. Under Pauli noise, (0,0,0), (1,1,1), (2,0,1), (2,1,0).(0,0,0),\ (1,1,1),\ (2,0,1),\ (2,1,0).6-noise was found to have essentially no effect, while (0,0,0), (1,1,1), (2,0,1), (2,1,0).(0,0,0),\ (1,1,1),\ (2,0,1),\ (2,1,0).7- and (0,0,0), (1,1,1), (2,0,1), (2,1,0).(0,0,0),\ (1,1,1),\ (2,0,1),\ (2,1,0).8-noise were harmful; in photonic and superconducting models, the dominant degradations came from unheralded loss and (0,0,0), (1,1,1), (2,0,1), (2,1,0).(0,0,0),\ (1,1,1),\ (2,0,1),\ (2,1,0).9-type amplitude damping rather than phase noise (Bhatia et al., 1 Sep 2025).

At the primitive level, the four-qubit-singlet weak-broadcast protocol has also been pushed onto public hardware. The paper prepares the singlet on IonQ and IBM devices, reporting, for example, mm0 and mm1 on IonQ for the 5-CNOT loop circuit, and mitigated IBM values up to mm2 on IBMQ Quito. Yet the same analysis concludes that roughly two orders of magnitude improvement in state-preparation fidelity would be needed for practical low-failure deployment at the resource scales implied by the protocol analysis (Guba et al., 2022).

A parallel experimental thread uses QDS rather than explicit detectability semantics. A three-user fully connected photonic network with an untrusted service provider implements source-independent OTUH-QDS using pairwise entanglement links, reports network-distributed Bell-state fidelities of mm3, mm4, and mm5, and derives a leakage-tolerant forgery bound of mm6 for the demonstrated setting (jing et al., 2024). Although that protocol is framed as three-party quantum Byzantine agreement rather than canonical QDBA, it is directly relevant to the experimental consensus landscape because it shows how quantumly established multiparty correlations and one-time universal hashing can replace classical PKI-style trust.

6. Adjacent paradigms, misconceptions, and open issues

The modern quantum-agreement landscape contains at least three partially overlapping classes. The first is canonical QDBA: agreement-or-abort protocols built from correlated lists, weak-broadcast primitives, or direct EPR-based proof strings (Bourennane et al., 2010, Guba et al., 2022, Andronikos et al., 2023). The second is stronger authenticated quantum Byzantine agreement, often based on quantum digital signatures or QKD-derived message authentication, which aims to satisfy Lamport’s original interactive-consistency conditions without a final abort symbol (Weng et al., 2022, jing et al., 2024, Zhou et al., 8 Feb 2025). The third is systems-oriented quantum-aided Byzantine agreement, such as Ben-Or–Hassidim implementations over repeater networks or CA-assisted circular QBA, where the novelty lies in architecture, resource accounting, or communication complexity rather than in detectable-broadcast semantics (Taherkhani et al., 2017, Weng et al., 12 Feb 2026).

A second misconception is that multipartite entanglement is indispensable. The single-qutrit protocol, the single-qudit clock-synchronization/DBA protocol, and EPRQDBA all show otherwise: one may use a single high-dimensional traveling system, or only mm7 pairs, and still obtain detectable agreement under the stated assumptions (Bourennane et al., 2010, Tavakoli et al., 2015, Andronikos et al., 2023). This suggests that the essential quantum ingredient is not a specific entangled state family but a source of correlations that an adversary cannot reproduce consistently across all honest views.

The open technical issues are equally consistent across the literature. Several constructions assume a trusted quantum source or idealized authenticated quantum channels (Tavakoli et al., 2015, Andronikos et al., 2023). Many proofs remain heuristic, operational, or asymptotic rather than composable (Bourennane et al., 2010, Prest et al., 2023). Finite-noise analyses often expose sharp hardware gaps: in the four-qubit-singlet weak-broadcast study, fixed leakage mm8 makes increasing the number of resource states mm9 eventually counterproductive, and at mm0 the minimum noisy failure probability reported is mm1 at mm2 for mm3 and mm4 (Guba et al., 2022). Network studies likewise reveal model gaps; for example, the EPRQDBA benchmark uses traitors that “make random decisions” rather than coordinated strategic attacks (Bhatia et al., 1 Sep 2025). Semi-centralized architectures can improve scalability, but they do so by introducing trusted verification roles that move the protocol away from the peer-only QDBA model (Weng et al., 12 Feb 2026).

QDBA is therefore best regarded not as a single protocol template but as a family of quantum-assisted fault-detection strategies for consensus. Its defining feature is semantic rather than architectural: honest parties must never be forced into undetected divergence. The literature shows that this can be achieved with qutrit phase encoding, single-qudit sequential communication, four-qubit singlets, EPR-only designs, and experimentally realistic networked quantum signing. What remains unsettled is how to combine those detectable guarantees with scalable, fully distributed, noise-robust, and composably secure implementations.

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Quantum Detectable Byzantine Agreement (QDBA).