Unconditionally Secure Broadcast With Signatures

Broadcast, also called Byzantine Agreement, is a multi-party computation primitive where a dealer sends his input value to a group of players. All players must agree on the same output value, even if a part of these players is corrupted by an adversary. Furthermore, when the dealer is not corrupted, the output value of the correct players must be the input value of the dealer. It has been proven that broadcast can be achieved if and only if less than a third of the players is corrupted. In the case where a PKI which allows players to sign messages is available, protocols have been proposed that achieve broadcast for any number of corrupted players. However, most of these protocols have the drawback that a single corrupted player who can break the signature scheme is sufficient to make the protocol fail. Holenstein presented a hybrid protocol that tolerates either t0 corrupted players, or up to t1 > t0 corrupted players if the adversary cannot break the signature scheme. One goal of this project was to improve the results of Holenstein by finding such a hybrid protocol that is both efficient and optimal in the bounds t0 and t1. We did not reach this goal. However, we obtained interesting conclusions and intermediate results. We present our attempt to map the hybrid model with signatures to a hybrid failure model, in order to adapt the existing broadcast protocol from the hybrid failure model to our case. We also discuss our attempts to implement in our model a primitive proposed by Fitzi, and explain how this primitive can be used to achieve broadcast along the lines of the Dolev-Strong protocol. Some other tracks we followed are also presented. Another task of this project was to generalize the protocols proposed by Holenstein to the general adversary setting. Whereas in a threshold model, an upper bound on the number of corrupted players is specified, in a general adversary setting, the collection of all possible sets of players that could be corrupted is given. General adversary structures are a strict generalization of threshold structures. For example, the threshold setting where only t players can be corrupted is a special case of a general adversary structure consisting of all player sets of cardinality at most t. In the thesis we show how to adapt Holenstein’s protocol so that it achieves broadcast secure against a general adversary. Our protocol is not efficient since its number of communication rounds is exponential. Finally, we prove the optimal bounds for which broadcast is still possible in our hybrid general adversary model.