Information-Theoretic Pseudosignatures and Byzantine Agreement for t ≥ n/3

Byzantine agreement means achieving reliable broadcast on a point-to-point network of n processors, of which up to t may be maliciously faulty. A well-known result by Pease, Shostak, and Lamport says that perfect Byzantine agreement is only possible if t < n/3. In contrast, so-called authenticated protocols achieve Byzantine agreement for any t based on computational assumptions, typically the existence of a digital signature scheme, an assumption equivalent to the existence of one-way functions. The “folklore” belief based on these two results is that computational assumptions are necessary to achieve Byzantine agreement for t ≥ n/3. We present a protocol that refutes this folklore belief, i.e., it achieves Byzantine agreement for any t in an information-theoretic setting. It does not, however, contradict the precise impossibility result: More than one difference exists between the model in that proof and the model of the existing authenticated protocols, and we only remove the computational assumption. Our protocol is based on a new information-theoretically secure authentication scheme with many of the properties of digital signatures; we call it pseudosignatures. Our construction of pseudosignatures generalizes a scheme by Chaum and Roijakkers.

[1]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[2]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[3]  Michael Waidner Byzantinische Verteilung ohne kryptographische Annahmen trotz beliebig vieler Fehler , 1992 .

[4]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[5]  Gustavus J. Simmons,et al.  A cartesian product construction for unconditionally secure authentication codes that permit arbitration , 1990, Journal of Cryptology.

[6]  Thomas Johansson,et al.  On A²-Codes Including Arbiter's Attacks , 1994, EUROCRYPT.

[7]  Bert den Boer,et al.  Detection of Disrupters in the DC Protocol , 1990, EUROCRYPT.

[8]  Herbert O. Burton Inversionless decoding of binary BCH codes , 1971, IEEE Trans. Inf. Theory.

[9]  室 章治郎 Michael R.Garey/David S.Johnson 著, "COMPUTERS AND INTRACTABILITY A guide to the Theory of NP-Completeness", FREEMAN, A5判変形判, 338+xii, \5,217, 1979 , 1980 .

[10]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[11]  Tal Rabin,et al.  Robust sharing of secrets when the dealer is honest or cheating , 1994, JACM.

[12]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[13]  Y Desmedt,et al.  ARBITRATED UNCONDITIONALLY SECURE AUTHENTICATION CAN BE UNCONDITIONALLY PROTECTED AGAINST ARBITER ATTACKS , 1991, CRYPTO 1991.

[14]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[15]  BarborakMichael,et al.  The consensus problem in fault-tolerant computing , 1993 .

[16]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[17]  Michael O. Rabin,et al.  Probabilistic Algorithms in Finite Fields , 1980, SIAM J. Comput..

[18]  Cynthia Dwork,et al.  Randomization in Byzantine Agreement , 1989, Adv. Comput. Res..

[19]  Po-Shen Loh,et al.  Probabilistic Methods in Combinatorics , 2009 .

[20]  Birgit Pfitzmann,et al.  Digital Signature Schemes: General Framework and Fail-Stop Signatures , 1996 .

[21]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[22]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[23]  Birgit Pfitzmann,et al.  Sorting out signature schemes , 1993, CCS '93.

[24]  F. MacWilliams,et al.  Codes which detect deception , 1974 .

[25]  Andrew Chi-Chih Yao,et al.  On the improbability of reaching Byzantine agreements , 1989, STOC '89.

[26]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[27]  Birgit Pfitzmann,et al.  Unconditional Byzantine Agreement with Good Majority , 1991, STACS.

[28]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[29]  David Chaum,et al.  Unconditionally Secure Digital Signatures , 1990, CRYPTO.

[30]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.