[Cryptography] reliable broadcast channel
jamesd at echeque.com
jamesd at echeque.com
Wed Nov 4 18:05:21 EST 2020
A key cryptographic primitive in group cryptographic protocols is the
reliable broadcast channel - that any participant can reliably send a
message that is available to all participants.
In actual practice we have unreliable point to point two party
communications, from which we have to construct a broadcast channel.
Practical applications of these cryptographic protocols seem to be
relying on a trusted broadcaster, who is apt to be untrustworthy when
there is money, power, or valuable secrets lying on the table.
Trouble is that in practice, certain messages are likely to be hidden
from certain participants, and other participants will be unaware that
they are hidden, or they will receive a discrepant message and
incorrectly believe they are receiving the same message as others.
In a large group, one can assume that more than half the participants
are honest, so one can construct a broadcast channel using the paxos
protocol.
But interesting protocols are likely to involve small groups in which we
want the transaction to fail if more than half the participants are
defecting.
For example, the lightning protocol is cryptographically enforced
correspondence banking, and an eternal problem in correspondence banking
is insider check kiting. A shill sends a check to another shill, so
that one correspondence banker can scam another correspondence banker,
so the group attempting to organize the transaction is going to consist
of two shills, one scammer, one pigeon, and one innocent third party
roped in to obscure who is doing the scamming and who is being scammed,
giving a majority of three evil participants against two good and
trusting participants.
By and large, the more that is on the table, the smaller the group
engaging in the cryptographic protocol is apt to be.
We want the transaction to fail in such cases. Generalizing to all
group cryptographic protocols, we want the broadcast channel to fail and
to be seen to fail in such cases.
What work has been done on this?
More information about the cryptography
mailing list