Information-Theoretic Pseudosignatures and Byzantine Agreement

Byzantine agreement means achieving reliable broadcast on a point-to-point network of n processors, of which up to t may be maliciously faulty. A well-known result by Pease, Shostak, and Lamport says that perfect Byzantine agreement is only possible if t < n/3. In contrast, so-called authenticated protocols achieve Byzantine agreement for any t based on computational assumptions, typically the existence of a digital signature scheme, an assumption equivalent to the existence of one-way functions. The folklore belief based on these two results is that computational assumptions are necessary to achieve Byzantine agreement of t > n/3. We present a protocl that refutes this folklore belief, i.e., it achieves Byzantine agreement for any t in an information-theoretic setting. It does not, however, contradict the precise impossibility result: More that one difference exists between the model in that proof and the model of the existing authenticated protocols, and we only remove the computational assumption. Our protocol is based on a new information-theoretically secure authentication scheme with many of the properties of digital signatures; we call it pseudosignatures. Our construction of pseudosignatures generalizes a scheme by Chaum and Roijakkers.