Expansion of provided primitives to include secure causal atomic broadcast

[fionafibration]

Hello, I thought it would be useful to include a version of the CKPS broadcast protocol providing atomicity and possibly even causality, as defined in their original paper. This would prevent people from being able to act on the content of a message before it is successfully delivered to all participants, which would prevent certain methods that adversaries could use to collude through an external channel.

This would require a threshold encryption scheme, but it appears this library already has one as a primitive.

Thank you for the wonderful library!

[HeikoStamer]

Indeed, that was one of the original ideas for this module of LibTMCG. However, it's a very complex task that takes a lot of time. I already have some code from 2001-2003 (part of my diploma thesis), that implements their Asynchronous Byzantine Binary Argeement (ABBA) protocol based upon Shoup's non-interactive RSA-threshold signature scheme. Unfortunately, it does not solve the distributed key generation for RSA, so it is almost useless here.

In general I'am not sure, whether an efficient common coin implementation (as threshold signature schemes can provide) is really required for a practical multi-value consensus/agreement algorithm. Currently I use the 'Independent Choice' method (cf. Cachin et al.: Reliable and Secure Distributed Programming) for a non-byzantine Randomized Binary Consensus algorithm in DOTS. Of Course that leads to exponential termination bounds, however, only for unlikely failures or malicious cases.

Unfortunately, the required asynchronous communication model for LibTMCG (including the already contained Reliable Broadcast and other methods) is not specified and documented yet. Maybe this is a good starting point for external contributions, because my own time is very limited and I don't see any satisfying (e.g. free software, minimal dependencies) third-party library providing those basic methods (any ideas?).

[fionafibration]

Ok, I can look at implementing that. I was also planning on attempting to implement an open vote network and open veto network, because of certain games that require anonymous voting (mainly party games, I don't know of any gambling card games)

[fionafibration]

Another possible algorithm that could be used for Byzantine Agreement could be the Polygraph accountable protocol, which can actually detect and prove malicious users or users who act out of accordance with the protocol.

This would allow an honest player to prove to all other players that a malicious player is actually malicious, even if those players don't directly observe misconduct.

The accountability feature may even provide a method of fairly paying out bets, as the ledger used can provide a basically unforgeable transcript of the entire game session, which could then be passed to a payout authority, or could even be parsed by an Ethereum smart contract to fairly pay out winnings without one party being able to manipulate the payouts.

I don't know how well this would work, or whether the protocol's ledgers would even support this, but it is an interesting thought.