The contributions of this paper are two-fold. First, we devise a complete characterization of adaptively secure broadcast both in the property-based and in the simulation-based setting, and assuming a wide class of common setups. Our investigation reveals that, contrary to previous perception, the above limitation of adaptively secure broadcast is not an artifact of simulation-based security, but rather an inherent issue of adaptive security. In particular, we show that: (1) it also applies to the property-based broadcast definition adapted for adaptive adversaries, and (2) unlike other impossibilities in adaptive security this impossibility cannot be circumvented by adding a programmable random oracle.
Second, we turn to the resource-restricted cryptography (RRC) paradigm [Garay et al., Eurocrypt '20], which was proven useful in circumventing impossibility results, and ask whether it also affects the above negative result. We answer this question in the affirmative, by showing that time-lock puzzles (TLPs)---which can be viewed as an instance of RRC---indeed allow for achieving the property-based definition and circumvent the impossibility of adaptively secure broadcast. The natural question is then, do TLPs also allow for simulation-based adaptively secure broadcast against corrupted majorities? We answer this in the negative. Nonetheless, we show that a positive result can be achieved via a new, non-committing analogue of TLPs in the programmable random-oracle model.
As a contribution of independent interest, we also present the first (limited) composition theorem in the resource-restricted setting.
Category / Keywords: cryptographic protocols / Broadcast, adaptive security, cryptographic protocols Date: received 8 Jun 2021, last revised 19 Feb 2022 Contact author: cohenran at idc ac il, garay at cse tamu edu, vzikas at cs purdue edu Available format(s): PDF | BibTeX Citation Version: 20220219:204835 (All versions of this report) Short URL: ia.cr/2021/775