Cait-Sith Security
This serves as an organizing document for the security analysis of Cait-Sith. This document isn’t intended to be a specification for the protocol itself, rather, it’s intended to analyze the protocol as specified in the Github repo. The code in the repo implements the specification in the repo, and this document investigates the security of that specification.
There are 3 main protocols to look at:
- Key Generation (or, key sharing, in its general form)
- Signing (with presignatures)
- Triple generation
Each of these also uses intermediate protocols in their analysis, which helps simplify the proofs, reusing hard work across the proofs.
Because of this, it’s somewhat important to read the documents in order, since some intermediate protocols will then get used in later documents.
To that effect:
Part 0: Preliminaries
This document presents some preliminary information on the security framework being used (MPS, which you can think of as being like UC security, in essence), as well as some notational conventions, and how we structure round communication and aborts.
Part 1: Broadcast
One key intermediate protocol is broadcast, which ensures that a party sends the same message to all other parties.
Part 2: Key Sharing
This document looks at the key sharing protocol. You can think of this as a generalization of key generation to also handle the cases of refreshing keys, and sharing keys with new parties.
Part 3: Triples
This document looks at the triple generation protocol.
Part 4: Signing
This document looks at signing, using presignatures.