Cait-Sith Security

This serves as an organizing document for the security analysis of Cait-Sith. This document isn’t intended to be a specification for the protocol itself, rather, it’s intended to analyze the protocol as specified in the Github repo. The code in the repo implements the specification in the repo, and this document investigates the security of that specification.

There are 3 main protocols to look at:

Each of these also uses intermediate protocols in their analysis, which helps simplify the proofs, reusing hard work across the proofs.

Because of this, it’s somewhat important to read the documents in order, since some intermediate protocols will then get used in later documents.

To that effect:

Part 0: Preliminaries

This document presents some preliminary information on the security framework being used (MPS, which you can think of as being like UC security, in essence), as well as some notational conventions, and how we structure round communication and aborts.

Part 1: Broadcast

One key intermediate protocol is broadcast, which ensures that a party sends the same message to all other parties.

Part 2: Key Sharing

This document looks at the key sharing protocol. You can think of this as a generalization of key generation to also handle the cases of refreshing keys, and sharing keys with new parties.

Part 3: Triples

This document looks at the triple generation protocol.

Part 4: Signing

This document looks at signing, using presignatures.