Broadcast protocols enable a set of $n$ parties to agree on the input of a designated sender, even facing attacks by malicious parties. In the honest-majority setting, randomization and cryptography were harnessed to achieve low-communication broadcast with sub-quadratic total communication and balanced sub-linear cost per party. However, comparatively little is known in the dishonest-majority setting. Here, the most communication-efficient constructions are based on Dolev and Strong (SICOMP '83), and sub-quadratic broadcast has not been achieved. On the other hand, the only nontrivial $\omega(n)$ communication lower bounds are restricted to deterministic protocols, or against strong adaptive adversaries that can perform "after the fact" removal of messages. We provide new communication lower bounds in this space, which hold against arbitrary cryptography and setup assumptions, as well as a simple protocol showing near tightness of our first bound. 1) We demonstrate a tradeoff between resiliency and communication for protocols secure against $n-o(n)$ static corruptions. For example, $\Omega(n\cdot {\sf polylog}(n))$ messages are needed when the number of honest parties is $n/{\sf polylog}(n)$; $\Omega(n\sqrt{n})$ messages are needed for $O(\sqrt{n})$ honest parties; and $\Omega(n^2)$ messages are needed for $O(1)$ honest parties. Complementarily, we demonstrate broadcast with $O(n\cdot{\sf polylog}(n))$ total communication facing any constant fraction of static corruptions. 2) Our second bound considers $n/2 + k$ corruptions and a weakly adaptive adversary that cannot remove messages "after the fact." We show that any broadcast protocol within this setting can be attacked to force an arbitrary party to send messages to $k$ other parties. This rules out, for example, broadcast facing 51% corruptions in which all non-sender parties have sublinear communication locality.

翻译：广播协议允许一组$n$个参与者在面对恶意攻击时，也能就指定发送者的输入达成一致。在诚实多数设定下，随机化和密码学技术被用来实现低通信量的广播，其总通信量低于二次方且每个参与方的通信成本为亚线性。然而，在恶意多数设定下，目前所知结果相对有限。此类设定中，通信效率最高的构造方法基于Dolev和Strong（SICOMP '83）的工作，尚未实现亚二次方通信的广播。另一方面，唯一非平凡$\omega(n)$通信下界仅限于确定性协议，或针对能够"事后"移除消息的强适应性攻击者。本文提出了该领域新的通信下界，该下界适用于任意密码学假设和设置条件，同时给出一个简单协议证明第一个下界近乎紧致。1) 我们展示了在抵抗$n-o(n)$静态腐败的协议中，鲁棒性与通信量之间的权衡关系。例如，当诚实参与方数量为$n/{\sf polylog}(n)$时需$\Omega(n\cdot {\sf polylog}(n))$条消息；当诚实参与方为$O(\sqrt{n})$时需$\Omega(n\sqrt{n})$条消息；当诚实参与方为$O(1)$时需$\Omega(n^2)$条消息。补充地，我们证明了在任意常数比例的静态腐败下，可实现总通信量为$O(n\cdot{\sf polylog}(n))$的广播。2) 第二个下界考虑$n/2 + k$个腐败方，以及无法"事后"移除消息的弱适应性攻击者。我们证明该设定下任何广播协议都可能受到攻击，迫使任意参与方向其他$k$个参与方发送消息。例如，这一结论排除了在51%腐败率下实现所有非发送方参与方具有亚线性通信局域性的广播方案。