How to prove all NP-statements in zero-knowledge, and a methodology of cryptographic protocol design
Proceedings on Advances in cryptology---CRYPTO '86
On Using RSA with Low Exponent in a Public Key Network
CRYPTO '85 Advances in Cryptology
Collective Coin Tossing Without Assumptions nor Broadcasting
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Proactive Fortification of Fault-Tolerant Services
OPODIS '09 Proceedings of the 13th International Conference on Principles of Distributed Systems
Cyberdice: peer-to-peer gambling in the presence of cheaters
Security'08 Proceedings of the 16th International conference on Security protocols
Hi-index | 0.00 |
It was recently shown by Michael Rabin that a sequence of random 0-1 values, prepared and distributed by a trusted "dealer," can be used to achieve Byzantine agreement in constant expected time in a network of processors. A natural question is whether it is possible to generate these values uniformly at random within the network. In this paper we present a cryptography based protocol for agreernent on a 0-1 randona value, if less than half of the processors are faulty. In fact the protocol allows uniform sampling from any finite set, and thus solves the problem of choosing a network leader uniformly at random. The protocol is usable both when all the communication is via "broadcast," in which case it needs three rounds of information exchange, and when each pair of processors communicate on a private line, in which case it needs 3t + 3 rounds, where t is the number of faulty proccssors. The protocol remains valid even if passive eavesdropping is allowed. On the other hand we show that no (probabilistic) protocol can achieve agreement on a fair coin in fewer phases then necessary for Byzantine agreement, and hence the "pre-dealt" nature of the random sequence required for Rabin's algorithm is crucial.