How to withstand mobile virus attacks (extended abstract)
PODC '91 Proceedings of the tenth annual ACM symposium on Principles of distributed computing
Reaching Agreement in the Presence of Faults
Journal of the ACM (JACM)
The Byzantine Generals Problem
ACM Transactions on Programming Languages and Systems (TOPLAS)
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Leakage-Resilient Cryptography
FOCS '08 Proceedings of the 2008 49th Annual IEEE Symposium on Foundations of Computer Science
Authenticated Byzantine generals in dual failure model
ICDCN'10 Proceedings of the 11th international conference on Distributed computing and networking
Player-centric Byzantine agreement
ICALP'11 Proceedings of the 38th international colloquim conference on Automata, languages and programming - Volume Part I
Homonyms with forgeable identifiers
SIROCCO'12 Proceedings of the 19th international conference on Structural Information and Communication Complexity
Hi-index | 0.00 |
Given a public-key infrastructure (PKI) and digital signatures, it is possible to construct broadcast protocols tolerating any number of corrupted parties. Almost all existing protocols, however, do not distinguish between corrupted parties (who do not follow the protocol), and honest parties whose secret (signing) keys have been compromised (but who continue to behave honestly). We explore conditions under which it is possible to construct broadcast protocols that still provide the usual guarantees (i.e., validity/agreement) to the latter. Consider a network of n parties, where an adversary has compromised the secret keys of up to tc honest parties and, in addition, fully controls the behavior of up to ta other parties. We show that for any fixed tc 0, and any fixed ta, there exists an efficient protocol for broadcast if and only if 2ta+min(ta, tc) n. (When tc = 0, standard results imply feasibility.) We also show that if tc, ta are not fixed, but are only guaranteed to satisfy the bound above, then broadcast is impossible to achieve except for a few specific values of n; for these "exceptional" values of n, we demonstrate a broadcast protocol. Taken together, our results give a complete characterization of this problem.