Easy impossibility proofs for distributed consensus problems
Distributed Computing
SIAM Journal on Computing
Achieving independence in logarithmic number of rounds
PODC '87 Proceedings of the sixth annual ACM Symposium on Principles of distributed computing
Completeness theorems for non-cryptographic fault-tolerant distributed computation
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Multiparty unconditionally secure protocols
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Optimal algorithms for Byzantine agreement
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Modular construction of nearly optimal Byzantine agreement protocols
Proceedings of the eighth annual ACM Symposium on Principles of distributed computing
Verifiable secret sharing and multiparty protocols with honest majority
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Unconditional Byzantine agreement with good majority
STACS 91 Proceedings of the 8th annual symposium on Theoretical aspects of computer science
Shifting gears: changing algorithms on the fly to expedite Byzantine agreement
Information and Computation
Fully polynomial Byzantine agreement in t + 1 rounds
STOC '93 Proceedings of the twenty-fifth annual ACM symposium on Theory of computing
Asynchronous secure computation
STOC '93 Proceedings of the twenty-fifth annual ACM symposium on Theory of computing
Asynchronous secure computations with optimal resilience (extended abstract)
PODC '94 Proceedings of the thirteenth annual ACM symposium on Principles of distributed computing
Achieving independence efficiently and securely
Proceedings of the fourteenth annual ACM symposium on Principles of distributed computing
A Protocol to Achieve Independence in Constant Rounds
IEEE Transactions on Parallel and Distributed Systems
The Byzantine Generals Problem
ACM Transactions on Programming Languages and Systems (TOPLAS)
On the composition of authenticated byzantine agreement
STOC '02 Proceedings of the thiry-fourth annual ACM symposium on Theory of computing
Secure Computation without Agreement
DISC '02 Proceedings of the 16th International Conference on Distributed Computing
Unconditional Byzantine Agreement for any Number of Faulty Processors
STACS '92 Proceedings of the 9th Annual Symposium on Theoretical Aspects of Computer Science
Polynomial algorithms for multiple processor agreement
STOC '82 Proceedings of the fourteenth annual ACM symposium on Theory of computing
An asynchronous [(n - 1)/3]-resilient consensus protocol
PODC '84 Proceedings of the third annual ACM symposium on Principles of distributed computing
Universally Composable Security: A New Paradigm for Cryptographic Protocols
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
Simultaneous broadcast revisited
Proceedings of the twenty-fourth annual ACM symposium on Principles of distributed computing
Verifiable secret sharing and achieving simultaneity in the presence of faults
SFCS '85 Proceedings of the 26th Annual Symposium on Foundations of Computer Science
Towards optimal distributed consensus
SFCS '89 Proceedings of the 30th Annual Symposium on Foundations of Computer Science
Efficient multiparty computations secure against an adaptive adversary
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Efficient Byzantine agreement with faulty minority
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Universally composable simultaneous broadcast
SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
Adaptively secure broadcast, revisited
Proceedings of the 30th annual ACM SIGACT-SIGOPS symposium on Principles of distributed computing
Universally composable synchronous computation
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
Hi-index | 0.00 |
A broadcast protocol allows a sender to distribute a message through a point-to-point network to a set of parties, such that (i) all parties receive the same message, even if the sender is corrupted, and (ii) this is the sender’s message, if he is honest. Broadcast protocols satisfying these properties are known to exist if and only if tn/3, where n denotes the total number of parties, and t denotes the maximal number of corruptions. When a setup allowing signatures is available to the parties, then such protocols exist even for tn. Since its invention in [LSP82], broadcast has been used as a primitive in numerous multi-party protocols making it one of the fundamental primitives in the distributed-protocols literature. The security of these protocols is analyzed in a model where a broadcast primitive which behaves in an ideal way is assumed. Clearly, a definition of broadcast should allow for secure composition, namely, it should be secure to replace an assumed broadcast primitive by a protocol satisfying this definition. Following recent cryptographic reasoning, to allow secure composition the ideal behavior of broadcast can be described as an ideal functionality, and a simulation-based definition can be used. In this work, we show that the property-based definition of broadcast does not imply the simulation-based definition for the natural broadcast functionality. In fact, most broadcast protocols in the literature do not securely realize this functionality, which raises a composability issue for these broadcast protocols. In particular, we do not know of any broadcast protocol which could be securely invoked in a multi-party computation protocol in the secure-channels model. The problem is that existing protocols for broadcast do not preserve the secrecy of the message while being broadcasted, and in particular allow the adversary to corrupt the sender (and change the message), depending on the message being broadcasted. For example, when every party should broadcast a random bit, the adversary could corrupt those parties who intend to broadcast 0, and make them broadcast 1. More concretely, we show that simulatable broadcast in a model with secure channels is possible if and only if tn/3, respectively t≤n/2 when a signature setup is available. The positive results are proven by constructing secure broadcast protocols.