176 research outputs found
Byzantine Agreement Given Partial Broadcast
This paper considers unconditionally secure protocols for reliable broadcast among a set of n players, where up to t of the players can be corrupted by a (Byzantine) adversary but the remaining h = n - t players remain honest. In the standard model with a complete, synchronous network of bilateral authenticated communication channels among the players, broadcast is achievable if and only if 2n/h < 3. We show that, by extending this model by the existence of partial broadcast channels among subsets of b players, global broadcast can be achieved if and only if the number h of honest players satisfies 2n/h < b + 1. Achievability is demonstrated by protocols with communication and computation complexities polynomial in the size of the network, i.e., in the number of partial broadcast channels. A respective characterization for the related consensus problem is also give
Extended Validity and Consistency in Byzantine Agreement
A broadcast protocol allows a sender to distribute a value among a set of
players such that it is guaranteed that all players receive the same
value (consistency), and if the sender is honest, then all players
receive the sender\u27s value (validity). Classical broadcast protocols for
players provide security with respect to a fixed threshold ,
where both consistency and validity are guaranteed as long as at most
players are corrupted, and no security at all is guaranteed as soon as
players are corrupted. Depending on the environment, validity or
consistency may be the more important property.
We generalize the notion of broadcast by introducing an additional
threshold . In a {\em broadcast protocol with extended
validity}, both consistency and validity are achieved when no more than
players are corrupted, and validity is achieved even when up to
players are corrupted. Similarly, we define {\em broadcast with extended
consistency}. We prove that broadcast with extended validity as well as
broadcast with extended consistency is achievable if and only if
(or ).
For example, six players can achieve broadcast when at most one player is
corrupted (this result was known to be optimal), but they can even
achieve consistency (or validity) when two players are corrupted.
Furthermore, our protocols achieve {\em detection} in case of failure,
i.e., if at most players are corrupted then broadcast is achieved,
and if at most players are corrupted then broadcast is achieved or
every player learns that the protocol failed. This protocol can be
employed in the precomputation of a secure multi-party computation
protocol, resulting in {\em detectable multi-party computation}, where up
to corruptions can be tolerated and up to corruptions can
either be tolerated or detected in the precomputation, for any
with
On the Round Complexity of Randomized Byzantine Agreement
We prove lower bounds on the round complexity of randomized Byzantine agreement (BA) protocols, bounding the halting probability of such protocols after one and two rounds. In particular, we prove that:
1) BA protocols resilient against n/3 [resp., n/4] corruptions terminate (under attack) at the end of the first round with probability at most o(1) [resp., 1/2+ o(1)].
2) BA protocols resilient against n/4 corruptions terminate at the end of the second round with probability at most 1-Theta(1).
3) For a large class of protocols (including all BA protocols used in practice) and under a plausible combinatorial conjecture, BA protocols resilient against n/3 [resp., n/4] corruptions terminate at the end of the second round with probability at most o(1) [resp., 1/2 + o(1)].
The above bounds hold even when the parties use a trusted setup phase, e.g., a public-key infrastructure (PKI).
The third bound essentially matches the recent protocol of Micali (ITCS\u2717) that tolerates up to n/3 corruptions and terminates at the end of the third round with constant probability
Advanced information processing system: The Army fault tolerant architecture conceptual study. Volume 2: Army fault tolerant architecture design and analysis
Described here is the Army Fault Tolerant Architecture (AFTA) hardware architecture and components and the operating system. The architectural and operational theory of the AFTA Fault Tolerant Data Bus is discussed. The test and maintenance strategy developed for use in fielded AFTA installations is presented. An approach to be used in reducing the probability of AFTA failure due to common mode faults is described. Analytical models for AFTA performance, reliability, availability, life cycle cost, weight, power, and volume are developed. An approach is presented for using VHSIC Hardware Description Language (VHDL) to describe and design AFTA's developmental hardware. A plan is described for verifying and validating key AFTA concepts during the Dem/Val phase. Analytical models and partial mission requirements are used to generate AFTA configurations for the TF/TA/NOE and Ground Vehicle missions
Different Perspectives on FLP Impossibility
We demonstrate possibility for vector consensus under the model and
conditions used by Fischer, Lynch, and Patterson (FLP) to prove impossibility
of binary consensus - full asynchrony and one faulty process. Under that model,
we also demonstrate that with any binary consensus protocol: i) binary outcome
is produced from a vector value; ii) elaboration on a vector value is an
unavoidable necessity; and iii) binary agreement can be reached with voting on
a vector value. Key finding: the FLP impossibility result is about
impossibility to produce a binary value from any allowed vector value, i.e.,
from any data set assembled from an allowed initial state
Almost-Everywhere Secure Computation with Edge Corruptions
We consider secure multi-party computation (MPC) in a setting where
the adversary can separately corrupt not only the parties (nodes) but
also the communication channels (edges), and can furthermore choose
selectively and adaptively which edges or nodes to corrupt. Note that
if an adversary corrupts an edge, even if the two nodes that share
that edge are honest, the adversary can control the link and thus
deliver wrong messages to both players. We consider this question in
the information-theoretic setting, and require security against a
computationally unbounded adversary.
In a fully connected network the above question is simple (and we
also provide an answer
that is optimal up to a constant factor). What makes the problem
more challenging is to consider the case of sparse networks.
Partially connected networks are far more realistic than fully
connected networks, which led Garay and Ostrovsky [Eurocrypt\u2708] to
formulate the notion of (unconditional) \emph{almost everywhere (a.e.)
secure computation} in the node-corruption model, i.e., a model in
which not all pairs of nodes are connected by secure channels and the
adversary can corrupt some of the nodes (but not the edges). In such a setting,
MPC amongst all honest nodes cannot be guaranteed due
to the possible poor connectivity of some honest nodes with other
honest nodes, and hence some of
them must be ``given up\u27\u27 and left out of the
computation. The number of such nodes is a function of the underlying
communication graph and the adversarial set of nodes.
In this work we introduce the notion of \emph{almost-everywhere secure
computation with edge corruptions}, which is exactly the same problem as
described above, except that we additionally allow the adversary to
completely control some of the communication channels between two
correct nodes---i.e., to ``corrupt\u27\u27 edges in the network. While it is
easy to see that an a.e. secure computation protocol for the original
node-corruption model is also an a.e. secure computation protocol tolerating
edge corruptions (albeit for a reduced fraction of edge corruptions
with respect to the bound for node corruptions), no polynomial-time
protocol is known in the case where a {\bf constant fraction} of the edges can be corrupted (i.e., the maximum that can be tolerated)
and the degree of the network is sub-linear.
We make progress on this front, by constructing graphs of degree
(for arbitrary constant ) on which we
can run a.e. secure computation protocols tolerating a constant fraction of
adversarial edges. The number of given-up nodes in our construction
is (for some constant that depends on the fraction
of corrupted edges), which is also asymptotically optimal
Optimal and Error-Free Multi-Valued Byzantine Consensus Through Parallel Execution
Multi-valued Byzantine Consensus (BC), in which processes must reach agreement on a single -bit value, is an essential primitive in the design of distributed cryptographic protocols and fault-tolerant distributed systems.
One of the most desirable traits for a multi-valued BC protocol is to be error-free.
In other words, have zero probability of producing incorrect results.
The most efficient error-free multi-valued BC protocols are built as extension protocols, which reduce agreement on large values to agreement on small sequences of bits whose lengths are independent of .
The best extension protocols achieve communication complexity, which is optimal, when is large relative to .
Unfortunately, all known error-free and communication-optimal BC extension protocols require each process to broadcast at least bits with a binary Byzantine Broadcast (BB) protocol.
This design limits the scalability of these protocols to many processes, since when is large, the binary broadcasts significantly inflate the overall number of bits communicated by the extension protocol.
In this paper, we present Byzantine Consensus with Parallel Execution (BCPE), the first error-free and communication-optimal BC extension protocol in which each process only broadcasts a single bit with a binary BB protocol.
BCPE is a synchronous and deterministic protocol, and tolerates faulty processes (the best resilience possible).
Our evaluation shows that BCPE\u27s design makes it significantly more scalable than the best existing protocol by Ganesh and Patra.
For 1,000 processes to agree on 2 MB of data, BCPE communicates fewer bits.
For agreement on 10 MB of data, BCPE communicates fewer bits.
BCPE also matches the best existing protocol in all other standard efficiency metrics
Recommended from our members
Distributed computing and cryptography with general weak random sources
The use of randomness in computer science is ubiquitous. Randomized protocols have turned out to be much more efficient than their deterministic counterparts. In addition, many problems in distributed computing and cryptography are impossible to solve without randomness. However, these applications typically require uniform random bits, while in practice almost all natural random phenomena are biased. Moreover, even originally uniform random bits can be damaged if an adversary learns some partial information about these bits. In this thesis, we study how to run randomized protocols in distributed computing and cryptography with imperfect randomness. We use the most general model for imperfect randomness where the weak random source is only required to have a certain amount of min-entropy. One important tool here is the randomness extractor. A randomness extractor is a function that takes as input one or more weak random sources, and outputs a distribution that is close to uniform in statistical distance. Randomness extractors are interesting in their own right and are closely related to many other problems in computer science. Giving efficient constructions of randomness extractors with optimal parameters is one of the major open problems in the area of pseudorandomness. We construct network extractor protocols that extract private random bits for parties in a communication network, assuming that they each start with an independent weak random source, and some parties are corrupted by an adversary who sees all communications in the network. These protocols imply fault-tolerant distributed computing protocols and secure multi-party computation protocols where only imperfect randomness is available. The probabilistic method shows that there exists an extractor for two independent sources with logarithmic min-entropy, while known constructions are far from achieving these parameters. In this thesis we construct extractors for two independent sources with any linear min-entropy, based on a computational assumption. We also construct the best known extractors for three independent sources and affine sources. Finally we study the problem of privacy amplification. In this model, two parties share a private weak random source and they wish to agree on a private uniform random string through communications in a channel controlled by an adversary, who has unlimited computational power and can change the messages in arbitrary ways. All previous results assume that the two parties have local uniform random bits. We show that this problem can be solved even if the two parties only have local weak random sources. We also improve previous results in various aspects by constructing the first explicit non-malleable extractor and giving protocols based on this extractor.Computer Science
- …