Authenticated Broadcast with a Partially Compromised Public-Key Infrastructure
نویسندگان
چکیده
Given a public-key infrastructure (PKI) and digital signatures, it is possible to construct broadcast protocols tolerating any number of corrupted parties. Almost all existing protocols, however, do not distinguish between corrupted parties (who do not follow the protocol), and honest parties whose secret (signing) keys have been compromised (but who continue to behave honestly). We explore conditions under which it is possible to construct broadcast protocols that still provide the usual guarantees (i.e., validity/agreement) to the latter. Consider a network of n parties, where an adversary has compromised the secret keys of up to tc honest parties and, in addition, fully controls the behavior of up to ta other parties. We show that for any fixed tc, ta there exists an efficient protocol for broadcast if and only if 2ta+min(ta, tc) < n. We also show that if tc, ta are not fixed, but are only guaranteed to satisfy the bound above, then broadcast is impossible to achieve except for a few specific values of n; for these “exceptional” values of n, we demonstrate a broadcast protocol. Taken together, our results give a complete characterization of this problem. ∗Dept. of Computer Science, University of Maryland. Email: {gordon, jkatz, ranjit, arkady}@cs.umd.edu †Work done in part while visiting IBM. Supported by NSF CNS-0447075, NSF CNS-0627306, the U.S. DoD/ARO MURI program, and the US Army Research Laboratory and the UK Ministry of Defence under agreement number W911NF-06-3-0001.
منابع مشابه
Pseudonymous Broadcast and Secure Computation from Cryptographic Puzzles
In standard models of distributed computation, point-to-point channels between parties are assumed to be authenticated by some preexisting means. In other cases, even stronger pre-existing setup—e.g., a public-key infrastructure (PKI)—is assumed. These assumptions are too strong for open, peer-to-peer networks, where parties do not necessarily have any prior relationships and can come and go as...
متن کاملToward an energy efficient PKC-based key management system for wireless sensor networks
Due to wireless nature and hostile environment, providing of security is a critical and vital task in wireless sensor networks (WSNs). It is known that key management is an integral part of a secure network. Unfortunately, in most of the previous methods, security is compromised in favor of reducing energy consumption. Consequently, they lack perfect resilience and are not fit for applications ...
متن کاملMulti - Factor Password - Authenticated Key Exchange ( full version )
We consider a new form of authenticated key exchange which we call multi-factor passwordauthenticated key exchange, where session establishment depends on successful authentication of multiple short secrets that are complementary in nature, such as a long-term password and a one-time response, allowing the client and server to be mutually assured of each other’s identity without directly disclo...
متن کاملMulti-Factor Password-Authenticated Key Exchange
We consider a new form of authenticated key exchange which we call multi-factor passwordauthenticated key exchange, where session establishment depends on successful authentication of multiple short secrets that are complementary in nature, such as a long-term password and a one-time response, allowing the client and server to be mutually assured of each other’s identity without directly disclo...
متن کاملPseudonymous Secure Computation from Time-Lock Puzzles
In standard models of secure computation, point-to-point channels between parties are assumed to be authenticated by some pre-existing means. In other cases, even stronger pre-existing setup—e.g., a public-key infrastructure (PKI)—is assumed. These assumptions are too strong for open, peer-to-peer networks, where parties do not necessarily have any prior relationships and can come and go as the...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Inf. Comput.
دوره 234 شماره
صفحات -
تاریخ انتشار 2009