1 Asynchronous Broadcast Protocols in Distributed System Oct. 10, 2002 JaeHyrk Park ICU.

Slides:



Advertisements
Similar presentations
Multi-Party Contract Signing Sam Hasinoff April 9, 2001.
Advertisements

Foundations of Cryptography Lecture 7 Lecturer:Danny Harnik.
Agreement: Byzantine Generals UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department CS 739 Distributed Systems Andrea C. Arpaci-Dusseau Paper: “The.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Efficient Two-party and Multiparty Computation against Covert Adversaries Vipul Goyal Payman Mohassel Adam Smith Penn Sate UCLAUC Davis.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Digital Signatures and Hash Functions. Digital Signatures.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.
Eran Omri, Bar-Ilan University Joint work with Amos Beimel and Ilan Orlov, BGU Ilan Orlov…!??!!
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Randomized Algorithms for Reliable Broadcast (IBM T.J. Watson) Vinod Vaikuntanathan Michael Ben-OrShafi GoldwasserElan Pavlov.
1/6/2015HostAP1 P2P Security Case Study: COCA (Cornell Online Certification Authority) Mobile Multimedia Lab, AUEB, 04/04/2003.
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Chapter 5 Cryptography Protecting principals communication in systems.
A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.
Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring Principles of Reliable Distributed Systems Lecture 6: Synchronous Byzantine.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
Optimistic Synchronous Multi-Party Contract Signing N. Asokan, Baum-Waidner, M. Schunter, M. Waidner Presented By Uday Nayak Advisor: Chris Lynch.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Adaptively Secure Broadcast, Revisited
Bob can sign a message using a digital signature generation algorithm
How HTTPS Works J. David Giese. Hyper Text Transfer Protocol BrowserHTTP Server GET / HTTP/1.1 HOST: edge-effect.github.io HEADERS BODY HTTP/ OK.
CS555Topic 211 Cryptography CS 555 Topic 21: Digital Schemes (1)
Securing Every Bit: Authenticated Broadcast in Wireless Networks Dan Alistarh, Seth Gilbert, Rachid Guerraoui, Zarko Milosevic, and Calvin Newport.
Robust Sharing of Secrets when the Dealer Is Honest or Cheating Tal Rabin 1994 Brian Fry COEN
Topic 22: Digital Schemes (2)
Message Authentication Code July Message Authentication Problem  Message Authentication is concerned with:  protecting the integrity of a message.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Basic Cryptography 1. What is cryptography? Cryptography is a mathematical method of protecting information –Cryptography is part of, but not equal to,
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Key Management Celia Li Computer Science and Engineering York University.
1 Lectures on Parallel and Distributed Algorithms COMP 523: Advanced Algorithmic Techniques Lecturer: Dariusz Kowalski Lectures on Parallel and Distributed.
Byzantine fault-tolerance COMP 413 Fall Overview Models –Synchronous vs. asynchronous systems –Byzantine failure model Secure storage with self-certifying.
Rational Cryptography Some Recent Results Jonathan Katz University of Maryland.
Cryptographic Hash Functions and Protocol Analysis
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.
Authenticated Key Exchange I. Definitions I. MAP I. matching conversations II. oracles II. (I)KA II. AKEP2 III. AKEP2 Security I. Session Keys II. Perfect.
Data Integrity Proofs in Cloud Storage Author: Sravan Kumar R and Ashutosh Saxena. Source: The Third International Conference on Communication Systems.
UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department
Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.
Interleaving and Collusion Attacks on a Dynamic Group Key Agreement Scheme for Low-Power Mobile Devices * Junghyun Nam 1, Juryon Paik 2, Jeeyeon Kim 2,
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Secure Computation with Minimal Interaction, Revisited Yuval Ishai (Technion) Ranjit Kumaresan (MIT) Eyal Kushilevitz (Technion) Anat Paskin-Cherniavsky.
Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.
Manu Drijvers, Joint work with Jan Camenisch, Anja Lehmann. March 9 th, 2016 Universally Composable Direct Anonymous Attestation.
Randomized Algorithms for Distributed Agreement Problems Peter Robinson.
Unreliable Failure Detectors for Reliable Distributed Systems Tushar Deepak Chandra Sam Toueg Presentation for EECS454 Lawrence Leinweber.
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.
Intrusion Tolerant Architectures
Information Security message M one-way hash fingerprint f = H(M)
Cryptographic Hash Functions
Cryptographic Hash Functions
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
Sisi Duan Assistant Professor Information Systems
Presentation transcript:

1 Asynchronous Broadcast Protocols in Distributed System Oct. 10, 2002 JaeHyrk Park ICU

2 Content  Overview  Broadcast Protocols  Cryptographic Primitives  Basic System Model  Previous Work  Multi-Party Protocols  Basic Broadcast Protocol  Byzantine Agreement  Future Work  Reference

3 Overview  Broadcast protocols  Fundamental building block for implementing replication in fault–tolerant distributed systems  Secure service replication in an asynchronous environment with a static set of servers.  Assuming malicious adversary may corrupt up to a threshold of servers and controls the network  A party send to a message to all other parties

4 Cryptographic Primitives  Digital signatures  Key generation algorithm  Signing algorithm  Verification algorithm  Non-interactive threshold signatures  N- parties, up to t of which corrupted  Each Party hold shares of the secret key of a signature scheme  Generate shares of signatures on individual message  K valid signature shares  construct a signature (t < k <= n-t )

5 Cryptographic Primitives(continue)  Threshold Coin-Tossing Scheme  Basic idea – n parties, up to t of which may be corrupted.  Unpredictable function F Mapping the name C of a coin to its value F( C ) ∈ {0,1}  Parties generate shares of a coin- k coin shares (  construct the value of the particular coin)……. t < k <= n-t

6 Basic System Model  Arbitrary multi-party protocol  A number of parties communicate over an insecure, asynchronous network  Adversary may corrupt some of the parties  Trusted dealer generates the initial state for all n parties

7 Previous Work  Multi-Party Protocols  N – party protocol  p 1,…..,p n  Initialization algorithm  Additional party  dealer  Input k,n,t (n <= k)  Generate state information  Party p i activated repeatedly  Update its state  Generate some output message  Wait for the next activation

8 Previous Work  Multi-Party Protocols (continue)  Adversary choose n,t  Protocol restriction t < n/3  Model (PKI for digital signature)  Generate key pair for a digital signature scheme S for each party  Initialize a fixed number of threshold cryptosystem(as required by the implemented protocols)  Generate public output for information associated with n-party protocol

9 Previous Work  Basic broadcast protocol  Reliable broadcast protocol  Provide agreement on a delivered message  Atomic broadcast protocol  Guarantees a total order on messages  Secure casual broadcast protocol  Extends atomic broadcast by encryption to guarantee a casual order among the delivered message

10 Previous Work  Protocol for Byzantine Agreement  Any two honest parties that decide a value for a particular TID must decide the same value.  It is computationally infeasible for an adversary to make two honest parties decide on different values

11 Previous Work  Protocol for Byzantine agreement  Byzantine agreement  N-communicating parties  At most t of N are corrupted  It withstands the maximum number of corrupted parties : t < n/3  Using threshold signatures, coin-tossing protocols  Use a trusted dealer only in a setup phase

12  Asynchronous Byzantine Agreement  N parties : p 1 ….p n  TID : given transaction identifier  Each party p i has an initial value V i ∈ {0,1}  The protocol proceeds in round r = 1,2,….  Pre-processing step  Generate S-signature share on the message (TID,pre-process, V i )  Send message (pre-process,V i,signature share) to all parties  On receiving 2t+1 such votes, each party get a threshold signature of S 0 (at least t+1 votes)

13  Asynchronous Byzantine Agreement  Each round (four step)  After Pre-vote, Main-vote (1,2 step)  Check for decision Collect n-t properly justified main votes of rou nd r. If these are all main-votes for b ∈ {0,1} Decide the value b for TID, continue step 2  Common coin Generate coin share of the coin (TID, r) Send to all parties (coin, r, coin share) Collect n-t shares of the coin (TID,r) Combine these shares to get the value F(TID, r) ∈ {0,1}

14 Future Work  Approach  Integration of both cryptography methods and methods used in distributed methods desirable for developing secure distributed protocols.  Focus on how fault-tolerant broadcasts can benefit from threshold-cryptographic protocols  Future work  Construction or Modification of Asynchronous Broadcast Protocols

15 Reference  C.Cachin, K.Kursawe, F.Petzlod, and V.Shoup, “ Secure and efficient asynchronous broadcast protocols.” Cryptology ePrint Archive, Report 2001/006, Mar  T.Rabin, “A simplified approach to threshold and proactive RSA.” In Advances in Cryptology-Crypto ’98, 1998  C.Cachin, K.Kursawe, and V.Shoup. “Random oracles in Constantinople : practical asynchronous Byzantine agreement using cryptography.”  V.Shoup, “Practical threshold signatures “, Advances in Cryptology: EUROCRYPT 2000(B. Preneel,ed.), Lecture Notes in Computer Science, Springer, 2000  M.Naor, B.Pinkas, and O.Reingold, “Distributed pseudo-random functions and KDSs.” In Advances in Cryptology: EUROCRYPT ‘99(J. Stern, ed.), vol.1592 of Lecture Notes in Computer Science, Springer,  M.K. Reiter and K.P.Birman,” How to securely replicate services,” ACM Transactions on Programming Languages and Systems, vol.16, pp , May  S. Goldwasser, “Multi-Party Computations : Past and Present “ (Invited Talk)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.