| Article ID | Journal | Published Year | Pages | File Type |
|---|---|---|---|---|
| 426771 | Information and Computation | 2014 | 9 Pages |
Given a public-key infrastructure (PKI) and digital signatures, it is possible to construct broadcast protocols tolerating any number of corrupted parties. Existing protocols, however, do not distinguish between corrupted parties who do not follow the protocol, and honest parties whose secret (signing) keys have been compromised but continue to behave honestly. We explore conditions under which it is possible to construct broadcast protocols that still provide the usual guarantees (i.e., validity/agreement) to the latter.Consider a network of n parties, where an adversary has compromised the secret keys of up to tctc honest parties and, in addition, fully controls the behavior of up to tata other parties. We show that for any fixed tc>0tc>0 and any fixed tata, there exists an efficient protocol for broadcast if and only if 2ta+min(ta,tc)
