[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[freehaven-cvs] r1786: Klaus's final changes. (doc/trunk/pingers)

To: freehaven-cvs@xxxxxxxxxxxxx
Subject: [freehaven-cvs] r1786: Klaus's final changes. (doc/trunk/pingers)
From: rabbi@xxxxxxxx
Date: Sun, 10 Jun 2007 19:21:42 -0400 (EDT)
Delivered-to: archiver@xxxxxxxx
Delivered-to: freehaven-cvs-outgoing@xxxxxxxx
Delivered-to: freehaven-cvs@xxxxxxxx
Delivery-date: Sun, 10 Jun 2007 19:21:50 -0400
Reply-to: freehaven-dev@xxxxxxxxxxxxx
Sender: owner-freehaven-cvs@xxxxxxxxxxxxx

Author: rabbi
Date: 2007-06-10 19:21:41 -0400 (Sun, 10 Jun 2007)
New Revision: 1786

Modified:
   doc/trunk/pingers/echolot.tex
Log:
Klaus's final changes.


Modified: doc/trunk/pingers/echolot.tex
===================================================================
--- doc/trunk/pingers/echolot.tex	2007-06-10 19:54:21 UTC (rev 1785)
+++ doc/trunk/pingers/echolot.tex	2007-06-10 23:21:41 UTC (rev 1786)
@@ -547,6 +547,7 @@
 
 We will denote with $y= $ {\em mult\_BA($x$)} the invocation of a multivalued Byzantine
 Agreement protocol with input $x$, yielding the output $y$.
+
 \subsubsection{Broadcast protocols.}
 
 Broadcast protocols~\cite{ckps01} are used to send messages from one
@@ -606,6 +607,8 @@
 \subsubsection{Update set of mixes.}
 
 The main functionality of our protocols is to maintain a consistent
+% kku
+view about the
 set of mixes. Furthermore, a client should easily be able to obtain
 that set, i.e., each pinger can prove that he gives out the correct
 set. This is where the threshold signatures are used; there is only
@@ -616,7 +619,7 @@
 
 As an input for the protocol, each pinger $P_i$ has its own set
 ${\cal L}_i$ of mixes it considers valid. The protocol then has
-2 phases; in the amplicifaction phase, each party collects the
+2 phases. In the amplicifaction phase, each party collects the
 signed input of $n-t$ of other parties, and thus --- as less than a third
 of all parties are corrupt --- of at least $t+1$ uncorrupted parties.
 
@@ -630,7 +633,7 @@
 each mix in the set of lists proposed by only $t$ pingers is removed; thus,
 only pingers proposed by at least one honest pingers remain. As the final list
 contains the input of at least $t+1$ pingers, every mix that is in the list
-of all uncorrupted pingers will be in the final set. 
+of all uncorrupted pingers is guaranteed to be in the final set. 
 The final list is then signed by a combined signature, allowing a party to
 prove that it is the proper list resulting from the protocol.
 
@@ -656,16 +659,22 @@
  \item wait for ($n-t$) such shares $\sigma_{j_1,}..., \sigma{j_{n-t}}$.
  \item $\sigma$ = {\em tsign\_combine}($\sigma_{j_1},...,\sigma_{j_{n-t}}$).
 \end{revpar}
-output (${\cal L}'''$, $\sigma$)
+% kku
+output ({\em date}$, {\cal L}'''$, $\sigma$)
 \end{algorithm}
 
+All subprotocols used in above protocol require a (expected) constant number of rounds
+and have an overal (expected) message complexity in $O(n^2)$, i.e., $O(n)$ messages to be
+send by each pinger. Consequently, the update protocol also
+terminates in (expected) constant rounds with a similar message complexity.
 
 \subsubsection{Update set of pingers.}
 
-The protocol that updates the set of pingers is similar to the one that
+%kku
+The protocol that updates the set of pingers is essentially the same as the one that
 updates the set of mixes. However, for this protocol it is important to
-also update the shared keys, so that the old parties cannot participate
-in any signing process anymore, while the new parties get shares that
+also update the shared keys. This is to prevent the old parties from participating
+in any signing process, while the new parties need to get shares that
 allow them to participate. An appropriate re-sharing protocol is described
 in~\cite{CachinKLS02}.
 
@@ -677,7 +686,7 @@
 to determine a common value that has been proposed by at least one honest
 party. To avoid communication overhead, the agreements needed for all data
 on all mixes can be bundled; this leads to a protocol with message size
-linear in the total number of data items, and a running time logarithmic
+linear in the total number of data items, and a running time and message complexity logarithmic
 in the number of pingers.
 
 
@@ -697,7 +706,7 @@
 parties can be assured to receive all updates in the same order; due to the
 properties of the {\em r-broadcast} protocol, all pingers will eventually receive
 all update requests from the mix, so malicious manipulation of the serial numbers can 
-only lead to a temporary inconsistency.Note that
+only lead to a temporary inconsistency. Note that
 there exist protocols that can also enforce that all pingers receive all
 update requests in the same order; however, the those protocols
 are rather complex, so implementing this here may be

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxx with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/

Prev by Author: [freehaven-cvs] r1785: Include a solution for the edge-case of an evil validator/co (doc/trunk/pynchon-gate)
Next by Author: [freehaven-cvs] r1787: Added funding acks. (doc/trunk/pingers)
Previous by thread: [freehaven-cvs] r1785: Include a solution for the edge-case of an evil validator/co (doc/trunk/pynchon-gate)
Next by thread: [freehaven-cvs] r1787: Added funding acks. (doc/trunk/pingers)
Index(es):
- Author
- Thread