Common use of Cascaded Events Clause in Contracts

Cascaded Events. Since network disruptions are random and unpredictable, it is natu- ral to consider the possibility of so-called cascaded membership events. In fact, cascaded events and their impact on group protocols are of- ten considered in group communication literature, but, alas, frequently neglected in the security literature. Furthermore, the probability of a cascaded event is much higher on a wide area network. A cascaded event occurs when one membership change occurs while another is be- ing handled. For example, a partition can occur while a prior partition is processed, resulting in a cascade of size two. We claim that the STR partition protocol is self-stabilizing, i.e., ro- bust against cascaded network events. In general, self-stabilization is a very desirable feature since lack thereof requires extensive and compli- cated protocol ”coating” to either 1) shield the protocol from cascaded events, or 2) xxxxxx it sufficiently to make the protocol robust with respect to cascaded events (essentially, by making it re-entrant). The latter is often very complicated and inefficient as seen from [AKNR+01]. The pseudocode for the self-stabilizing protocol is shown as below. receive msg (msg type = membership event) construct new tree while there are missing blinded keys if (I can compute any missing keys and I am the sponsor) compute missing blinded keys broadcast new blinded keys endif receive msg if (msg type = broadcast) update current tree else (msg type = membership event) construct new tree endwhile Based on view synchrony discussed in Section 2, we provide an infor- mal proof that the above protocol terminates on any finite number of consecutive cascaded events. Due to view synchrony, every member has the same membership view. We can further assume that the ordering of members in the group communication system is same as that of the key tree. By Remark 1, at least a member, say Mi can compute the group key if all of the blinded session randoms are known. All members can then compute the group key using the broadcast message of the member Mi by Remark 2. Hence, it is enough to show that at least one member knows every other member’s session random, eventually. In the above pseudocode, the sponsor is the node below the lowest node whose blinded session random is missing. Now, if a sponsor Ms cannot compute the group key since some of the blinded keys are missing, it broadcasts the key tree which includes every blinded session random and blinded keys Ms knows. Then the sponsor of the next round will be the one who owns the missing blinded session random. Note that every member will have strictly more blinded session randoms and blinded keys as number of round increases. Hence, as cascaded events stabilize in the group communication system, the STR protocol also terminates.

Cascaded Events. Since network disruptions are random and unpredictable, it is natu- ral natural to consider the possibility of so-called cascaded membership events. In fact, cascaded events and their impact on group protocols are of- ten often considered in group communication literature, but, alas, frequently neglected in the security literature. Furthermore, the probability of a cascaded event is much higher on a wide area network. A cascaded event occurs when one membership change occurs while another is be- ing being handled. For example, a partition can occur while a prior partition is processed, resulting in a cascade of size two. We claim that the STR partition protocol is self-stabilizing, i.e., ro- bust robust against cascaded network events. In general, self-stabilization is a very desirable feature since lack thereof requires extensive and compli- cated complicated protocol ”"coating” " to either 1) shield the protocol from cascaded events, or 2) xxxxxx it sufficiently to make the protocol robust with respect to cascaded events (essentially, by making it re-entrant). The latter is often very complicated and inefficient as seen from [AKNR+01AKNR+ 01]. The pseudocode for the self-stabilizing protocol is shown as below. receive msg (msg type = membership event) construct new tree while there are missing blinded keys if (I can compute any missing keys and I am the sponsor) compute missing blinded keys broadcast new blinded keys endif receive msg if (msg type = broadcast) update current tree else (msg type = membership event) construct new tree endwhile Based on view synchrony discussed in Section 2, we provide an infor- mal informal proof that the above protocol terminates on any finite number of consecutive cascaded events. Due to view synchrony, every member has the same membership member- ship view. We can further assume that the ordering of members in the group communication system is same as that of the key tree. By Remark 1, at least a member, say Mi can compute the group key if all of the blinded session randoms are known. All members can then compute the group key using the broadcast message of the member Mi by Remark 2. Hence, it is enough to show that at least one member knows every other member’s session random, eventually. In the above pseudocode, the sponsor is the node below the lowest node whose blinded session random is missing. Now, if a sponsor Ms cannot compute the group key since some of the blinded keys are missing, it broadcasts the key tree which includes every blinded session random and blinded keys Ms knows. Then the sponsor of the next round will be the one who owns the missing blinded session random. Note that every member will have strictly more blinded session randoms and blinded keys as number of round increases. Hence, as cascaded events stabilize in the group communication system, the STR protocol also terminates.terminates.‌

Cascaded Events. Since network disruptions are random and unpredictable, it is natu- ral natural to consider the possibility of so-called cascaded membership events. (In fact, cascaded events and their impact on group protocols are of- ten often considered in group communication literature, but, alas, frequently neglected not often enough in the security literature. Furthermore, the probability of a cascaded event is much higher on a wide area network. .) A cascaded event occurs occurs, in its simplest form, when one membership change occurs while another is be- ing being handled. Event here means any of: join, leave, partition, merge or a combination thereof. For example, a partition can occur while a prior partition is processedbeing dealt with, resulting in a cascade of size two. In principle, cascaded events of arbitrary size can occur if the underlying network is highly volatile. As discussed before, STR protocol requires at most two rounds. One might wonder why robustness against cascaded failure is important for only a 2-round protocol. We give couple of examples that illustrate (potential) failure of the STR protocol. • Suppose a network partition breaks a group G into groups G1 and G2. The sponsor MG1 needs to compute missing keys and bkeys. While computing these keys, another partition breaks G1 into two other groups G1 (containing MG ) and G2. Based on the partition protocol description, the members in group G2 still wait for the message from MG to process the previous partition. 1 • Suppose a merge event happens whereby groups G1 and G2 to form a single group G. The sponsors MG1 and MG2 in each group broadcast their tree information. In the next round, while a sponsor computes the missing bkeys, a member M1 originally in group G1 leaves the group. If the leaving member is the sponsor, the STR protocol cannot proceed for every other member is waiting for the message from this member. The protocols described above cannot cope with these situations. However, we can modify the protocol in Fig. 9 to handle such cascaded events. We claim that the STR partition protocol is self-stabilizing, i.e., ro- bust robust against cascaded network events. This is quite rare as most multi-round cryptographic protocols are not geared towards handling of such events. In general, self-stabilization is a very desirable feature since lack thereof requires extensive and compli- cated complicated protocol ”coating” to either 1) shield the protocol from cascaded events, or 2) xxxxxx it sufficiently to make the protocol robust with respect to cascaded events (essentially, by making it re-entrant). The latter is often very complicated and inefficient as seen from [AKNR+01]. The high-level pseudocode for the self-stabilizing protocol is shown as belowin Fig. receive msg 10. The changes from Fig. 9 are minimal (msg type = membership event) construct new tree while there lines 15 – 18 are missing blinded keys if (I can compute any missing keys and I am the sponsor) compute missing blinded keys broadcast new blinded keys endif receive msg if (msg type = broadcast) update current tree else (msg type = membership event) construct new tree endwhile Based on view synchrony discussed in Section 2, we provide an infor- mal proof that the above protocol terminates on any finite number of consecutive cascaded events. Due to view synchrony, every member has the same membership view. We can further assume that the ordering of members in the group communication system is same as that of the key tree. By Remark 1, at least a member, say Mi can compute the group key if all of the blinded session randoms are known. All members can then compute the group key using the broadcast message of the member Mi by Remark 2. Hence, it is enough to show that at least one member knows every other member’s session random, eventually. In the above pseudocode, the sponsor is the node below the lowest node whose blinded session random is missing. Now, if a sponsor Ms cannot compute the group key since some of the blinded keys are missing, it broadcasts the key tree which includes every blinded session random and blinded keys Ms knows. Then the sponsor of the next round will be the one who owns the missing blinded session random. Note that every member will have strictly more blinded session randoms and blinded keys as number of round increases. Hence, as cascaded events stabilize in the group communication system, the STR protocol also terminatesadded).

Cascaded Events. Since network disruptions are random and unpredictable, it is natu- ral natural to consider the possibility of so-called cascaded membership events. (In fact, cascaded events and their impact on group protocols are of- ten often considered in group communication literature, but, alas, frequently neglected not often enough in the security literature. Furthermore, the probability of a cascaded event is much higher on a wide area network. .) A cascaded event occurs occurs, in its simplest form, when one membership change occurs while another is be- ing being handled. Event here means any of: join, leave, partition, merge or a combination thereof. For example, a partition can occur while a prior partition is processedbeing dealt with, resulting in a cascade of size two. In principle, cascaded events of arbitrary size can occur if the underlying network is highly volatile. As discussed before, STR protocol requires at most two rounds. One might wonder why robustness against cascaded failure is important for only a 2-round protocol. We give couple of examples that illustrate (potential) failure of the STR protocol. Suppose a network partition breaks a group into groups and . The sponsor needs to compute missing keys and bkeys. While computing these keys, another partition breaks into two other groups (containing ) and . Based on the partition protocol description, the members in group still wait for the message from to process the previous partition. Suppose a merge event happens whereby groups and to form a single group . The sponsors and in each group broadcast their tree information. In the next round, while a sponsor computes the missing bkeys, a member originally in group leaves the group. If the leaving member is the sponsor, the STR protocol cannot proceed for every other member is waiting for the message from this member. The protocols described above cannot cope with these situations. However, we can modify the protocol in Fig. 9 to handle such cascaded events. We claim that the STR partition protocol is self-stabilizing, i.e., ro- bust robust against cascaded network events. This is quite rare as most multi-round cryptographic protocols are not geared towards handling of such events. In general, self-stabilization is a very desirable feature since lack thereof requires extensive and compli- cated complicated protocol ”coating” to either 1) shield the protocol from cascaded events, or 2) xxxxxx it sufficiently to make the protocol robust with respect to cascaded events (essentially, by making it re-entrant). The latter is often very complicated and inefficient as seen from [AKNR+01]. The high-level pseudocode for the self-stabilizing protocol is shown as belowin Fig. receive msg 10. The changes from Fig. 9 are minimal (msg type = membership event) construct new tree while there lines 15 – 18 are missing blinded keys if (I can compute any missing keys and I am the sponsor) compute missing blinded keys broadcast new blinded keys endif receive msg if (msg type = broadcast) update current tree else (msg type = membership event) construct new tree endwhile Based on view synchrony discussed in Section 2, we provide an infor- mal proof that the above protocol terminates on any finite number of consecutive cascaded events. Due to view synchrony, every member has the same membership view. We can further assume that the ordering of members in the group communication system is same as that of the key tree. By Remark 1, at least a member, say Mi can compute the group key if all of the blinded session randoms are known. All members can then compute the group key using the broadcast message of the member Mi by Remark 2. Hence, it is enough to show that at least one member knows every other member’s session random, eventually. In the above pseudocode, the sponsor is the node below the lowest node whose blinded session random is missing. Now, if a sponsor Ms cannot compute the group key since some of the blinded keys are missing, it broadcasts the key tree which includes every blinded session random and blinded keys Ms knows. Then the sponsor of the next round will be the one who owns the missing blinded session random. Note that every member will have strictly more blinded session randoms and blinded keys as number of round increases. Hence, as cascaded events stabilize in the group communication system, the STR protocol also terminatesadded).