Our Solution.Β In order to tolerate π‘π < π/2 corruptions under a synchronous network, we first use the fact that discarding the highest and lowest π‘π values is not always necessary. If π β π‘π + π values are received, it is guaranteed that at most π of these values are from corrupted parties (since the values not received are from corrupted parties), and therefore discarding the lowest and the highest π values is enough to remain in the range of the honest values. Secondly, to achieve convergence, we ensure that the multisets of values obtained by any two honest parties are consistent and have an overlap containing all the honest values by introducing a novel primitive, which we call Overlap All-to-All Broadcast. In order to achieve security against π‘π corruptions under an asynchronous network, our Overlap All-to-All Broadcast will also ensure that the values obtained by any two honest parties are consistent and have an overlap of at least π β π‘π values (possibly containing corrupted values). In this case, π‘π of the values received by a party may be corrupted even if Xxxxx Xxxxxx, Xxxx-Xx Xxx-Xxxxx, and Xxxxx XxXxxxxxxx that party only receives π β π‘π values. Since π β π‘π > 2 Β· π‘π , discarding the lowest and highest π‘π values is secure, similar to the previous case. Of course, the parties do not know whether the network is synchronous or asynchronous, and therefore cannot decide whether to crop π or π‘π values. However, we show that discarding the lowest and the highest max(π‘π, π) values received is enough to simultaneously achieve security under both networks. This is achieved with the help of a technical lemma, which shows that the values obtained by any two honest parties after discarding the lowest and the highest values have some common range. Comparison to Hybrid Protocols. Our techniques differ with current works on hybrid BA protocols in two essential aspects. First, the hybrid BA protocols make use of randomization in an essential way. In contrast, our protocols for AA are completely deterministic. Second, all hybrid protocols for BA, SMR and MPC follow the same approach: there is a black-box compiler that takes as input two protocols, one synchronous and one asynchronous with somewhat enhanced security guarantees, and outputs a hybrid protocol. Our protocol differs from this compiler-approach, and we provide a protocol completely from scratch.
Our Solution.Β This paper proposes the use of ID-based cryptography [20] as a solution to the authen- tication and key agreement problems that exist in SIP. This new SIP authentication mechanism and key agreement protocol provides mutual authentication and provably se- cure key agreement between previously unknown parties. ID based cryptographic schemes are a current and active area of research by the cryptographic community and offer the benefits of public key cryptography without the need for an expansive PKI. This solution fits neatly in the SIP protocols as described in RFC3261 and is intended to be operable in the case of intermediary proxies being unaware of the additions.
Our Solution.Β This paper proposes the use of ECC cryptography as a solution to the authentication and key agreement problems that exist in SIP. This new SIP authentication mechanism and key agreement protocol provides mutual authentication and provable security in Xxxxxxx-Xxxxxxxx (CK) security model. This solution fits neatly in the SIP protocols as described in XXX 0000 [1].
