Sélectionner une page

A randomized protocol uses random attribution, z.B. electronic stoltosing, and its termination is therefore likely. The requirements of a random contract protocol are as follows: It should be stressed that we cannot automate the last inductive argument, because it is likely: Cadence SMV cannot handle likely probabilities, while PRISM can only process finite configurations and does not support data reduction. Instead, we validate the probabilistic analysis as follows. By observing that the problem can be reduced for a modeling test of a finite state analysis of the protocol, we manually construct an abstraction and model test with PRISM, which allows to validate the probabilities for No. 20 parts. In addition, we check (for a finite configuration) the accuracy of the abstraction with the CSP process algae [Ros97] and the method-based FDR tool in [KNS01a]; it depends on the ability to code probabilities in action names and therefore excludes the use of Cadence SMV. We overcome the challenges mentioned above as follows. We model the full protocol in Cadence SMV after replacing random results with non-deterministic decisions. The technical difficulties mentioned with the ordset data type were largely resolved by the search for a variant of the model that retains the key ownership on which the correction argument is based. The evidence of probabilistic property is then reduced to a simple highly inductive argument based on a series of lemmas and cryptographic hypotheses. We support cryptographic properties and automate the detection of each Lemma. With the proof of validity and agreement, simpler and fully automated, we get a partially mechanized argument in favor of the accuracy of the ABBA protocol for all n and for all rounds.

One of the fundamental problems of distributed computing that tolerates errors is the problem of the Byzantine agreement. The Byzantine agreement requires a group of parties to agree on a value in a dispersed environment, even if some of the parties are corrupt. The cryptographic primitives used in the protocol are thresholds for koin-tossing diagrams for overly random access and non-interactive threshold signature schemes, which we believe are safe for this case study. In particular, we assume that koin-tossing threshold schemes for overly random access are robust and unpredictable, and that threshold signature schemes are robust and unforging (for more information, see [CKS00]. In addition to validity and agreement, the protocol guarantees probabilistic termination in constant expected time, validated by the following property: We consider the randomized Byzantine protocol ABBA (Asynchronous Binary Byzantine Agreement) of Cachin, Kursawe and Shoup [CKS00], placed in a fully asynchronous environment that allows the maximum number of corrupted parts and uses cryptography. There are n parties, an opponent who cannot corrupt as many of them as much as possible (t < n/3) and a trusted dealer. Parties can go through an unlimited number of rounds: in each round, they try to agree by voting on the basis of the votes of other parties. The aim is to automate the analysis of the ABBA protocol using the methodology established in our previous paper [KNS01a] on the basis of [MQS00].

In [KNS01a], we used Cadence SMV and probabilistic model tester PRISM to test the simpler randomised MOU for Aspnes and Herlihy [AH90] which only tolerates benign shutdown errors.