| 摘要 |
A distributed computing system can operate in the face of malicious failures on the part of some of its constituent devices when each device within the system verifies the sender of any message it receives, and the propriety of the message. The sender can be verified through message authentication schemes or digital signature schemes, though message authentication can provide a more computationally efficient solution. The propriety of a message can be verified by receiving a sufficiently large number of equivalent, properly authenticated messages such that, even if every malicious device transmitted a message, at least one message would have been sent by a properly functioning device. If the number of malicious devices is represented by the variable "M", a sufficient number of equivalent, properly authenticated messages to verify that the message is true can be any number of messages greater than M. Furthermore, the receipt of more than 2M equivalent properly authenticated messages can allow the receiving device to prove the propriety of the message to any device it forwards the messages onto. The proper operation of the distributed computing system can, therefore, proceed in the face of M number of malicious failures and F number of total failures, which can include malicious and non-malicious failures, if the number of constituent devices in the distributed computing system is greater than 2F+M. |
