Correctness. If a process with identifier i performs Broadcast(m) in superround r ≥ T , then every cor- rect process performs Accept(m, i) during superround r.
Correctness. For all ID, if the leader L is honest and all honest parties are activated on ID, all honest parties would output for ID.
Correctness. If the dealer is honest and inputs secret m in AVSS-Sh, then: • If all honest parties are activated to run AVSS-Sh on ID, all honest parties would output in the AVSS-Sh instance; • The value m∗ reconstructed by any honest party in the corresponding AVSS-Rec instance must be equal to m, for all ID.
Correctness. In this section we prove the correctness of transaction execution by proving the following theorem. Theorem 1 Transaction execution preserves Invariant 1. Proof By assumption the invariant held before the execution of a transaction. At all sites where the transaction is not committed, the data values, history log, and reception vectors remain unchanged. Moreover data values, history log, and reception vectors of all objects not written by the transaction remain unchanged. Let us now consider a site p that committed a transaction (either during normal execution or during recovery after commit) and an object o written by the trans- action. Since the object is locked during transaction execution no other action on o besides those in the transaction is executed at site p. Since the entries of the reception vector for sites di erent from the transaction coordinator do not change, we have to prove only the following: ao 2 H , time(ao ) RV o [c], where c is the transaction coordinator.
Correctness. All the honest parties who terminate the protocol hold identical bit as the output. Moreover, if all the honest parties had the same input bit, say ρ, then all the honest parties output ρ upon termination. The above definition can be easily extended for A bits, where A > 1 and we call such a protocol a multi-bit ABA protocol.
Correctness. If the honest parties terminate Π, then they do so with a common output m∗. Furthermore, if the sender S is honest then m∗ = m. We now define (δ, s)-A-cast protocol, where both δ and s are negligibly small values. Let κ be an error parameter and let δ, s be negligibly small values in κ; i.e., δ = s = 2−Ω(κ). Also, κ = poly(n). Definition 2 ((δ, s)-A-cast) : An A-cast protocol Π is called (δ, s)-A-cast protocol if Π satisfies Ter- mination and Correctness property, except with an error probability of δ and s respectively. The important parameters of any A-cast protocol are: (a) Resilience (the maximum number of cor- rupted parties that the protocol can tolerate and still satisfy the properties); (b) communication com- plexity (the total number of bits communicated by honest parties in the protocol) and (c) Running Time (For a detailed notion of running time of asynchronous protocols, see [9]). The only known protocol for A-cast is due to Bracha [8], who has given a (0, 0)-A-cast protocol. The (0, 0)-A-cast protocol of [8] is t resilient with t < n/3 and requires a communication complexity O P P | | ≥ P of (n2) bits to A-cast a single bit message in constant running time. As Xxxxxx’s A-cast protocol is used as black box in the protocols presented in this article, we recall it in APPENDIX A, for easy reference of the readers. For convenience, we denote the protocol of [8] as Bracha-A-cast(S, , M ), where M is the message that S wants to send and M 1 (in bits). In the rest of the paper, we use the following convention: By saying that ’Pi Bracha-A-casts M ’, we mean that Pi initiates Bracha-A-cast(Pi, , M ). Then by saying that ’Pj receives M from the Bracha-A-cast of Pi’, we mean that Pj terminates the execution of Xxxxxx-A-cast(Pi, , M ), with M as the output. To the best of our knowledge, there is no (δ, s)-A-cast protocol for non-zero δ and/or s.
Correctness. If Eve is passive, then Pr[kA = kB]= 1.
Correctness. If both players are honest, then the protocol is correct with probability at least −
Correctness. If Eve is passive, then Pr[kA = kB] = 1.
Correctness. With the formal validation tool Xxxxxxx-Xxxxx-Xxxxxxx Logic (BAN-logic) [27], we provide the proof of correctness of the proposed scheme in this section. Let U be the user, S represent the sensor node and GWN denote the gateway node. We demonstrate that a session key can be created successfully after the process of mutual authentication among S and U. Now, the basic notations of BAN-logic are given below: • P |≡ X: P believes X.