Given a public-key infrastructure (PKI) and digital signatures, it is possible to construct
broadcast protocols tolerating any number of corrupted parties. Almost all existing protocols,
however, do not distinguish between corrupted parties (who do not follow the protocol), and
honest parties whose secret (signing) keys have been compromised (but who continue to
behave honestly). We explore conditions under which it is possible to construct broadcast
protocols that still provide the usual guarantees (ie, validity/agreement) to the latter …

Given a public-key infrastructure (PKI) and digital signatures, it is possible to construct
broadcast protocols tolerating any number of corrupted parties. Existing protocols, however,
do not distinguish between corrupted parties who do not follow the protocol, and honest
parties whose secret (signing) keys have been compromised but continue to behave
honestly. We explore conditions under which it is possible to construct broadcast protocols
that still provide the usual guarantees (ie, validity/agreement) to the latter. Consider a …