25 lines
1.9 KiB
TeX
25 lines
1.9 KiB
TeX
\subsection{DenyList Object}
|
|
|
|
We assume a linearizable DenyList (\DL) object, following the specification in~\cite{frey:disc23}, with the following properties.
|
|
|
|
The DenyList object type supports three operations: $\APPEND$, $\PROVE$, and $\READ$. These operations appear as if executed in a sequence $\Seq$ such that:
|
|
\begin{itemize}
|
|
\item \textbf{Termination.} A $\PROVE$, an $\APPEND$, or a $\READ$ operation invoked by a correct process always returns.
|
|
\item \textbf{APPEND Validity.} The invocation of $\APPEND(x)$ by a process $p$ is valid if:
|
|
\begin{itemize}
|
|
\item $p \in \Pi_M \subseteq \Pi$; \textbf{and}
|
|
\item $x \in S$, where $S$ denote the universe of valid entries to be appended to the DenyList.
|
|
\end{itemize}
|
|
Otherwise, the operation is invalid.
|
|
\item \textbf{PROVE Validity.} Let $op$ the invocation of $\PROVE(x)$ by a process $p_i$. We said $op$ to be invalid, if and only if:
|
|
\begin{itemize}
|
|
\item $p \not\in \Pi_V \subseteq \Pi$; \textbf{or}
|
|
\item A valid $\APPEND(x)$ appears before $op$ in $\Seq$.
|
|
\end{itemize}
|
|
Otherwise, the operation is said to be valid.
|
|
\item \textbf{PROVE Anti-Flickering.} If the invocation of a operation $op = \PROVE(x)$ by a correct process $p \in \Pi_V$ is invalid, then any $\PROVE(x)$ operation that appears after $op$ in $\Seq$ is invalid.
|
|
\item \textbf{READ Validity.} The invocation of $op = \READ()$ by a process $p \in \pi_V$ returns the list of valid invocations of $\PROVE$ that appears before $op$ in $\Seq$ along with the names of the processes that invoked each operation.
|
|
% \item \textbf{Anonymity.} Let us assume the process $p$ invokes a $\PROVE(v)$ operation. If the process $p'$ invokes a $\READ()$ operation, then $p'$ cannot learn the value $v$ unless $p$ leaks additional information.
|
|
\end{itemize}
|
|
|
|
We assume that $\Pi_M = \Pi_V = \Pi$ (all processes can invoke $\APPEND$ and $\PROVE$). |