Abstract: A distributed computing system can operate in the face of malicious failures on the part of some of its constituent devices when each device within the system verifies the sender of any message it receives, and the propriety of the message. The sender can be verified through message authentication schemes or digital signature schemes, though message authentication can provide a more computationally efficient solution. The propriety of a message can be verified by receiving a sufficiently large number of equivalent, properly authenticated messages such that, even if every malicious device transmitted a message, at least one message would have been sent by a properly functioning device. If the number of malicious devices is represented by the variable “M”, a sufficient number of equivalent, properly authenticated messages to verify that the message is true can be any number of messages greater than M.