All of the previously described protocols, including ours, rely on a network topology which is complete or very close to complete. Without exception, the protocols require that participants be able to use public communication channels to broadcast data to allow all participants to verify the integrity of the election. In other words, this means that any participant can communicate with any other. While this assumption is reasonable for small-scale elections, it is less so for wide area networks, where we might have the situation that participant A's only link to all other participants goes through participant B. If B is corrupt, B can essentially gain A's vote by suppressing all of A's genuine messages and forging new ones. Clearly the problems of forging and suppression need to be addressed before our protocol can be successfully deployed on a wide area network. If these two concerns are met, then no network failure short of a partition can halt the election.
The best way of handling improper suppression of messages is to use a physical network topology which is connected enough to make it unlikely that all of one participant's links to others are corrupted. Short of this, however, we can take advantage of the fixed complexity of our protocol. While our protocol has numerous parameters that affect the number of messages which need to be sent, once these are fixed at the beginning of an election, the expected number of messages from any participant is deterministic. This prevents intermediate nodes from improperly discarding messages from other participants. Unfortunately, detection of the corrupt node must be done outside of the protocol by a real-world authority.
The obvious approach to solving the forging problem is to use authentication. If we assume the use of a public key cryptosystem such as RSA and that each participant's public key is reliably known, the forging of messages can be prevented. Some additional care must still be taken, however, to prevent replay attacks. If it can be guaranteed that each message have a unique identifier (perhaps based on election id and sequence number) then forgery attempts can be defeated as well.
What these two requirements give us is a virtual network on top of our physical one. With authenticated channels on which messages are not lost, the effective result is that of a completely connected network. Thus, robustness need not be too heavy a concern in the design of protocols over real networks.
If network communication costs are a concern, however, it is imperative that the physical topology of the real network be considered. The virtual network is complete, but the costs between nodes varies widely depending on the physical network. In dividing voters into districts in our protocol, it is (obviously) advisable to place geographically close participants in the same district.