Network coding has been shown to optimally use bandwidth in a network, maximizing information flow but the scheme is very inherently vulnerable to pollution attacks by malicious nodes in the network. A node injecting garbage can quickly affect many receivers. The pollution of network packets spreads quickly since the output of (even an) honest node is corrupted if at least one of the incoming packets is corrupted.
An attacker can easily corrupt a packet even if it is encrypted by either forging the signature or by producing a collision under the hash function. This will give an attacker access to the packets and the ability to corrupt them. Denis Charles, Kamal Jain and Kristin Lauter designed a new homomorphic encryption signature scheme for use with network coding to prevent pollution attacks. [1]
The homomorphic property of the signatures allows nodes to sign any linear combination of the incoming packets without contacting the signing authority. In this scheme it is computationally infeasible for a node to sign a linear combination of the packets without disclosing what linear combination was used in the generation of the packet. Furthermore, we can prove that the signature scheme is secure under well known cryptographic assumptions of the hardness of the discrete logarithm problem and the computational Elliptic curve Diffie–Hellman.
Let be a directed graph where is a set, whose elements are called vertices or nodes, and is a set of ordered pairs of vertices, called arcs, directed edges, or arrows. A source wants to transmit a file to a set of the vertices. One chooses a vector space (say of dimension ), where is a prime, and views the data to be transmitted as a bunch of vectors . The source then creates the augmented vectors by setting where is the -th coordinate of the vector . There are zeros before the first '1' appears in . One can assume without loss of generality that the vectors are linearly independent. We denote the linear subspace (of ) spanned by these vectors by . Each outgoing edge computes a linear combination, , of the vectors entering the vertex where the edge originates, that is to say
where . We consider the source as having input edges carrying the vectors . By induction, one has that the vector on any edge is a linear combination and is a vector in . The k-dimensional vector is simply the first k coordinates of the vector . We call the matrix whose rows are the vectors , where are the incoming edges for a vertex , the global encoding matrix for and denote it as . In practice the encoding vectors are chosen at random so the matrix is invertible with high probability. Thus, any receiver, on receiving can find by solving
where the are the vectors formed by removing the first coordinates of the vector .
Each receiver, , gets vectors which are random linear combinations of the ’s. In fact, if
then
Thus we can invert the linear transformation to find the ’s with high probability.
Krohn, Freedman and Mazieres proposed a theory [2] in 2004 that if we have a hash function such that:
Then server can securely distribute to each receiver, and to check if
we can check whether
The problem with this method is that the server needs to transfer secure information to each of the receivers. The hash functions needs to be transmitted to all the nodes in the network through a separate secure channel. is expensive to compute and secure transmission of is not economical either.
The homomorphic property of the signatures allows nodes to sign any linear combination of the incoming packets without contacting the signing authority.
Elliptic curve cryptography over a finite field is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields.
Let be a finite field such that is not a power of 2 or 3. Then an elliptic curve over is a curve given by an equation of the form
where such that
Let , then,
forms an abelian group with O as identity. The group operations can be performed efficiently.
Weil pairing is a construction of roots of unity by means of functions on an elliptic curve , in such a way as to constitute a pairing (bilinear form, though with multiplicative notation) on the torsion subgroup of . Let be an elliptic curve and let be an algebraic closure of . If is an integer, relatively prime to the characteristic of the field , then the group of -torsion points, .
If is an elliptic curve and then
There is a map such that:
Also, can be computed efficiently. [3]
Let be a prime and a prime power. Let be a vector space of dimension and be an elliptic curve such that . Define as follows: . The function is an arbitrary homomorphism from to .
The server chooses secretly in and publishes a point of p-torsion such that and also publishes for . The signature of the vector is Note: This signature is homomorphic since the computation of h is a homomorphism.
Given and its signature , verify that
The verification crucially uses the bilinearity of the Weil-pairing.
The server computes for each . Transmits . At each edge while computing also compute on the elliptic curve .
The signature is a point on the elliptic curve with coordinates in . Thus the size of the signature is bits (which is some constant times bits, depending on the relative size of and ), and this is the transmission overhead. The computation of the signature at each vertex requires bit operations, where is the in-degree of the vertex . The verification of a signature requires bit operations.
Attacker can produce a collision under the hash function.
If given points in find and
such that and
Proposition: There is a polynomial time reduction from discrete log on the cyclic group of order on elliptic curves to Hash-Collision.
If , then we get . Thus . We claim that and . Suppose that , then we would have , but is a point of order (a prime) thus . In other words in . This contradicts the assumption that and are distinct pairs in . Thus we have that , where the inverse is taken as modulo .
If we have r > 2 then we can do one of two things. Either we can take and as before and set for > 2 (in this case the proof reduces to the case when ), or we can take and where are chosen at random from . We get one equation in one unknown (the discrete log of ). It is quite possible that the equation we get does not involve the unknown. However, this happens with very small probability as we argue next. Suppose the algorithm for Hash-Collision gave us that
Then as long as , we can solve for the discrete log of Q. But the ’s are unknown to the oracle for Hash-Collision and so we can interchange the order in which this process occurs. In other words, given , for , not all zero, what is the probability that the ’s we chose satisfies ? It is clear that the latter probability is . Thus with high probability we can solve for the discrete log of .
We have shown that producing hash collisions in this scheme is difficult. The other method by which an adversary can foil our system is by forging a signature. This scheme for the signature is essentially the Aggregate Signature version of the Boneh-Lynn-Shacham signature scheme. [4] Here it is shown that forging a signature is at least as hard as solving the elliptic curve Diffie–Hellman problem. The only known way to solve this problem on elliptic curves is via computing discrete-logs. Thus forging a signature is at least as hard as solving the computational co-Diffie–Hellman on elliptic curves and probably as hard as computing discrete-logs.
In mathematics, the tensor product of two vector spaces V and W is a vector space to which is associated a bilinear map that maps a pair to an element of denoted
In mathematics, the Lp spaces are function spaces defined using a natural generalization of the p-norm for finite-dimensional vector spaces. They are sometimes called Lebesgue spaces, named after Henri Lebesgue, although according to the Bourbaki group they were first introduced by Frigyes Riesz.
In mathematical analysis, Hölder's inequality, named after Otto Hölder, is a fundamental inequality between integrals and an indispensable tool for the study of Lp spaces.
In mathematics, a linear form is a linear map from a vector space to its field of scalars.
In vector calculus, Green's theorem relates a line integral around a simple closed curve C to a double integral over the plane region D bounded by C. It is the two-dimensional special case of Stokes' theorem.
Vapnik–Chervonenkis theory was developed during 1960–1990 by Vladimir Vapnik and Alexey Chervonenkis. The theory is a form of computational learning theory, which attempts to explain the learning process from a statistical point of view.
In differential geometry, the Atiyah–Singer index theorem, proved by Michael Atiyah and Isadore Singer (1963), states that for an elliptic differential operator on a compact manifold, the analytical index is equal to the topological index. It includes many other theorems, such as the Chern–Gauss–Bonnet theorem and Riemann–Roch theorem, as special cases, and has applications to theoretical physics.
In functional analysis and related areas of mathematics, locally convex topological vector spaces (LCTVS) or locally convex spaces are examples of topological vector spaces (TVS) that generalize normed spaces. They can be defined as topological vector spaces whose topology is generated by translations of balanced, absorbent, convex sets. Alternatively they can be defined as a vector space with a family of seminorms, and a topology can be defined in terms of that family. Although in general such spaces are not necessarily normable, the existence of a convex local base for the zero vector is strong enough for the Hahn–Banach theorem to hold, yielding a sufficiently rich theory of continuous linear functionals.
Multi-index notation is a mathematical notation that simplifies formulas used in multivariable calculus, partial differential equations and the theory of distributions, by generalising the concept of an integer index to an ordered tuple of indices.
In abstract algebra and multilinear algebra, a multilinear form on a vector space over a field is a map
In mathematics, a norm is a function from a real or complex vector space to the non-negative real numbers that behaves in certain ways like the distance from the origin: it commutes with scaling, obeys a form of the triangle inequality, and is zero only at the origin. In particular, the Euclidean distance in a Euclidean space is defined by a norm on the associated Euclidean vector space, called the Euclidean norm, the 2-norm, or, sometimes, the magnitude of the vector. This norm can be defined as the square root of the inner product of a vector with itself.
Reed–Muller codes are error-correcting codes that are used in wireless communications applications, particularly in deep-space communication. Moreover, the proposed 5G standard relies on the closely related polar codes for error correction in the control channel. Due to their favorable theoretical and mathematical properties, Reed–Muller codes have also been extensively studied in theoretical computer science.
Hidden Fields Equations (HFE), also known as HFE trapdoor function, is a public key cryptosystem which was introduced at Eurocrypt in 1996 and proposed by (in French)Jacques Patarin following the idea of the Matsumoto and Imai system. It is based on polynomials over finite fields of different size to disguise the relationship between the private key and public key. HFE is in fact a family which consists of basic HFE and combinatorial versions of HFE. The HFE family of cryptosystems is based on the hardness of the problem of finding solutions to a system of multivariate quadratic equations (the so-called MQ problem) since it uses private affine transformations to hide the extension field and the private polynomials. Hidden Field Equations also have been used to construct digital signature schemes, e.g. Quartz and Sflash.
In mathematics, a Witt vector is an infinite sequence of elements of a commutative ring. Ernst Witt showed how to put a ring structure on the set of Witt vectors, in such a way that the ring of Witt vectors over the finite field of order is isomorphic to , the ring of -adic integers. They have a highly non-intuitive structure upon first glance because their additive and multiplicative structure depends on an infinite set of recursive formulas which do not behave like addition and multiplication formulas for standard p-adic integers.
In mathematics, the Grothendieck inequality states that there is a universal constant with the following property. If Mij is an n × n matrix with
An important aspect in the study of elliptic curves is devising effective ways of counting points on the curve. There have been several approaches to do so, and the algorithms devised have proved to be useful tools in the study of various fields such as number theory, and more recently in cryptography and Digital Signature Authentication. While in number theory they have important consequences in the solving of Diophantine equations, with respect to cryptography, they enable us to make effective use of the difficulty of the discrete logarithm problem (DLP) for the group , of elliptic curves over a finite field , where q = pk and p is a prime. The DLP, as it has come to be known, is a widely used approach to public key cryptography, and the difficulty in solving this problem determines the level of security of the cryptosystem. This article covers algorithms to count points on elliptic curves over fields of large characteristic, in particular p > 3. For curves over fields of small characteristic more efficient algorithms based on p-adic methods exist.
A sum-of-squares optimization program is an optimization problem with a linear cost function and a particular type of constraint on the decision variables. These constraints are of the form that when the decision variables are used as coefficients in certain polynomials, those polynomials should have the polynomial SOS property. When fixing the maximum degree of the polynomials involved, sum-of-squares optimization is also known as the Lasserre hierarchy of relaxations in semidefinite programming.
In discrete mathematics, ideal lattices are a special class of lattices and a generalization of cyclic lattices. Ideal lattices naturally occur in many parts of number theory, but also in other areas. In particular, they have a significant place in cryptography. Micciancio defined a generalization of cyclic lattices as ideal lattices. They can be used in cryptosystems to decrease by a square root the number of parameters necessary to describe a lattice, making them more efficient. Ideal lattices are a new concept, but similar lattice classes have been used for a long time. For example, cyclic lattices, a special case of ideal lattices, are used in NTRUEncrypt and NTRUSign.
In mathematics, calculus on Euclidean space is a generalization of calculus of functions in one or several variables to calculus of functions on Euclidean space as well as a finite-dimensional real vector space. This calculus is also known as advanced calculus, especially in the United States. It is similar to multivariable calculus but is somehow more sophisticated in that it uses linear algebra more extensively and covers some concepts from differential geometry such as differential forms and Stokes' formula in terms of differential forms. This extensive use of linear algebra also allows a natural generalization of multivariable calculus to calculus on Banach spaces or topological vector spaces.
The finite promise games are a collection of mathematical games developed by American mathematician Harvey Friedman in 2009 which are used to develop a family of fast-growing functions , and . The greedy clique sequence is a graph theory concept, also developed by Friedman in 2010, which are used to develop fast-growing functions , and .
{{cite journal}}
: Cite journal requires |journal=
(help){{cite journal}}
: Cite journal requires |journal=
(help)