Presentation is loading. Please wait.

Presentation is loading. Please wait.

Signatures for Network Coding Denis Charles Kamal Jain Kristin Lauter Microsoft Research.

Published byAnthony Ferguson Modified over 10 years ago

Similar presentations

Presentation on theme: "Signatures for Network Coding Denis Charles Kamal Jain Kristin Lauter Microsoft Research."— Presentation transcript:

1 Signatures for Network Coding Denis Charles Kamal Jain Kristin Lauter Microsoft Research

2 Network Coding Set-up A directed graph of users G A server (source) distributing content Content is divided into packets and represented as vectors in a vector space Each node receives linear combinations of packets from other nodes At each node, new linear combinations of received packets are formed and sent out along new edges Extra bits keep track of which linear combination at each step

3 Pollution attacks A malicious node can inject garbage into the distribution network If undetected, the garbage will pollute the whole network, as meaningless packets are combined with others and redistributed Signatures on received packets can be used to check for garbage

4 Assumptions Public key digital signatures Only the server possesses the secret key for signing Any node can verify signatures using public information So how can nodes re-sign linear combinations of received packets?

5 Homomorphic signature scheme Our solution is based on: Elliptic curves Bilinear pairing (Weil pairing) Homomorphic hashing of content onto points on the elliptic curve BLS-type signatures (Boneh-Lynn-Schacham) Security reduction to ECDLP (Elliptic curve discrete logarithm problem)

6 Elliptic curves over finite fields Finite field F q with q elements, A, B in F q Elliptic curve over F q with equation y 2 = x 3 + Ax + B E(F q )={(x, y): y 2 = x 3 + Ax + B} has a group structure and a bilinear pairing e m : E[m] × E[m] alg(F q ) * satisfying e m (S 1 + S 2, T) = e(S 1, T)e(S 2, T) e m (S, T 1 + T 2 ) = e(S, T 1 )e(S, T 2 ).

7 Homomorphic hashing and signing Vectors (packets) with coefficients v i in F p are hashed to linear combinations of public p-torsion points on E/F q R 1, · · ·,R k, P 1, · · ·, P d in E(F q )[p] k=# of vectors, d = dimension of vector space Server has secret keys for signing s 1, · · ·, s k and r 1, · · ·, r d in F p signs the packet by computing the signature of hash Σs i v i R i + Σr i v i P i Server also publishes Q, s j Q and r i Q Q is another point in E(F q )[p] which is linearly independent from the points R 1,…,R k, P 1,…, P d

8 Bilinearity of the pairing 1. Verification of signatures uses bilinearity of the pairing since e m (s i v i R i, Q) = e m (v i R i, s i Q) 2. Received valid signatures can be recombined to accompany new outgoing combinations of packets since the signature of the sum is the sum of the signatures

9 Security Theorem: Finding a collision of the hash function h is polynomial-time equivalent to computing the discrete log on the elliptic curve E. Fact: Forging signatures is as hard as the computational Diffie-Hellman problem on the curve E. Our scheme establishes authentication in addition to detecting pollution.

10 Implementation If we take the prime p 170-bits, this is equivalent to 1024 bits of RSA security. We can setup the system with q ~ p 2. Communication overhead per vector is two elements of F p (the x and y coordinates of a point) = 340 bits. We can reduce this overhead to 171 bits at the cost of increasing computational cost. Computation of signature of vector at an edge e is O(indeg(in(e)) operations in F p. Verification requires O((d+k) log 2+ε q) bit operations Complete setup of the system at the server can be done in polynomial time (assuming a number theoretic conjecture of Hardy-Littlewood).

Download ppt "Signatures for Network Coding Denis Charles Kamal Jain Kristin Lauter Microsoft Research."

Similar presentations

Key Management Nick Feamster CS 6262 Spring 2009.

Key Management Nick Feamster CS 6262 Spring 2009.
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
Cryptography and Network Security Chapter 9

Cryptography and Network Security Chapter 9
Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.

Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.
Russell Martin August 9th, 2013. Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.

Russell Martin August 9th, Contents Introduction to CPABE Bilinear Pairings Group Selection Key Management Key Insulated CPABE Conclusion & Future.
Cryptography and Network Security

Cryptography and Network Security
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,

Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,
Chapter 7-1 Signature Schemes.

Chapter 7-1 Signature Schemes.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.

Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Similar presentations

Ads by Google