Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
SECURE ONE-WAY INTERACTIVE COMMUNICATION
Abhinav Aggarwal Varsha Dani, Thomas Hayes, Jared Saia
PROBLEM STATEMENT
Alice Bob
Adversary
➤ Alice has a message of length L for Bob
➤ Adversary can flip T bits
➤ Adversary is oblivious
➤ Error tolerance 0 < ✏ < 1
Can the message be sent to Bob with :
➤ Probability of success , and
➤ small number of bits exchanged?
� 1� ✏
OUR ASSUMPTIONS
➤ Both Alice and Bob know L and
➤ T is unknown
➤ Private channel
➤ Individual computation is instantaneous
✏
OUR MAIN RESULT
Expected number of bits exchanged between Alice and Bob :
Probability that Bob has the correct guess of Alice’s message upon termination � 1� ✏
L+O (T +min{(T + 1), L/ logL} log(L/✏))
Much better then ECC for small T!!
For constant ε
L+
(O(logL) for fixed T
⇥(T ) otherwise
REED-SOLOMON CODES [RS]
➤ Degree d = ⌈ L / log L⌉ polynomial used to represent the message
➤ Bob needs at least (d+1) evaluations of this polynomial for reconstruction
➤ Polynomial constructed over field of size
(1/3)-ERROR CORRECTING CODES
➤ Corrects at most a third of total bits
➤ Multiplicative blowup of at most 2
➤ Forces the adversary to pay Θ(length of the message)
2dlogLe
ALGORITHM
Alice Bob
Message polynomial
ALGORITHM
Alice Bob
Message polynomial
ECC and AMD encoded fingerprint
ALGORITHM
Alice Bob
Message polynomial
ECC and AMD encoded fingerprint
Echo of the fingerprint
ALGORITHM
Alice Bob
Message polynomial
ECC and AMD encoded fingerprint
Terminate
Echo of the fingerprint
ALGORITHM
Alice Bob
Message polynomial
ECC and AMD encoded fingerprint
Terminate
Echo of the fingerprint
Terminate
ALGORITHM
Alice Bob
Message polynomial
ECC and AMD encoded fingerprint
Successful round…
Terminate
Echo of the fingerprint
Terminate
FINGERPRINTING [NAOR]➤ Let r = random binary string, m = message of length ℓ
➤ Produces randomized fingerprints (r,F(r,m))
➤ Given probability of collision p, produces hash of length Θ(ℓ/p)
ALGORITHM
Alice Bob
Message polynomial in plaintext
ALGORITHM
Alice Bob
Message polynomial in plaintext
ECC and AMD encoded fingerprint
ALGORITHM
Alice Bob
String of all zeros
Fingerprint mismatch
Message polynomial in plaintext
ECC and AMD encoded fingerprint
ALGORITHM
Alice Bob
Noise
String of all zeros
Fingerprint mismatch
Message polynomial in plaintext
ECC and AMD encoded fingerprint
ALGORITHM
Alice Bob
Noise
String of all zeros
Fingerprint mismatch
Message polynomial in plaintext
ECC and AMD encoded fingerprint
ECC encoded evaluation
ECC encoded evaluation
ALGORITHM
Alice Bob
NoiseRe
peat
String of all zeros
Fingerprint mismatch
Message polynomial in plaintext
ECC and AMD encoded fingerprint
ECC encoded evaluation
ECC encoded evaluation
ALGEBRAIC MANIPULATION DETECTION CODES [AMD]
➤ Enable detection of bit corruption
➤ Work only for private channels
➤ Encode a message m into a value m’
➤ Any bit flipping of m is detected with probability ≥ 1-δ
➤ Produces codewords of length |m’| = |m| + O(1/δ)
ALGORITHM
Alice Bob
Message polynomial
ALGORITHM
Alice Bob
Message polynomial
ECC and AMD encoded fingerprint
ALGORITHM
Alice Bob
Message polynomial
Echo of the fingerprint
ECC and AMD encoded fingerprint
ALGORITHM
Alice Bob
Message polynomial
Noise
Echo mismatch
Echo of the fingerprint
ECC and AMD encoded fingerprint
ALGORITHM
Alice Bob
Message polynomial
ECC encoded evaluation
ECC encoded evaluation
Noise
Echo mismatch
Echo of the fingerprint
ECC and AMD encoded fingerprint
ALGORITHM
Alice Bob
Message polynomial
ECC encoded evaluation
ECC encoded evaluation
Repe
atNoise
Echo mismatch
Echo of the fingerprint
ECC and AMD encoded fingerprint
ALGORITHM (WORST CASE)
Alice Bob
Message polynomial
ECC and AMD encoded fingerprint
Echo of the fingerprint
Terminate
ALGORITHM (WORST CASE)
Alice Bob
Message polynomial
ECC and AMD encoded fingerprint
Echo of the fingerprint
TerminateChannel not silent
ALGORITHM (WORST CASE)
Alice Bob
Message polynomial
ECC and AMD encoded fingerprint
ECC encoded evaluation
ECC encoded evaluation
Echo of the fingerprint
Terminate
Channel not silent
ALGORITHM (WORST CASE)
Alice Bob
Message polynomial
ECC and AMD encoded fingerprint
ECC encoded evaluation
ECC encoded evaluation
Echo of the fingerprint
Terminate
Channel not silent
String of all zeros
ALGORITHM (WORST CASE)
Alice Bob
Message polynomial
ECC and AMD encoded fingerprint
ECC encoded evaluation
ECC encoded evaluation
Repe
at
Echo of the fingerprint
Terminate
Channel not silent
String of all zeros
OUR NEW IDEAS➤ Handle unknown T
➤ Ensure high cost to adversary to delay termination
➤ Synchronization achieved implicitly
➤ Tradeoff between probability of failure and number of bits sent
➤ Distinguishing between “silence”, “noise” and codewords on the channel
➤ Ensuring a constant ratio of algorithmic cost vs. adversary’s cost for large T
CHALLENGES FACED
FUTURE WORK➤ Remove assumption of knowledge of L by Bob
➤ Extend results to multi-party case
➤ Establish lower bounds
32
OUR TEAM
Varsha Dani
Tom Hayes
Jared Saia
QUESTIONS??
RELATED WORK
SCHULMAN’ 96Tolerates noise rate with constant blowup in cost using non-constructive tree codes� <
1
240
BRAKERSKI AND KALAI, FOCS’12Made the upper bounds constructive for noise rate � <
1
32
KOL AND RAZ, FOCS’13Expected cost overhead of bits for stochastic noise rate � <<
1
2O⇣p
� log(1/�) L⌘
HAEUPLER’14O⇣p
� log log(1/�) L⌘
Expected cost overhead of bits for known and sufficiently small
adversarial noise rate �
ICALP'15O⇣T +
pLT + L
⌘Expected cost overhead of bits for unknown noise rate, private channels
and probability of success � 1� 1
L logL
ALICE’S ALGORITHM
BOB’S ALGORITHM