![Page 1: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/1.jpg)
Coded Modulation and the Arrival of Signcryption
Yuliang ZhengUniversity of North Carolina at Charlotte
Enhancing Crypto-Primitives with Techniques from Coding TheoryNATO Advanced Research Workshop
6-9 Oct. 2008, Veliko Tarnovo, Bulgaria
![Page 2: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/2.jpg)
2
Outline
Exposure to coded modulation Motivations Signcryption Look into the future
![Page 3: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/3.jpg)
Error Corr(Encoder)
Modulation
Error Corr(Decoder)
Security(Authen)
Security(Decryptor)
Security(Authen)
Security(Encryptor)
SourceDecoder
SourceEncoder
Communications system
3
Demodulation
Channel
![Page 4: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/4.jpg)
Prof. Hideki Imai’s Lab,in the late 80’s
4
Error Corr(Encoder)
Modulation
Error Corr(Decoder)
Security(Authen)
Security(Decryptor)
Security(Authen)
Security(Encryptor)
SourceDecoder
SourceEncoder
Demodulation
Channel
![Page 5: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/5.jpg)
Error Correcting (encoder) +Modulation
Error Correcting (decoder) +Demodulation
Coded modulation--- one of the hottest in 80’s
5
Security(Authen)
Security(Decryptor)
Security(Authen)
Security(Encryptor)
SourceDecoder
SourceEncoder
Channel
![Page 6: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/6.jpg)
Coded modulation
Combination/Co-design of error-correcting codes Multi-level modulation
2 types Trellis-coded modulation (TCM)
Gottfried Ungerboeck, Proposed in1975; Published in IEEE Trans on IT in 1982
Block-coded modulation (BCM) Hideki Imai and Shuji Hirakawa
Published in IEEE Trans on IT in 19766
![Page 7: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/7.jpg)
Goals of coded modulation
To transmit data as fast as possible, and as reliable (little errors) as possible
To achieve Shannon’s capacity limit:
C = B log2(1+S/N)
C: channel capacity (bps)(= max. data transmission rate without error)
B: channel bandwidth (Hz) S: power of signal (W) N: power of noise (W)
7
![Page 8: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/8.jpg)
Challenges
Modulation Transmission rate can be increased by
Increase the number of waveforms (constellation points) for modulation
However, an enlarged waveform set will also decrease “spacing” between waveforms, resulting in larger chances of errors at receiver
Error-correcting codes Increasing error-correcting capabilities requires
appending more parity bits/symbols, whereby reducing effective transmission rate 8
![Page 9: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/9.jpg)
Address the challenges
Co-design/integrate multi-level modulation and convolutional error-correcting code Assign waveforms to code words in such a way
that maximizes Euclidean distance between the waveforms that are the most likely to be confused
![Page 10: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/10.jpg)
10
Ungerboeck’s set partitioning(16QAM constellation mapper)
![Page 11: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/11.jpg)
Error Corr(encoder)
Modulation
Trellis coded modulation
The end result
Increase transmission rate
while at the same time, reduce errors at receiver
KILL 2 BIRDS IN 1 STONE
11
![Page 12: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/12.jpg)
Importance of coded modulation
12
![Page 13: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/13.jpg)
Musing on coded modulation
½ dozen of my fellow PhD students working on coded modulation
Doing Imai Lab’s ritual for 5 years weekly, long group seminars with students
working on a vast array of different projects Applicable to cryptography ? Continue to muse after moving to
Down Under
13
![Page 14: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/14.jpg)
Major goals of cryptography
Authenticity Trusted parties --- symmetric/private key authentication Untrusted parties --- asymmetric/public key authentication (digital
signature, unforgeability) Confidentiality
Symmetric/private key encryption Asymmetric/public key encryption
Reduce cost/overhead Computation (over large integers) Expansion in length (=communication overhead)
14
![Page 15: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/15.jpg)
In the paper & ink world:Signature-then-Seal
15
To achieve: authenticity(unforgeability & non-repudiation)
To achieve: confidentiality
![Page 16: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/16.jpg)
In the digital world:Signature-then-Encryption
1616/65
1. Add Signature Alice signs a message m
using her secret key, i.e. creating sig on m.
2. Do Encryption Alice encrypts (m,sig)
using AES with k. Alice creates another
data so that Bob can recover k. (Typically, Alice encrypts k using Bob’s public key).
m sig m sig k
m
mod exp
mod exp
![Page 17: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/17.jpg)
Signature-then-Encryption(based on Discrete Logarithm)
17
encrypted usinga private key cipher with k
used by the receiver toreconstruct k
m
sig
gx
communication overhead
EXP=3+2.17
![Page 18: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/18.jpg)
Cost of Signature-then-Encryption
18
Cost Schemes
Comp Cost (No. of exp)
Comm Overhead
(bits) RSA based
sig-then-enc
2 + 2
|na| + |nb|
DL based Schnorr sig + ElGamal enc
3 + 2.17 (3 + 3)
|hash| + |q| + |p|
![Page 19: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/19.jpg)
Questions on Efficiency
Can we do better than “signature followed by encryption” ? For resource-constrained applications
Wireless mobile devices Smart card applications
Can we learn from other disciplines such as Communication engineering
Imai-Hirakawa block coded modulation Ungerboeck trellis coded modulation
19
![Page 20: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/20.jpg)
Co-design of digital signature and public key encryption ?
20
?
?Security(Authen)
Security(Decryptor)
Security(Authen)
Security(Encryptor)
SourceDecoder
SourceEncoder
Error Correcting (encoder) +Modulation
Error Correcting (decoder) +Demodulation
Channel
![Page 21: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/21.jpg)
Goal: Signcryption (1996)
To achieve both confidentiality, authenticity
unforgeability & non-repudiation
With a significantly smaller comp. & comm. Cost
Cost (signcryption) << Cost (signature) + Cost (encryption)
21
![Page 22: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/22.jpg)
22
How to co-design
Focus on discrete logarithm (DL) based schemes: ElGamal type public key encryption DSS/Schnorr type digital signature
Notice both use an “ephemeral public key”: gx
Let them share the same ephemeral public key !
Hide it, as long as it can be recovered by the recipient !
![Page 23: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/23.jpg)
Signcryption -- public & secret parameters
23
Public to all p : a large prime q : a large prime
factor of p-1 g : 0<g<p & with
order q mod p Two 1-way hash functions:
G: {0,1}*→ {0,1}L
H: {0,1}* → Zq
(E,D) : private-key encryption & decryption algorithms
Alice’s keys : secret key : public keyxayay g pa
xa mod
xbyby g pb
xb mod
Bob’s keys : secret key : public key
![Page 24: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/24.jpg)
Signcryption and Unsigncryption
24
Signcryption by Alice x ← {1,…,q-1}
at random T = yb
x mod p r = H(m, ya, yb, T) s = x/(r+xa) mod q k=G(T) c=Ek(m) Output (c, r, s)
Unsigncryption by Bob Compute
k=G(T) m=Dk(c) Check if
r = H(m, ya, yb, T) Output m if yes, and
Reject otherwise
pgyT bxsra mod)(
m (c, r, s) (c, r, s) m
![Page 25: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/25.jpg)
Cost of Signcryption (based on Discrete Logarithm)
25
mencrypted usinga private key cipher with k
communication overhead
sig
EXP=1+1.17
![Page 26: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/26.jpg)
Why 1.17 exponentiations?
26
pgy
pgy
pgy
qurv
qxsu
vua
xsrxsa
xsra
b
bb
b
mod)(
mod)(
mod)(
,Then
,mod
,mod
Let
This can be done in a smart way,costing only 1.17 exponentiationson average !D. Knuth,Seminumerical Algorithms,Vol. 2 of The Art of Computer Programming,2nd edition, Addison-Wesley,Exercise 27, Pages 465 & 637.
![Page 27: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/27.jpg)
DL Signcryption v.s. sign-then-encrypt
27
0
1000
2000
3000
4000
5000
6000
7000
8000
1024 2048 4096 8190
RSA sign-encSchnorr + ELGamalDL Signcryption
|p|=|n|
# of multiplications (the smaller the better)
![Page 28: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/28.jpg)
DL Signcryption v.s. sign-then-encrypt
28
0
5000
10000
15000
20000
25000
1024 2048 4096 8190
RSA sign-encSchnorr + ElGamalDL Signcryption
comm. Overhead ((# of bits, the smaller the better)
![Page 29: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/29.jpg)
The end result
29
С един куршум - два заека(With one bullet - two rabbits)
![Page 30: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/30.jpg)
Other developments
Extensions: pairing, factorization, …… Add “bells and whistles”
Multi-recipients, proxy, blind, threshold, ring, ID based, ……
Authenticated encryption (Authencryption) Co-design of shared key authentication and
encryption
30
Public or Private key
Authenticity Non-repudiation
Internationalstandards
Signcryption Public key Yes Yes On the way
Authencryption Private key Yes No On the way
![Page 31: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/31.jpg)
Beyond coded modulationand signcryption ?
There is no crypto equivalent of “Shannon’s capacity limit” Good ? Or Bad ?
31UnsigncryptionSource
Decoder
SourceEncoder Signcryption Error Correcting (encoder) +
Modulation
Error Correcting (decoder) +Demodulation
Channel
![Page 32: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/32.jpg)
32
![Page 33: Coded Modulation and the Arrival of Signcryption](https://reader036.vdocuments.site/reader036/viewer/2022070406/56814073550346895dabf2cb/html5/thumbnails/33.jpg)
33
Много благодаря !Thank you !