Resilient Network Coding in the Presence of Eavesdropping Byzantine Adversaries

Michael LangbergSidharth Jaggi

Open University of Israel

ISIT 2007

Tsinghua University

Hongyi Yao

Proof incorrect!

2009

Network Codes Resilient to Eavesdropping andJamming

Michael Langberg

Sidharth Jaggi

ORHow to share a secretwhen a (bad) person’s listeningand trying to fool the receiver

Open University of IsraelTsinghua

University

Hongyi Yao

University of Campinas

DaniloSilva

NetCod 2010

Multicast

ALL of Alice’sinformationdecodableEXACTLYbyEACH Bob

Network Model

Multicast Network Model

ALL of Alice’sinformationdecodableEXACTLYbyEACH Bob

[ACLY00] With mixing, C = min{Ci} achievable[LCY02],[KM01],[JCJ03],[HKMKE03] Simple (linear) distributed codes suffice

Problem!

Eavesdropped Links ZI

Attacked Links ZO

Corrupted links

Existence proofs/Converses

Efficient random distributed schemes

Cryptographic schemes

Universal schemes

Privacy (Secrecy)

[CY02], …, [RS07], …

[FMSS04],… [OB08], … [SK08],…

Security (Error Correction)

[CY06]/[YC06], …, [M06], …

[JLKKHM07],… [CJL06], [GP06], [ZKMH07], …

[KK07], [SKK08]…

Background

Setup

1. Scheme A B C2. Network

C3. Data A4. Code C5. Bad links C6. Randomness A7. Transmission A B C8. Decode B

Eureka

Eavesdropped links ZI

Attacked links ZO

Who knows what

Stage

Privacy

Background Efficient algorithms [SK08] [JLKKHM07],

[SKK08] “Optimal” rates (Secrecy) C-ZI (Security) C-2ZO Poly-time Distributed End-to-end Packet-based Topology unknown a priori Information-theoretically secure, private

Privacy at rate C-ZI ([CY02],…)

ZI random symbols

C-ZI rate

Network coding + one-time padOptimal

ZI eavesdropped links

Security at rate C-2ZO (…,[SKK08])

Optimal rateR = C-2ZO

Error-correcting code

Network(Operator channel [KK07], Rank-metric codes [SKK08])

ZO corrupted links

Privacy + Security at rate C-2ZO-ZI

Optimal rate for zero-error codes

Network error-correcting codeRate C-2ZO

ZI random symbols

Overall rate C-2ZO-ZI

[NY09], [SK10]

ε-error?

Shared-secret Security at rate C-ZO

[JLKKHM07]

€

Y = TX + T 'Z = T T '[ ]XZ ⎡ ⎣ ⎢

⎤ ⎦ ⎥

€

XZ ⎡ ⎣ ⎢

⎤ ⎦ ⎥= T T '[ ]

−1Y

Invertible w.h.p. [HKMKE03]

C2 secret hashes of X

Linear list with C2 variables*

Secure transmission at rate C-ZO!

Secure + private transmission at rate C-ZO-ZI!

w.h.p., unique decoding!

* Different list-decoding used

Upper bound: C-ZO-ZI

Just one (secret) bit for Bob… [JL07]

??

Just one (secret) bit for Bob… [YSJL10]

€

0 →R0 ⎡ ⎣ ⎢

⎤ ⎦ ⎥

€

1 →RR' ⎡ ⎣ ⎢

⎤ ⎦ ⎥

€

} ZI} C − ZI

€

} ZI} C − ZI €

Decode(Y) =0, rank(Y ) <C1, rank(Y ) =C ⎧ ⎨ ⎩

Privacy: [SK08] (Only sees ZI links)

Security:

€

R0 ⎡ ⎣ ⎢

⎤ ⎦ ⎥→

RR' ' ⎡ ⎣ ⎢

⎤ ⎦ ⎥, only ZO <C − ZI packets

€

w.h.p. RR' ⎡ ⎣ ⎢

⎤ ⎦ ⎥→

R' 'R' ' ' ⎡ ⎣ ⎢

⎤ ⎦ ⎥, doesn't know R, R'

Questions?