Minimizing the number of keys for secure communication in a networkBy Niels Duif

Remarks

• Ask questions• Proof by example

/ Department of Mathematics and Computer Science PAGE 221-04-23

Contents

• Introduction• Splitting a message• Constructions• Combining constructions• Conclusions

/ Department of Mathematics and Computer Science PAGE 321-04-23

Introduction

• Network

• Symmetric cryptography

/ Department of Mathematics and Computer Science PAGE 421-04-23

Introduction

• Network

• Symmetric cryptography

/ Department of Mathematics and Computer Science PAGE 521-04-23

Alice

Bob

Eve Chris

common key: kAB

Introduction

• Network

• Symmetric cryptography

/ Department of Mathematics and Computer Science PAGE 621-04-23

Alice

Bob

Eve Chris

common key: kAB

Hi!

Introduction

• Network

• Symmetric cryptography

/ Department of Mathematics and Computer Science PAGE 721-04-23

Alice

Bob

Eve Chris

common key: kAB

z$#

Introduction

• Network

• Symmetric cryptography

/ Department of Mathematics and Computer Science PAGE 821-04-23

Alice

Bob

Eve Chris

common key: kAB

z$#

Introduction

• Network

• Symmetric cryptography

/ Department of Mathematics and Computer Science PAGE 921-04-23

Alice

Bob

Eve Chris

common key: kAB

z$#

Introduction

• Network

• Symmetric cryptography

/ Department of Mathematics and Computer Science PAGE 1021-04-23

Alice

Bob

Eve Chris

common key: kAB

Hi!

Introduction

• Network

• Symmetric cryptography

/ Department of Mathematics and Computer Science PAGE 1121-04-23

Alice

Bob

Eve Chris

common key: kAB

Hi!

?

Introduction

• Network

• Symmetric cryptography

/ Department of Mathematics and Computer Science PAGE 1221-04-23

Alice

Bob

Eve Chris

common key: kAB common key: kBC

common key: kCE

Communication graph

/ Department of Mathematics and Computer Science PAGE 1321-04-23

Alice Bob Chris Eve

Communication graph

• Persons are represented by nodes• Nodes that have one or more keys in common are

connected by a line

/ Department of Mathematics and Computer Science PAGE 1421-04-23

Alice Bob Chris Eve

Communication graph

• Persons are represented by nodes• Nodes that have one or more keys in common are

connected by a line• The lines are labelled with the common keys

/ Department of Mathematics and Computer Science PAGE 1521-04-23

Alice Bob Chris Eve

kAB kBC kCE

Communication graph

• Persons are represented by nodes• Nodes that have one or more keys in common are

connected by a line• The lines are labelled with the common keys

/ Department of Mathematics and Computer Science PAGE 1621-04-23

A B C E

1 2 3

Communication graph

• Nodes may have more than one key in common

/ Department of Mathematics and Computer Science PAGE 1721-04-23

A B

C D

1

3

25

4

Communication graph

• Nodes may have more than one key in common

/ Department of Mathematics and Computer Science PAGE 1821-04-23

A (1,2,5) B (1,4,5)

C (2,3) D (3,4)

1

3

25

4

How to assign keys?

/ Department of Mathematics and Computer Science PAGE 1921-04-23

C

B

A

E

D

How to assign keys?

• Give every pair of nodes a different key

/ Department of Mathematics and Computer Science PAGE 2021-04-23

C

B

A

E

D

How to assign keys?

• Give every pair of nodes a different key

/ Department of Mathematics and Computer Science PAGE 2121-04-23

C

B

A

E

D

How to assign keys?

• Give every pair of nodes a different key

• This requires keys for n nodes

/ Department of Mathematics and Computer Science PAGE 2221-04-23

C

B

A

E

D

2

)1(

2

nnn

Using fewer keys

• Is secure communication possible with fewer keys?− Yes, assuming that some nodes may be trusted

• Assumption: at most t nodes cannot be trusted• Aim: minimize the total number of keys, c

/ Department of Mathematics and Computer Science PAGE 2321-04-23

Splitting a message

/ Department of Mathematics and Computer Science PAGE 2421-04-23

Splitting a message

• Split a message and send it through different paths• Example: communication from A to D

/ Department of Mathematics and Computer Science PAGE 2521-04-23

A (1,2) B (1,4)

C (2,3) D (3,4)

1

3

2 4

Splitting a message

• Split a message and send it through different paths• Example: communication from A to D

/ Department of Mathematics and Computer Science PAGE 2621-04-23

A (1,2) B (1,4)

C (2,3) D (3,4)

1

3

2 4

part 1

Splitting a message

• Split a message and send it through different paths• Example: communication from A to D

/ Department of Mathematics and Computer Science PAGE 2721-04-23

A (1,2) B (1,4)

C (2,3) D (3,4)

1

3

2 4

part 1

part 2

Splitting a message

• Determine random shares: M1, M2, ... , Ms-1

• Use bitwise addition mod 2: “ ”, or “XOR”

• Ms = M1 M2 ... Ms-1 M

• M1 M2 ... Ms-1 Ms = M

/ Department of Mathematics and Computer Science PAGE 2821-04-23

Splitting a message

• Example: the message is ‘Hi!’

M0 = 01001000 01101001 00100001

M1 = 11101101 11101111 10010001

M2 = 10100101 10000110 10110000

/ Department of Mathematics and Computer Science PAGE 2921-04-23

Splitting a message

• Example: the message is ‘Hi!’

M0 = 01001000 01101001 00100001

M1 = 11101101 11101111 10010001

M2 = 10100101 10000110 10110000

M1 = 11101101 11101111 10010001

M2 = 10100101 10000110 10110000

/ Department of Mathematics and Computer Science PAGE 3021-04-23

Splitting a message

• Example: the message is ‘Hi!’

M0 = 01001000 01101001 00100001

M1 = 11101101 11101111 10010001

M2 = 10100101 10000110 10110000

M1 = 11101101 11101111 10010001

M2 = 10100101 10000110 10110000

M0 = 01001000 01101001 00100001

/ Department of Mathematics and Computer Science PAGE 3121-04-23

Splitting a message

• Example: the message is ‘Hi!’

M0 = 01001000 01101001 00100001

M1 = 11101101 11101111 10010001

M2 = 10100101 10000110 10110000

M1 = 11101101 11101111 10010001

M2 = 10100101 10000110 10110000

M0 = 01001000 01101001 00100001

/ Department of Mathematics and Computer Science PAGE 3221-04-23

Sending a message

/ Department of Mathematics and Computer Science PAGE 3321-04-23

A (1,2) B (1,4)

C (2,3) D (3,4)

1

3

2 4

M1

Sending a message

/ Department of Mathematics and Computer Science PAGE 3421-04-23

A (1,2) B (1,4)

C (2,3) D (3,4)

1

3

2 4

M1

M2

Retrieving a message

• The message is retrieved as the XOR of all shares:

• M = M1 M2 ... Ms

• All shares are needed to retreive the message

/ Department of Mathematics and Computer Science PAGE 3521-04-23

Constructions for t=1

• One corrupt node• The total number of keys is c• How large can n be?

/ Department of Mathematics and Computer Science PAGE 3621-04-23

Sperner’s theorem

• n is at most

• This uses all possible key sets of size

/ Department of Mathematics and Computer Science PAGE 3721-04-23

2c

c

2

c

Example

/ Department of Mathematics and Computer Science PAGE 3821-04-23

62

4

n

4c

Key 1 Key 2 Key 3 Key 4

A X X

B X X

C X X

D X X

E X X

F X X

Example

• Communication from A to F

/ Department of Mathematics and Computer Science PAGE 3921-04-23

Key 1 Key 2 Key 3 Key 4

A X X

B X X

C X X

D X X

E X X

F X X

Example

• Communication from A to F

/ Department of Mathematics and Computer Science PAGE 4021-04-23

Key 1 Key 2 Key 3 Key 4

A X X

B X X

C X X

D X X

E X X

F X XA (1,2) F (3,4)

E(2,4)

D (2,3)

C (1,4)

B (1,3)

4

32

1

Example

• Communication from A to F

/ Department of Mathematics and Computer Science PAGE 4121-04-23

Key 1 Key 2 Key 3 Key 4

A X X

B X X

C X X

D X X

E X X

F X XA (1,2) F (3,4)

E(2,4)

D (2,3)

C (1,4)

B (1,3)

4

32

1

Example

• Communication from A to F• Use all possible combinations of A’s and F’s keys

/ Department of Mathematics and Computer Science PAGE 4221-04-23

Key 1 Key 2 Key 3 Key 4

A X X

B X X

C X X

D X X

E X X

F X XA (1,2) F (3,4)

E(2,4)

D (2,3)

C (1,4)

B (1,3)

4

32

1

Example

• Communication from A to F• Use all possible combinations of A’s and F’s keys

/ Department of Mathematics and Computer Science PAGE 4321-04-23

Key 1 Key 2 Key 3 Key 4

A X X

B X X

C X X

D X X

E X X

F X XA (1,2) F (3,4)

E(2,4)

D (2,3)

C (1,4)

B (1,3)

4

32

1

Example

• Communication from A to F• Use all possible combinations of A’s and F’s keys

/ Department of Mathematics and Computer Science PAGE 4421-04-23

Key 1 Key 2 Key 3 Key 4

A X X

B X X

C X X

D X X

E X X

F X XA (1,2) F (3,4)

E(2,4)

D (2,3)

C (1,4)

B (1,3)

4

32

1

Example

• Communication from A to F• Use all possible combinations of A’s and F’s keys

/ Department of Mathematics and Computer Science PAGE 4521-04-23

Key 1 Key 2 Key 3 Key 4

A X X

B X X

C X X

D X X

E X X

F X XA (1,2) F (3,4)

E(2,4)

D (2,3)

C (1,4)

B (1,3)

4

32

1

Example

• Communication from A to F• Use all possible combinations of A’s and F’s keys

/ Department of Mathematics and Computer Science PAGE 4621-04-23

Key 1 Key 2 Key 3 Key 4

A X X

B X X

C X X

D X X

E X X

F X XA (1,2) F (3,4)

E(2,4)

D (2,3)

C (1,4)

B (1,3)

4

32

1

Example

• Communication from A to F• Use all combinations of their keys

/ Department of Mathematics and Computer Science PAGE 4721-04-23

Key 1 Key 2 Key 3 Key 4

A X X

B X X

C X X

D X X

E X X

F X XA (1,2) F (3,4)

E(2,4)

D (2,3)

C (1,4)

B (1,3)

4

32

1

Eavesdrop

• The following keys are needed:

/ Department of Mathematics and Computer Science PAGE 4821-04-23

Key 1 Key 2 Key 3 Key 4

A X X

B X X

C X X

D X X

E X X

F X X

Eavesdrop

• The following keys are needed:

/ Department of Mathematics and Computer Science PAGE 4921-04-23

Key 1 Key 2 Key 3 Key 4

A X X

B X X

C X X

D X X

E X X

F X X

Key 1 or Key 3

Eavesdrop

• The following keys are needed:

/ Department of Mathematics and Computer Science PAGE 5021-04-23

Key 1 Key 2 Key 3 Key 4

A X X

B X X

C X X

D X X

E X X

F X X

Key 1 or Key 3 Key 1 or Key 4

Eavesdrop

• The following keys are needed:

/ Department of Mathematics and Computer Science PAGE 5121-04-23

Key 1 Key 2 Key 3 Key 4

A X X

B X X

C X X

D X X

E X X

F X X

Key 1 or Key 3 Key 1 or Key 4 Key 2 or Key 3

Eavesdrop

• The following keys are needed:

/ Department of Mathematics and Computer Science PAGE 5221-04-23

Key 1 Key 2 Key 3 Key 4

A X X

B X X

C X X

D X X

E X X

F X X

Key 1 or Key 3 Key 1 or Key 4 Key 2 or Key 3 Key 2 or Key 4

Eavesdrop

• The following keys are needed:

/ Department of Mathematics and Computer Science PAGE 5321-04-23

Key 1 Key 2 Key 3 Key 4

A X X

B X X

C X X

D X X

E X X

F X X

Key 1 or Key 3 Key 1 or Key 4 Key 2 or Key 3 Key 2 or Key 4

Conclusion: Key 1 and 2or Key 3 and 4

Eavesdrop

• The following keys are needed:

/ Department of Mathematics and Computer Science PAGE 5421-04-23

Key 1 Key 2 Key 3 Key 4

A X X

B X X

C X X

D X X

E X X

F X X

Key 1 or Key 3 Key 1 or Key 4 Key 2 or Key 3 Key 2 or Key 4

Conclusion: Key 1 and 2or Key 3 and 4

Eavesdrop

• The following keys are needed:

/ Department of Mathematics and Computer Science PAGE 5521-04-23

Key 1 Key 2 Key 3 Key 4

A X X

B X X

C X X

D X X

E X X

F X X

Key 1 or Key 3 Key 1 or Key 4 Key 2 or Key 3 Key 2 or Key 4

Conclusion: Key 1 and 2or Key 3 and 4

Possible constructions

Number of nodes n 6 10 20 35 70 126 252

Number of keys c 4 5 6 7 8 9 10

/ Department of Mathematics and Computer Science PAGE 5621-04-23

Possible constructions

Number of nodes n 6 10 20 35 70 126 252

Number of keys c 4 5 6 7 8 9 10

/ Department of Mathematics and Computer Science PAGE 5721-04-23

25.1)(log2 nc

Possible constructions

Number of nodes n 6 10 20 35 70 126 252

Number of keys c 4 5 6 7 8 9 10

/ Department of Mathematics and Computer Science PAGE 5821-04-23

25.1)(log2 nc

For other values of n (Desmedt, Duif, Van Tilborg, Wang):

25.2)(log2 nc

Constructions for t>1

• Similar splitting of messages• Different constructions• Dual of a 2-design is used

/ Department of Mathematics and Computer Science PAGE 5921-04-23

What is a 2-design?

/ Department of Mathematics and Computer Science PAGE 6021-04-23

Example

/ Department of Mathematics and Computer Science PAGE 6121-04-23

The Fano Plane

Example

/ Department of Mathematics and Computer Science PAGE 6221-04-23

The dual is found by interchanging the points and lines

The Fano Plane

Example

/ Department of Mathematics and Computer Science PAGE 6321-04-23

The dual is found by interchanging the points and lines

The dual of the Fano Plane

Example

/ Department of Mathematics and Computer Science PAGE 6421-04-23

The dual is found by interchanging the points and lines

The dual of the Fano Plane

Another example

/ Department of Mathematics and Computer Science PAGE 6521-04-23

The Affine Plane over F3

Another example

/ Department of Mathematics and Computer Science PAGE 6621-04-23

The dual of the Affine Plane over F3

Important property

/ Department of Mathematics and Computer Science PAGE 6721-04-23

The dual of the Affine Plane over F3

Every two lines meet in a unique point

Possible constructions

Number of nodes, n 7 12 26 35 57 70

Number of keys, c 7 9 13 15 19 21

/ Department of Mathematics and Computer Science PAGE 6821-04-23

Number of nodes, n 13 20 50 63

Number of keys, c 13 16 25 28

t=2

t=3

ntc Known constructions: ntc

Other values of n

• Combine constructions• Use building blocks that are t-safe• Use some extra keys

/ Department of Mathematics and Computer Science PAGE 6921-04-23

Combining constructions

/ Department of Mathematics and Computer Science PAGE 7021-04-23

Safe for t=2

Combining constructions

/ Department of Mathematics and Computer Science PAGE 7121-04-23

Safe for t=2 Safe for t=2

Combining constructions

/ Department of Mathematics and Computer Science PAGE 7221-04-23

Safe for t=2

t+1 extra keys

How many keys are needed?

• Conjecture:

• Known constructions:

• Which is better?

/ Department of Mathematics and Computer Science PAGE 7321-04-23

ntc 2

ntc

PAGE 7421-04-23

Conclusions

• Block designs use fewer keys than existing constructions

• Constructions may be combined• Block designs use many communication paths

(about where is possible)

/ Department of Mathematics and Computer Science PAGE 7521-04-23

3t 1t

End of presentation

/ Department of Mathematics and Computer Science PAGE 7621-04-23

dual

Splitting messages Block designs

Combining constructionst=1

t>1

ntc 2

25.2)(log2 nc