Resilient Network Coding in the presence of Byzantine Adversaries

Michelle Effros

Michael Langberg

Tracey Ho

Sachin Katti

Muriel Médard

Dina Katabi

Sidharth Jaggi

Obligatory Example/Historys

t1 t2

b1 b2

b2

b2

b1

b1 b1

b1 b1

b1 (b1,b2)

b1+b2

b1+b2b1+b2

(b1,b2)

[ACLY00] [ACLY00] Characterization Non-constructive

[LYC03], [KM02] Constructive (linear) Exp-time design

[JCJ03], [SET03] Poly-time design Centralized design

[HKMKE03], [JCJ03] Decentralized design

EVER

BETTER

.

.

.

C=2

[This work] All the above, plus security

Tons of work

[SET03] Gap provably exists

Multicast

Simplifying assumptions• All links unit capacity

•(1 packet/transmission)• Acyclic network

ALL of Alice’sinformationdecodableEXACTLYbyEACH Bob

Network Model

[GDPHE04],[LME04] – No intereference

Multicast Network Model

ALL of Alice’sinformationdecodableEXACTLYbyEACH Bob

3

2

2

Upper bound for multicast capacity C,

C ≤ min{Ci}

[ACLY00] With mixing, C = min{Ci} achievable!

[LCY02],[KM01],[JCJ03],[HKMKE03] Simple (linear) distributed codes suffice!

Problem!

Eavesdropped links

Attacked links

Corrupted links

Setup

1. Scheme A B C2. Network

C3. Message A C4. Code C5. Bad links C6. Coin A7. Transmit B C8. Decode B

Eureka

Eavesdropped links ZI

Attacked links ZO

Who knows what

Stage

Privacy

ResultsFirst codes Optimal rates (C-2ZO,C-ZO) Poly-time Distributed Unknown topology End-to-end Rateless Information theoretically secure Information theoretically private Wired/wireless

[HLKMEK04],[JLHE05],[CY06],[CJL06],[GP06]

Error Correcting Codes

Y=TX+E

Generator matrix

Low-weightvector

YX

(Reed-Solomon Code)

1

0

0

0

0

c

T

E R=C-2ZO

Alice: Sends packets.

Bob gets (Each column encoded with same transform T)

Now Bob knows T and can decode.

Distributed multicastA

B2

X I

TX T

C packets

“Small” rate-loss

[HKMKE03]

What happens when we implement previous distributed algorithm?

Key idea: think of Calvin's error as an addition to original information flow.

Alice:

Calvin:

Bob:C packets

ZO packets

What happens with errors?

X I

TX T+T’E1 +T’E2

E1 E2

Bob:

•T,T’ are unknown.

•E1,E2 are unknown.

•System is not linear.

•How can Bob recover

X?

R packets

Alice:

Calvin:

Bob:

Overview

B1B2

X I

TX T

Calvin

+T’E1 +T’E2

E1 E2

Step 1: Show how to construct system of

linear equations to help recover X.

Step 2: System may have many solutions.

Need to add redundancy to X.

Step 1: “list decoding” will work as long as R ≤

C-ZO.

Step 2: “unique decoding” will need an additional redundancy of

ZO.

All in all: R = C-2ZO.

X+

= T’(E1-E2X)

Alice:

Calvin:

Bob:

+T’E2+T’E1

Properties of X I

E1 E2

X+

•Col. in X+.

= col. of X + col. of .

•Claim 1: has column rank ZO (=Calvin's strength).

•Proof: Follows from fact that Calvin controls ZO links.

•Claim 2: Columns of X and span disjoint spaces.

•Proof:R≤C-ZO, random encoding.

TTX

=+ =

R

ZO

C

Theorems

Scheme achieves rate C-2ZO (optimal)

Step 1: list decode (R ≤ C-ZO)

Step 2: unique decode (Redundancy = ZO) Secret channel: Instead of Step 2, send hash of

X. Rate = C-ZO (optimal) Limited Adversary: Calvin limited in

eavesdropping – can implement secret channel and obtain rate C-ZO.

Limited eavesdropping:

•Calvin can only see the information on ZI links

•If ZI<C-ZO=R, can implement a secret channel [JL07]

SummaryRate Conditions

Thm 1 C-ZO Secret

Thm 2 C-2ZO Omniscient

Thm 3 C-ZO Limited

Optimal rates Poly-timeDistributedUnknown topologyEnd-to-endRatelessInformation theoretically secure/privateWired/wireless