smile markovski “ ss cyril and methodius ” university skopje, republic of macedonia
DESCRIPTION
NATO ARW, 6-9 October, 2008, Veliko Tarnovo, Bulgaria Error Correcting Cryptcodes Based on Quasigroups. SMILE MARKOVSKI “ Ss Cyril and Methodius ” University Skopje, Republic of Macedonia Joint research with D. Gligoroski and Lj. Kocarev. Error Correcting Cryptcodes Based on Quasigroups. - PowerPoint PPT PresentationTRANSCRIPT
NATO ARW, 6-9 October, 2008, Veliko Tarnovo, Bulgaria
Error Correcting Cryptcodes Based on Quasigroups
SMILE MARKOVSKI
“Ss Cyril and Methodius” UniversitySkopje, Republic of Macedonia
Joint research with D. Gligoroski and Lj. Kocarev
Error Correcting Cryptcodes Based on Quasigroups
• Gligoroski, D., Markovski, S., Kocarev, Lj., Error-Correcting Codes Based on Quasigroups, Proceedings of 16th International Conference on Computer Communications and Networks (ICCCN 2007), 13-16 Aug. 2007. pp. 165 – 172 http://ieeexplore.ieee.org/Xplore/login.jsp?url=/iel5/4317769/ 4317770/04317814.pdf?tp=&isnumber=&arnumber=4317814
• D Gligoroski, D., Markovski, S., Kocarev, Lj., Totally Asynchronous Stream Ciphers + Redundancy = Cryptcoding, S. Aissi, H.R. Arabnia (Eds.): Proceedings of the 2007 International Conference on Security and menagement, SAM 2007, Las Vegas, June 25-28,2007. CSREA Press, pp. 446 – 451
http://www.informatik.uni-trier.de/~ley/db/conf/ csreaSAM/csreaSAM2007.html#GligoroskiMK07
STREAM CIPHERS
• A synchronous stream cipher- one bit error of the transmitted ciphertext
propagate to one bit error during the decryption• An asynchronous stream cipher - one bit error of the transmitted ciphertext propagate to several consecutive bit errors during the decryption• A totally asynchronous stream cipher (TASC)
- one bit error of the transmitted ciphertext propagate to all consecutive bit errors during the decryption
STREAM CIPHERS
plaintext: m1 m2 m3 m4 m6 m7 m8 m9 m10…ciphertext: c1 c2 c3 c4 c6 c7 c8 c9 c10…chanel: ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ciphertext: c1 c2 c3 c4 c6 c7 c8 c9 c10…plaintext: m1 m2 m3 m4 m6 m7 m8 m9 m10…-----------------------------------------------------------------------------------------------------------------plaintext: m1 m2 m3 m4 m6 m7 m8 m9 m10…ciphertext: c1 c2 c3 c4 c6 c7 c8 c9 c10…chanel: ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ciphertext: c1 c2 c3 c4 c6 c7 c8 c9 c10…plaintext: m1 m2 m3 m4 m6 m7 m8 m9 m10…-----------------------------------------------------------------------------------------------------------------plaintext: m1 m2 m3 m4 m6 m7 m8 m9 m10…ciphertext: c1 c2 c3 c4 c6 c7 c8 c9 c10…chanel: ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ciphertext: c1 c2 c3 c4 c6 c7 c8 c9 c10…plaintext: m1 m2 m3 m4 m6 m7 m8 m9 m10…
CRYPTCODING Given:
- TASC- message M = B1||B2||B3||… as concatenation of n-bit blocks Bi
- redundant message R = R1||R2||R3||… as concatenation of k-bit blocks Ri
• Coding:C = TASC(B1||R1||B2||R2||B3||R3||…) = C1||C2||C3||…, where |Ci| = | Bi||Ri| (as stream code) Ci = TASC(Bi||Ri) (as block code)
• Decoding of C’=C1’||C2’||C3’||… :- use TASC-1(C’) and the redundant information R (as stream code)- use TASC-1(Ci’) and the redundant information Ri (as block code)
cryptcoding of rate n/(n+k)
DECODING
TASC has to be suitably defined!!! - bijective function
- randomized function
Our TASC is based on quasigroup transformations of strings:
- bijective functions- have good randomization properties
We are using quasigroups of order 16 and their elements are nibles (4-bit words)
QUASIGROUP
LEFT PARASTROPHE
(Q,*) – quasigroup
• Definition of “\”:x \ y = z <=> y = x * z
• (Q,\) is a quasigroup too, left parastrophe of (Q,*)
• Identities: x * (x \ y) = y, x \ (x * y) = y
Quasigroup string transformations
• e-transformationTake a fixed a € Q.
• d-transformation
Quasigroup string transformations
• Theorem 1: The distribution of s-tuples in the string ea
k(a1a2…an) is uniform, for each
s = 1,2,…,k • Theorem 2:
There are quasigroups such that periodicity of ea
k(a1a2…an) is 2k times the periodicity of a1a2…an • Theorem 3:
The e-transformations and the d-transformations are bijections
QUASIGROUP TASC
OUR DECODING
Decoding process consists of four steps: (i) procedure for generating the sets with predefined Hamming distance (ii) inverse coding algorithm (iii) procedure for generating decoding candidate sets (iv) decoding rule
SETS WITH PREDEFINED HAMMING DISTANCE
Probability that < t-1 bits in C’i (where |C’i| = s), are not correct is
Let Bmax be an integer such that 1 - P(p,Bmax) < q-1. Thenthe bit-error probability of the block C’i (= Di) is at most q.
Define sets with predefined Hamming distnce Bmax by
The cardinality of Hi is
INVERSE CODING ALGORITHM (ICA)
GENERATING DECODING CANDIDATE SETS
The decoding candidate sets S0, S1, …, Sr are defined iteratively.
S0 = {(k1…kt, )}, where is the empty sequence and k(0) = k1…kt is the initial (secret) key.
Si is the set of all pairs (,w1w2…wis) obtained by using the sets Si-1 and Hi as follows:
For each (, w1w2…w(i-1)s) € Si-1 and each element € Hi, apply the ICA with input (, ), and let ICA(, )=(, ). If and Ri have the redundant information in the same positions, then the pair (,w1w2…wisc1c2… cs) = (,w1w2…wis) is an element of Si.
DECODING RULE
If the set Sr contains only one element
(d1d2…dn,w1w2…wrs), then
C = w1w2…wrs
EXAMPLE OF A STREAM CRYPTCODE
Message: M = m1m2m3m4m5m6 …
Message expansion with redundancy: R(M) = m1000 m2000 m3000 0000 m4000 m5000 m6000 0000 . . ., => code rate 3/16
Initial key: 01234 (digits represented by nibles)
Chanel: Bounded BSC with at most 5 bit erors on every 16 received bits => Bmax = 5, Bchecks = 6885
M = 3 8 a 8 e 9 8 7 3 7 7 c 8 3 c d f d 3 a 6 e 1 0 …
R(M)=3 0 0 0 8 0 0 0 a 0 0 0 0 0 0 0 8 0 0 0 e 0 0 0 9 0 0 0 0 0 0 0 8 0 0 0 7 0 0 0 3 0 0 0 0 0 0 0 7 0 0 0 7 0 0 0 c 0 0 0 0 0 0 0 8 0 0 0 3 0 0 0 c 0 0 0 0 0 0 0 d 0 0 0 f 0 0 0 d 0 0 0 0 0 0 0 3 0 0 0 a 0 0 0 6 0 0 0 0 0 0 0 e 0 0 0 1 0 0 0 0 0 0 0
C = TASC(R(M)) = 9 4 a 0 f 0 7 d a c a 5 d 8 5 8 c 7 5 b 8 a d 0 8 5 a 9 2 1 3 b 0 5 d 6 2 7 2 d b 4 c d 9 1 4 4 2 7 d 1 5 4 8 5 0 8 4 8 8 2 3 5 2 6 8 9 b 2 a 1 8 d 6 c b 1 9 c 5 9 e e 4 f 4 4 7 3 e 6 5 d 5 7 2 c 5 2 5 8 0 a b 3 6 e 2 8 1 c 8 1 2 1 4 1 3 8 d b c 2 c b 6 7 e 5 …
Eror sequence:5 4 4 5 5 4 5 4 5 5 2 5 4 5 4 4 5 3 5 4 5 5 5 3 5 5 5 5 5 5 5 5 5 5 4 …
C’ = 9 2 e 3 6 8 7 9 a 8 f d 7 0 c 8 d e c b 2 2 d 2 4 4 8 1 a 3 1 a 1 7 f 5 b f 3 c b 4 c 7 9 0 1 e 8 7 f 3 4 c 0 9 8 0 1 8 6 a 3 5 4 e d 9 b 2 f 9 4 d c 8 a 1 d 0 5 d b b e a 4 0 7 b 4 3 4 d d f 1 b 5 2 c 8 8 9 a 3 9 e 6 1 0 4 0 1 4 7 1 b 3 a 4 e c 0 9 b 3 6 4 5 9 e 5 7 e 7 f c f d 6 3 1 8 0 ....
TRELIS OF DECODING PROCESSM = 3 8 a 8 e 9 8 7 3 7 7 c 8 3 c d f d 3 a 6 e 1 0 …
TRELIS OF DECODING PROCESSM = 3 8 a 8 e 9 8 7 3 7 7 c 8 3 c d f d 3 a 6 e 1 0 …
TRELIS OF DECODING PROCESSM = 3 8 a 8 e 9 8 7 3 7 7 c 8 3 c d f d 3 a 6 e 1 0 …
TRELIS OF DECODING PROCESSM = 3 8 a 8 e 9 8 7 3 7 7 c 8 3 c d f d 3 a 6 e 1 0 …
TRELIS OF DECODING PROCESSM = 3 8 a 8 e 9 8 7 3 7 7 c 8 3 c d f d 3 a 6 e 1 0 …
TRELIS OF DECODING PROCESSM = 3 8 a 8 e 9 8 7 3 7 7 c 8 3 c d f d 3 a 6 e 1 0 …
After 36 decrypted/decoded blocks we have two decoding candidates:
a) 3 8 a 8 e 9 8 7 3 7 7 c 8 3 c d f d 3 a 6 e 1 0 2 d c,b) 3 8 a 8 e 9 8 7 3 7 7 c 8 3 c d f d 3 a 6 e
1 0 2 d 1.The first candidate is the correct one.
INSTEAD OF CONCLUSION
For comparison, 3/16 Reed-Muller code of length 32 that can recover up to 7 errors in 32 bits is not able to decode successfully the message with so many errors.
This example shows that the stream codes, in some cases, can be much better than the block codes.
Thanks for your attention!