network coding for error correction and security l.
Skip this Video
Loading SlideShow in 5 Seconds..
Network Coding for Error Correction and Security PowerPoint Presentation
Download Presentation
Network Coding for Error Correction and Security

Loading in 2 Seconds...

play fullscreen
1 / 92

Network Coding for Error Correction and Security - PowerPoint PPT Presentation

  • Uploaded on

Network Coding for Error Correction and Security. Raymond W. Yeung The Chinese University of Hong Kong. Introduction Network Coding vs Algebraic Coding Network Error Correction Secure Network Coding Applications of Random Network Coding in P2P Concluding Remarks . Outline. Introduction.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Network Coding for Error Correction and Security' - Audrey

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
network coding for error correction and security

Network Coding forError Correction and Security

Raymond W. Yeung

The Chinese University of Hong Kong


Network Coding vs Algebraic Coding

Network Error Correction

Secure Network Coding

Applications of Random Network Coding in P2P

Concluding Remarks

a network coding example

A Network Coding Example

The Butterfly Network





















a network coding example6

A Network Coding Example

with Two Sources

















wireless satellite application




t = 1


t = 2



t = 3

Wireless/Satellite Application

50% saving for downlink bandwidth!

two themes of network coding
When there is 1 source to be multicast in a network, store-and-forward may fail to optimize bandwidth.

When there are 2 or more independent sources to be transmitted in a network (even for unicast), store-and-forward may fail to optimize bandwidth.

In short, Information is NOT a commodity!

Two Themes of Network Coding
model of a point to point network
A network is represented by a graph G = (V,E) with node set V and edge (channel) set E.

A symbol from an alphabet F can be transmitted on each channel.

There can be multiple edges between a pair of nodes.

Model of a Point-to-Point Network
single source network coding
The source node s generates an information vector

x = (x1 x2 … xk) Fk.

What is the condition for a node t to be able to receive the information vector x?

Max-Flow Bound. If maxflow(t) < k, then node t cannot possibly receive x.

Single-Source Network Coding
the basic results
If network coding is allowed, a node t can receive the information vector x iff

maxflow(t) ≥ k

i.e., the max-flow bound can be achieved simultaneously by all such nodes t. (Ahlswede et al. 00)

Moreover, this can be achieved by linear network coding for a sufficiently large base field. (Li, Y and Cai, Koetter and Medard, 03)

The Basic Results
global encoding kernels of a linear network code
Recall that x = (x1 x2 … xk) is the multicast message.

For each channel e, assign a column vector fe such that the symbol sent on channel e is x fe. The vector fe is called the global encoding kernel of channel e.

The global encoding kernel of a channel is analogous to a column in the generator matrix of a classical block code.

The global encoding kernel of an output channel at a node must be a linear combination of the global encoding kernels of the input channels.

Global Encoding Kernels of a Linear Network Code
an example

An Example

k = 2, let x = (b1, b2)











a linear multicast
A message of k symbols from a base field F is generated at the source node s.

A k-dimensional linear multicast has the following property: A non-source node t can decode the message correctly if and only if

maxflow(t)  k.

By the Max-flow bound, this is also a necessary condition for a node t to decode (for any given network code).

Thus the tightness of the Max-flow bound is achieved by a linear multicast, which always exists for sufficiently large base fields.

A Linear Multicast
an n k code with d min d
Consider a (n,k) classical block code with minimum distance d.

Regard it as a network code on an

combination network.

Since the (n,k) code can correct d-1 erasures, all the nodes at the bottom can decode.

An (n,k) Code with dmin = d
For the nodes at the bottom,

maxflow(t) = n-d+1.

By the Max-flow bound,

k maxflow(t) = n-d+1

or d  n-k+1, the Singleton bound.

Therefore, the Singleton bound is a special case of the Max-flow bound for network coding.

An MDS code is a classical block code that achieves tightness of the Singleton bound.

Since a linear multicast achieves tightness of the Max-flow bound, it is formally a network generalization of an MDS code.

two ramifications of single source network coding
The starting point of classical coding theory and information-theoretic cryptography is the existence of a conduit through which we can transmit information from Point A to Point B without error.

Single-source network coding provides a new such conduit.

Therefore, we expect that both classical coding theory and information-theoretic cryptography can be extended to networks.

Two Ramifications of Single-Source Network Coding
point to point error correction in a network
Classical error-correcting codes are devised for point-to-point communications.

Such codes are applied to networks on a link-by-link basis.

Point-to-Point Error Correction in a Network









a motivation for network error correction
Observation Only the receiving nodes have to know the message transmitted; the immediate nodes don’t.

In general, channel coding and network coding do not need to be separated 

Network Error Correction

Network error correction generalizes classical point-to-point error correction.

A Motivation for Network Error Correction



what does network error correction do
A distributed error-correcting scheme over the network.

Does not explicitly decode at intermediate nodes as in point-to-point error correction.

At a sink node t, if c errors can be corrected, it means that the transmitted message can be decoded correctly as long as the total number of errors, which can happen anywhere in the network, is at most c.

What Does Network Error Correction Do?
classical algebraic coding
Classical Algebraic Coding

y = x + z






y, x, and z are all in the same space.

minimum distance classical case
Hamming distance is the most natural distance measure.

For a code C, dmin = min d(v1,v2), where v1,v2 C andv1 v2.

If dmin = 2c+1, then C can

Correct c errors

Detect 2c errors

Correct 2c erasures

Minimum Distance: Classical Case
sphere packing

Sphere Packing


coding bounds classical case
Upper bounds

Hamming bound

Singleton bound

Lower bound

Gilbert-Varsharmov bound

Coding Bounds: Classical Case
network coding
Network Coding










input output relation
The network code is specified by the local encoding kernels at each non-source node.

Fix a sink node t.

The codeword x, the error vector z, and the received vectors yt are all in different spaces.

In this tutorial, we consider only linear network codes. Then

yt = xFs,t + zFt

where Fs,t and Ftdepend on t.

In the classical case, Fs,t = Ft are the identity matrix.

Input/Output Relation
distance properties of linear network codes yang y zhang 07
The network Hamming distance can be defined for linear network codes.

Many concepts in algebra coding based on the Hamming distance can be extended to network coding.

Distance Properties of Linear Network Codes (Yang, Y, Zhang 07)
how to measure the distance between two codewords
Fix both the network code and the codebook C, i.e., the set of all possible codewords transmitted into the network.

For a sink node t,

yt(x,z) = x Fs,t + z Ft

For two codewords x1, x2  C , define their distance by

Dtmsg(x1,x2) = arg minzwH(z)

where the minimum is taken over all error vectors z such that

yt(x1,0) = yt(x2,z) , or

yt(x1,z) = yt(x2,0)

IdeaDtmsg(x1,x2) is the minimum Hamming weight of an error vector z that makes x1 and x2 indistinguishable at node t.

Dtmsg defines a metric on the input space of the linear network code.

How to Measure the Distance between Two Codewords?
minimum distance for a sink node
For a sink node t,

dmin,t= minx1x2Dtmsg(x1,x2)

Each sink node has a different view of the codebook as each is associated with a different distance measure.

dmin,tis the minimum distance as seen by sink node t.

If the codebook C is linear, dmin,thas the following equivalent definition:

dmin,t= min { wH(z) : z At }


At = { z : yt(x,z) = 0 for some x C }.

Minimum Distance for a Sink Node
error correction detection and erasure correction for a linear network code
If dmin,t= 2c+1, then sink node t can

Correct c errors

Detect 2c errors

Correct 2c erasures

Some form of “sphere packing” is at work.

Much more complicated when the network code is nonlinear.

Error Correction/Detection and Erasure Correctionfor a Linear Network Code
sphere packing38

Sphere Packing


remark on error detection
In network coding, some error patterns have no effect on the sink nodes. These are “invisible” error patterns that cannot be (or do not need to be) detected.

Also called “Byzantine modification detection” (Ho et al, ISIT 04)

Remark on Error Detection
remark on erasure correction
In classical algebraic coding, erasure correction has three equivalent interpretation:

A symbol is erased means that it is not available

A symbol is erased means that the erasure symbol is received

The error locations are known.

In our context, erasure correction means that the locations of the errors are known by the sink nodes but not the intermediate nodes.

Remark on Erasure Correction
coding bounds for network codes
Cai & Y (02, 06) obtained the Hamming bound, the Singleton bound and the Gilbert-Varshamov bound for network codes.

These bounds are natural extension of the bounds for algebraic codes.

Let the base field be GF(q), n = mint maxflow(t)

and dmin = mint dmin,t

Coding Bounds for Network Codes
upper bounds
Hamming bound

where .

Singleton bound

The Singleton bound is asymptotically tight, i.e., when q is sufficiently large.

Upper Bounds
refined coding bounds
Observation Sink nodes with larger maximum flow can have better error correction capability.

For a given linear network code, refined Hamming bounds and Singleton bounds specific to the individual sink nodes can be obtained.

Refined Coding Bounds
Note that mt  maxflow(t) for all sink nodes t.

Thus the refined Hamming bounds imply the Hamming bound, and the refined Singleton bounds imply the Singleton bound.

tightness of the refined singleton bounds
These bounds are shown to be asymptotically tight for linear network codes by construction, i.e., it is possible to construct a codebook that achieves tightness of the individual bound at every sink node t for any given linear network code provided that q is sufficiently large.

This implies that for large base fields, only linear transformations need to be performed at the intermediate nodes! No decoding needed.

Tightness of the Refined Singleton Bounds
construction of network codes that achieve the refined singleton bounds
Deterministic algorithms

Alg1: Yang, Ngai and Y (ISIT 07)

Alg2: Matsumoto (IEICE, 07) obtained an algorithm based on robust network codes.

Alg3: Yang and Y (ITW, Bergen 07)

All these algorithms have almost the same complexity in terms of the field size requirement and time complexity.

These algorithms imply that when q is very large, network codes satisfying these bounds can be constructed randomly with high probability.

Construction of Network Codes that Achieve the Refined Singleton bounds
gilbert bound
Gilbert Bound
  • Let ns be the outgoing degree of source node s.
  • Let

be the d-ball about x with respect to the metric Dtmsg.

gilbert bound50
Given a network code, let |C|max be the maximum possible size of the codebook such that dmin,t ≥dt for each sink node t. Then,


Gilbert Bound
idea of the gilbert bound
If dmin,t ≥dt for each sink node t, then for any x, there exists a codeword v such that Dtmsg(v,x) < dt , otherwise can add one more codeword to the codebook.Idea of the Gilbert Bound
  • Thus all the (dt-1)-balls around the codewords cover the whole input space.



dt -1

varshamov bound
Given a set of local encoding kernels, let ωmax be the maximum possible dimension of the linear codebook such that dmin,t ≥dt for each sink node t. Then,


Varshamov Bound
error correction capability of random network codes
Balli, Yan and Zhang 07

Study the distribution of dmin,tfor random network codes based on a refined bound on the probability of decoding error for a random linear network code for multicast.

Error Correction Capability of Random Network Codes
for deterministic and random network codes
For Deterministic and Random Network Codes
  • Zhang 07 (to appear in IT)
    • Proposed the minimum rank decoding principle which is equivalent to minimum distance decoding.
    • Can decode up to errors for each sink node t.
    • A fast decoding algorithm for packet networks with random network coding (the same network code is used repeatedly).
  • Yan, Balli and Zhang 07
    • Decoding beyond the error correction capability.
  • Balli, Yan and Zhang 07
    • A hybrid approach that combines link-by-link error detection and network erasure correction.
for random network codes
Jaggi, Langberg et al. (INFOCOM 07)

Consider packet networks (the same network code is used repeatedly).

Scenario 1: Alice and Bob has a low-rate secret channel.

A polynomial-time algorithm that achieves the optimal rate asymptotically.

Scenario 2: Alice and Bob has no shared secret.

A polynomial-time algorithm that achieves the Singleton bound asymptotically.

Extendable to the refined Singleton bounds?

For Random Network Codes
for random network codes57
Koetter and Kschischang (ISIT 07)

Let the input space of the random network code be Fn, where n = mint maxflow(t).

At a sink node t, the transfer matrix is likely to be full rank.

The codebook is the collection of all k-dimensional subspaces of Fn, each called a codeword.

If a codeword A is chosen, then transmit a set of vectors in A that span A. Does not matter which set.

If the transfer matrix at a sink node t is full-rank (with high probability), the received vectors also spans A.

Can be regarded as a more general theoretical framework for random linear network coding.

For Random Network Codes
Koetter and Kschischang (cont.)

Thus the codeword can be decoded correctly in the absence of error.

In the presence of error, decoding is done according to a distance measure between subspaces.

Yet to understand the performance of such codes in a given network.

errors due to noise in channels
Separation of channel coding and network coding is asymptotically optimal provided two conditions are satisfied:

All channels are memoryless.

The channels are independent.

(Borade 02, Song & Y 06)

If not, there is no separation theorem.

Then applying turbo codes link-by-link does not guarantee optimality.

Linear network error-correcting code is an attractive solution for its low encoding complexity.

Errors due to Noise in Channels
malicious injection of errors
Malicious nodes in the network may inject errors deliberately to disturb data transmission.

Classical error correction does not help because redundancy is injected only in time.

Network error correction is a natural solution because redundancy is injected in both time and space.

Malicious Injection of Errors
further reading for network error correction
R. W. Yeung and N. Cai, “Network error correction, Part I & II,” Communications in Information and Systems, 2006. First presented at ITW 2002.

Ho et al, “Byzantine modification detection in multicast networks using randomized network coding,” ISIT 2004.

R. W. Yeung, S.-Y. R. Li, N. Cai and Z. Zhang, Network Coding Theory, now Publishers, 2005 (Foundation and Trends in Communications and Information Theory).

S. Yang and R. W. Yeung, “Characterizations of network error correction/detection and erasure correction,” NetCod 2007.

Z. Zhang, “Linear network error correction codes in packet networks,” to appear in IEEE IT.

S. Yang, C. K. Ngai, and R. W. Yeung, “Construction of linear network codes that achieve a refined Singleton bound,” ISIT 2007.

R. Koetter and F. Kschischang, “Coding for errors and erasures in random network coding,” ISIT 2007.

S. Yang and R. W. Yeung, “Refined coding bounds for network error correction,” ITW, Bergen 2007.

S. Jaggi et al., “Resilient network coding In the presence of Byzantine adversaries”, INFOCOM 2007.

Z. Zhang, “Some recent progress in network error correction progress,” NetCod 2008.

Further Reading for Network Error Correction
H. Balli, X. Yan, and Z. Zhang, “Error correction capability of random network error correction codes,” submitted to IT.

X. Yan, H. Balli, and Z. Zhang, “Decode network error correction codes beyond error correction capability,” submitted to IT.

H. Balli, X. Yan, and Z. Zhang, “A hybrid network error correction coding system,” in preparation.

problem formulation
The underlying model is the same as network multicast using network coding except that some sets of channels can be wiretapped.

Let A be a collection of subsets of the edge set E.

A subset in A is called a wiretap set.

Each wiretap set may be fully accessed by a wiretapper.

No wiretapper can access more than one wiretap set.

The network code needs to be designed in a way such that no matter which wiretap set the wiretapper has access to, the multicast message is information-theoretically secure.

The model is a network generalization of secret sharing (Blakley, Shamir, 78) and wiretap channel II (Ozarow and Wyner 84).

Problem Formulation
a coding scheme cai y 02
The multicast message is (m,k), where

m is the secure message

k is the key (randomness)

Both m and k are generated at the source node.

A Coding Scheme (Cai-Y 02)








  • One of the 3 red channels can be wiretapped
  • m is the secure message
  • k is the key



another example of secure network coding

Another Example of Secure Network Coding

The (1,2)-threshold Secret Sharing Scheme





  • One of the 3 red channels can be wiretapped
  • m is the secure message
  • k is the key
construction of secure network codes
Let n = mint maxflow(t).

A sufficient condition under which a secure linear network code can be constructed has been obtained (Cai and Y, 02 and 07).

Important Special Case If Aconsists of all the r-subsets of E, where r < n, then we can construct a secure network code with multicast message (m,k) such that |m| = n - r and |k| = r.

For this case, the condition is also necessary.

Interpretation For a sink node t, if r channels in the network are wiretapped, the number of “secure paths” from the source node to T is still at least n - r. So n - r symbols can go through securely.

Construction of Secure Network Codes
idea of code construction
Start with a linear network code for multicasting n symbols.

For all wiretap set AA, let fA= { fe : e A }, the set of global encoding kernels of the channels in A.

Let dim(span(fA))  r for all AA. [sufficient condition]

When the base field F is sufficiently large, we can find b1, b2, …, bn-rFn such that

b1, b2, …, bn-r are linearly independent of fA

for allA A.

Extend b1, b2, …, bn-r to b1, b2, …, bn-r , bn-r+1 , …, bn to form a basis for Fn, and let let M = [b1b2 … bn ].

M is invertible.

Idea of Code Construction
Let the multicast message be (m,k), with |m| =

n-r and |k| = r.

Take a linear transformation of the given linear network code by the matrix M-1 to obtain the desired secure network code.

optimality of the cai yeung construction
When the wiretap set A consists of all r-subsets of E, the construction is optimal in terms of

the size of the message (maximum)

the size of the key (minimum).

The proof of the latter involves a set of inequalities due to T. S. Han.

Optimality of the Cai-Yeung Construction
han s inequalities


g1 g2  …  gn.

Han’s Inequalities
algorithms for secure network coding
Jain 2004

A security protocal that uses both network coding and one-way functions.

Feldman et al, 2004

A characterization of secure network codes in terms of a generalized distance measure.

A smaller field size can be used by giving up a small amount of overall capacity.

Algorithms for Secure Network Coding
algorithms for secure network coding77
Bhattad and Narayanan 05

Propose weakly secure network coding for which the wiretaper cannot obtain any “useful” information.

Very simple scheme.

Not information-theoretically secure.

Algorithms for Secure Network Coding
algorithms for secure network coding78
Jaggi, Langberg et al., 07

An efficient algorithm using random network coding in an unknown network topology that achieves asymptotically the same optimal rate as Cai-Yeung.

Requires repeated use of the same random network code.

Algorithms for Secure Network Coding
further reading for secure network coding
N. Cai and R. W. Yeung, “Secure network coding,” ISIT 02. Full version available upon request.

K. Jain, “Security based on network topology against the wiretapping attacking,” IEEE Wireless Comm., Feb 2004.

J. Feldman, T. Malkin, C. Stein, R. A. Servedio “On the capacity of secure network coding”, 2004 Allerton Conference.

K. Bhattad and K.R. Nayayanan, “Weakly secure network coding,” NetCod 2005.

N. Cai and R. W. Yeung, “A security condition for multi-source linear network coding”, ISIT 2007.

S. Jaggi et al., “Resilient Network Coding In the Presence of Byzantine Adversaries”, INFOCOM 2007.

E. Soljanin and S. El Rouayheb. “On wiretap networks II,” ISIT 2007.

Further Reading for Secure Network Coding
what is peer to peer p2p
Client-Server is the traditional architecture for content distribution in a computer network.

P2P is the new architecture in which users who download the file also help disseminating it.

Extremely efficiently for large-scale content distribution, i.e., when there are a lot of clients.

P2P traffic occupies at least 70% of Internet bandwidth.

BitTorrent is the most popular P2P system.

What is Peer-to-Peer (P2P)?
what is avalanche
Avalanche is a Microsoft P2P prototype that uses random linear network coding.

It is one of the first applications / implementations of network coding by Gkantsidis and Rodriguez 05.

It has recently been further developed into Microsoft Secure Content Distribution (MSCD).

What is Avalanche?
how avalanche works
When the server or a client uploads to a neighbor, it transmits a random linear combination of the blocks it possesses. The linear coefficients are attached with the transmitted block.

Analogy: Color-mixing.

Each transmitted block is some linear combination of the original blocks of the seed file.

Download is complete if enough linearly independent blocks have been received, and decoding can be done accordingly.

How Avalanche Works?
the butterfly network a review










The Butterfly Network: A Review

Synchronization here

what exactly is avalanche doing
In Avalanche, there does not seem to be any need of synchronization.

Is Avalanche doing the same kind of network coding we have been talking about?

If not, what is it doing and is it optimal in any sense?

What Exactly is Avalanche Doing?
a time parametrized graph
A Time-Parametrized Graph








Client A





Client B



Client C

analysis of avalanche y netcod 2007
The time-parametrized graph, not the physical network, is the graph to look at.

By examining the maximum flows in this graph, the following questions can be answered:

When can a client receive the whole file?

If the server and/or some clients leave the system, can the remaining clients recover the whole file?

If some blocks are lost at some clients, how does it affect the recovery of the whole file?

Analysis of Avalanche(Y, NetCod 2007)
some remarks
Avalanche is not doing the usual kind of random network coding, but it can be analyzed by the tools we are familiar with.

Avalanche minimizes delay with respect to the given transmission schedule if computation is ignored.

Extra computation is the price to pay.

Avalanche provides the maximum possible robustness for the system.

P2P is perhaps the most natural environment for applying random network coding because the subnet is formed on the fly.

Some Remarks
networks with packet loss a toy example
One packet is sent on each channel per unit time.

Packet loss rate = 0.1 on each channel.

By using a fountain code, information can be transmitted from A to C at rate (0.9)2 = 0.81.

By using an Avalanche-type system, information can be transmitted from A to C at rate 0.9 = max-flow from A to C.




Networks with Packet Loss: A Toy Example
an explanation
An Explanation

networks with packet loss
By using an Avalanche-type system, the max-flow from the source to the sink (amortized by the packet loss rate) can be achieved automatically, which is the fundamental limit.

Virtually nothing needs to be done.

Networks with Packet Loss
concluding remarks
The theory of network coding naturally ramifies in the direction of error correction and information-theoretic cryptography.

The development in these areas of network coding are still in its infancy.

Many potential applications in networking, wireless, information security, etc.

Applications are driven theory.

A lot of very exciting research ahead.

Concluding Remarks