1 / 32

Linear codes of good error control performance

Linear codes of good error control performance. Tsonka Baicheva Institute of Mathematics and Informatics Bulgarian Academy of Sciences Bulgaria. Biham E., Shamir A., Differential fault analysis of secret key cryptosistems , LNCS, vol. 1294, pp. 513-525, 1997.

khoi
Download Presentation

Linear codes of good error control performance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Linear codes of good error control performance Tsonka Baicheva Institute of Mathematics and Informatics Bulgarian Academy of Sciences Bulgaria

  2. Biham E., Shamir A.,Differential fault analysis ofsecret key cryptosistems, LNCS,vol. 1294, pp. 513-525, 1997. • Boneh D., DeMillo R.A., Lipton R.J.,On theimportance of checking cryptographic protocols forfaults, LNCS, vol. 1233,pp. 37-51, 1997. • The erroneous output of the cryptographic algorithm could be used to perform an attack.

  3. Basic definitions • Fq=GF(q) • Linear codeC is a k-dimensional subspace of Fqn • Minimum distance d(C)= min d(c1,c2), c1,c2 є C, c1≠c2 t=|(d-1)/2| • [n,k,d]qlinear code with length n, dimension k, minimum distance d, over Fq

  4. Basic definitions • Ai the number of codewords of C of weight i. {Ai| i=0, …, n} a weight distribution/spectrum of the code C. • The polynomial is called weight enumerator of the code C.

  5. Basic definitions • x+C={x+c | c є C} a coset of the code C determined by the vector x є Fqn. • Coset leader is a vector with the smallest weight in the coset. • i the number of coset leaders of weight i. • {i | i=0,…,n} a coset leaders weight distribution/spectrum of the code C.

  6. error vector Communication system transmitter channel receiver

  7. Decoding to the nearest codewordthrough a BSC • Find the unique code word v for which the Hamming distance d(v,w) is minimal and to decode correctlyw to v. The probability of correct decoding The probability of error

  8. Decoding to the nearest codewordthrough a BSC • To detect an error if there are more than one codewords with minimal Hamming distance d(v,w). • To decode erroneously to a different codeword v' if the channel error have changed v in such a way that the closest codeword to w is v', i.e. to have an undetectable error.

  9. Undetected error probability v+e=w=v’+e’ => v’=v+e-e’ =v+e’’ • Undetected error occurs iff e’’ is a nonzero codeword. • The probability of undetected error

  10. Undetected error probability after t-error correction • Qh,lthe number of vectors of weight l in the cosets of minimum weight h, excluding the coset leaders. • Probability of an undetected error after t-error correction • Optimal codePue(t)(C,ε) is minimal

  11. Criteria whether a code is suitable for error correction • A code C is called t-proper (or proper when t=0 and the code is only used for error detection) if • Pue(t)(C,ε)is monotonous • A code C is called t-good if • Pue(t)(C,ε) ≤ Pue(t)(C,(q-1)/q) • for all εє [0,(q-1)/q]

  12. Discrete sufficient conditionsDodunekova and Dodunekov’98 Theorem If then C is t-good for error correction. Theorem If then C is t-proper for error correction. Ai(t) the weight distribution of the vectors in the cosets with coset leaders of weight at most t, excluding the leaders. Vq(t) the volume of the q-ary sphere of radius t in Fqn m(i)=m(m-1)…(m-i+1)

  13. Complexity of checking t-goodness and t-properness • The problem of finding the weight distribution of C is NP hard. • The determination of i and Qh,l are computationally hard problems.

  14. Results • All binary cyclic codes of n ≤ 33(Downie&Sloane’85) • Some binary distance-optimal codes of n ≤ 33(Jaffe’97) • Having Ai(Bi),i and Qh,ldetermined the values of Pue(t) and Pcorr can be calculated and compared in a linear time.

  15. Examples [21,10,4] binary cyclic code, Pue(t) for t=0, t=1

  16. Examples [21,10,5] binary cyclic code, Pue(t)t=0, t=1, t=2

  17. Examples [25,5,12] binary distance-optimal codes, Pue(t)

  18. Examples [25,5,12] binary distance-optimal codes, Pue(t)

  19. WrightA., KinastJ., McCarty J., Low-Latency Cryptographic Protection for SCADA Communications, LNCS,vol. 3089 , pp.263-277, 2004. • Cryptographic protocol that uses the Cyclic Redundancy Check (CRC) transmitted by the existing SCADA (Supervisory Control And Data Acquisition) equipment to achieve string integrity while introducing minimal latency.

  20. Cyclic Redundancy Check Codes • LetCbe a cyclic code Ifc0,c1,…,cn-1 єC, then cn-1,c0,…,cn-2єC • C and all itsshortenings C`are CRCcodes or polynomial codes • C` are almost always non cyclic • It is possible to use the same fast encoders and decoders as can be used with the original cyclic code

  21. Error detection performance of CRC • g(x) is the generator polynomial of theCRCcode of degreep • g(x) is not divisible by x  has at least 2 nonzero coefficients Theorem 1A CRCcodewith generator polynomial of degreep can detect any single error.

  22. Burst error detection • Burst-error pattern of length d+1.All corrupted bits are concentrated between bitsjand d+j Theorem 2A CRCcode with generator polynomial of degreep can detect all burst errors of length p or less.

  23. Burst error detection • Letf(b) be the fraction of undetected burst errors of lengthb • Ifb<p+1 • Ifb=p+1 • Ifb>p+1

  24. 8-bitsCRCcode • DARC x8+x5+x4+x3+1 • Standardized polynomial might not be good for mostlengths • Optimal for9≥n≥17(d=5), but withd=2 forn≥18 • It is used for24≤n≤56, where performs far from the optimal

  25. Comparison between some CRCs for n=17 Pue forDARK-8, CRC-8, ATM HEC-8,C1

  26. Comparison between some CRCs for n=56 Pue forDARK-8, CRC-8, CRC-7, P1(7-bit CRC)

  27. Notes • The usual practice is to select a standardized CRC polynomial, but very often they provide less error control capability than may be achieved for the given number of CRC bits. • Even if a good published polynomial is available, there is generally no published guidance on what range of data word lengths it is good.

  28. Complete investigations of all possible polynomials with given degree will help in selecting the most effective polynomial for any particular application • all CRC codes of up to 10 bit redundancy are classified and their orders are determined • weight spectra of the duals • coset leaders weight spectra • minimum distances of all codes and of all its shortenings are computed

  29. Procedure for polynomial selection • Fix the degree p of the polynomial. • Choose polynomials of ord(g(x)) ≥ max n. • Consider only the polynomials of maximum minimum distance. If they are too much, choose only those having the smallest number of codewords of minimum weight. • For the particular channel error probability ε at which the code will operate, choose the code with smallest Pue. If the code will be used for error correction, choose the one with the biggest Pcorr.

  30. t=|̱(d-1)/2̱|,Covering radius R

  31. Quasi-perfect codes • t=R Perfect codes • [n,n,1]q0 codes for n≥1; • [2s+1,1,2s+1]qs repetition codes for s≥1; • Hamming codes; • binary and ternary Golay codes; • t=R+1 Quasi-perfect codes

  32. Classification of binary linear quasi-perfect codes

More Related