1 / 29

SMILE MARKOVSKI “ Ss Cyril and Methodius ” University Skopje, Republic of Macedonia

NATO ARW, 6-9 October, 2008, Veliko Tarnovo, Bulgaria Error Correcting Cryptcodes Based on Quasigroups. SMILE MARKOVSKI “ Ss Cyril and Methodius ” University Skopje, Republic of Macedonia Joint research with D. Gligoroski and Lj. Kocarev. Error Correcting Cryptcodes Based on Quasigroups.

neorah
Download Presentation

SMILE MARKOVSKI “ Ss Cyril and Methodius ” University Skopje, Republic of Macedonia

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NATO ARW, 6-9 October, 2008, Veliko Tarnovo, BulgariaError Correcting Cryptcodes Based on Quasigroups SMILE MARKOVSKI “Ss Cyril and Methodius” University Skopje, Republic of Macedonia Joint research with D. Gligoroski and Lj. Kocarev

  2. Error Correcting Cryptcodes Based on Quasigroups • Gligoroski, D., Markovski, S., Kocarev, Lj., Error-Correcting Codes Based on Quasigroups, Proceedings of 16th International Conference on Computer Communications and Networks (ICCCN 2007), 13-16 Aug. 2007. pp. 165 – 172 http://ieeexplore.ieee.org/Xplore/login.jsp?url=/iel5/4317769/ 4317770/04317814.pdf?tp=&isnumber=&arnumber=4317814 • D Gligoroski, D., Markovski, S., Kocarev, Lj., Totally Asynchronous Stream Ciphers + Redundancy = Cryptcoding, S. Aissi, H.R. Arabnia (Eds.): Proceedings of the 2007 International Conference on Security and menagement, SAM 2007, Las Vegas, June 25-28,2007. CSREA Press, pp. 446 – 451 http://www.informatik.uni-trier.de/~ley/db/conf/ csreaSAM/csreaSAM2007.html#GligoroskiMK07

  3. STREAM CIPHERS • A synchronous stream cipher - one bit error of the transmitted ciphertext propagate to one bit error during the decryption • An asynchronous stream cipher - one bit error of the transmitted ciphertext propagate to several consecutive bit errors during the decryption • A totally asynchronous stream cipher (TASC) - one bit error of the transmitted ciphertext propagate to all consecutive bit errors during the decryption

  4. STREAM CIPHERS plaintext: m1 m2 m3 m4 m6 m7 m8 m9 m10… ciphertext: c1 c2 c3 c4 c6 c7 c8 c9 c10… chanel: ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ciphertext: c1 c2 c3 c4c6 c7 c8 c9 c10… plaintext: m1 m2 m3 m4m6 m7 m8 m9 m10… ----------------------------------------------------------------------------------------------------------------- plaintext: m1 m2 m3 m4 m6 m7 m8 m9 m10… ciphertext: c1 c2 c3 c4 c6 c7 c8 c9 c10… chanel: ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ciphertext: c1 c2 c3 c4c6 c7 c8 c9 c10… plaintext: m1 m2 m3 m4m6 m7m8 m9 m10… ----------------------------------------------------------------------------------------------------------------- plaintext: m1 m2 m3 m4 m6 m7 m8 m9 m10… ciphertext: c1 c2 c3 c4 c6 c7 c8 c9 c10… chanel: ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ciphertext: c1 c2 c3 c4c6 c7 c8 c9 c10… plaintext: m1 m2 m3 m4m6 m7 m8 m9 m10…

  5. CRYPTCODING Given: - TASC - message M = B1||B2||B3||… as concatenation of n-bit blocks Bi - redundant message R = R1||R2||R3||… as concatenation of k-bit blocks Ri • Coding: C = TASC(B1||R1||B2||R2||B3||R3||…) = C1||C2||C3||…, where |Ci| = | Bi||Ri| (as stream code) Ci = TASC(Bi||Ri) (as block code) • Decoding of C’=C1’||C2’||C3’||… : - use TASC-1(C’) and the redundant information R (as stream code) - use TASC-1(Ci’) and the redundant information Ri(as block code) cryptcoding of rate n/(n+k)

  6. DECODING TASC has to be suitably defined!!! - bijective function - randomized function Our TASC is based on quasigroup transformations of strings: - bijective functions - have good randomization properties We are using quasigroups of order 16 and their elements are nibles (4-bit words)

  7. QUASIGROUP

  8. LEFT PARASTROPHE (Q,*) – quasigroup • Definition of “\”: x \ y = z<=> y = x*z • (Q,\) is a quasigroup too, left parastrophe of (Q,*) • Identities: x * (x \ y) = y, x \ (x * y) = y

  9. Quasigroup string transformations • e-transformation Take a fixed a€ Q. • d-transformation

  10. Quasigroup string transformations • Theorem 1: The distribution of s-tuples in the string eak(a1a2…an) is uniform, for each s = 1,2,…,k • Theorem 2: There are quasigroups such that periodicity of eak(a1a2…an) is 2k times the periodicity of a1a2…an • Theorem 3: The e-transformations and the d-transformations are bijections

  11. QUASIGROUP TASC

  12. OUR DECODING Decoding process consists of four steps: (i) procedure for generating the sets with predefined Hamming distance (ii) inverse coding algorithm (iii) procedure for generating decoding candidate sets (iv) decoding rule

  13. SETS WITH PREDEFINED HAMMING DISTANCE Probability that < t-1bits in C’i (where |C’i| = s), are not correct is Let Bmaxbe an integer such that 1 - P(p,Bmax)< q-1. Thenthe bit-error probability of the block C’i(= Di)is at most q. Define sets with predefined Hamming distnce Bmax by The cardinality of Hiis

  14. INVERSE CODING ALGORITHM (ICA)

  15. GENERATING DECODING CANDIDATE SETS The decoding candidate sets S0, S1, …, Srare definediteratively. S0 = {(k1…kt, )}, where is the empty sequence and k(0) = k1…ktis the initial (secret) key. Siis the set of all pairs (,w1w2…wis) obtained by using the sets Si-1 and Hias follows: For each (, w1w2…w(i-1)s) €Si-1 and each element €Hi, apply the ICA with input (,), and let ICA(,)=(, ). If and Rihave the redundant information in the same positions, then the pair (,w1w2…wisc1c2… cs) =(,w1w2…wis) is an element of Si.

  16. DECODING RULE If the set Sr contains only one element (d1d2…dn,w1w2…wrs), then C = w1w2…wrs

  17. EXAMPLE OF A STREAM CRYPTCODE Message: M = m1m2m3m4m5m6 … Message expansion with redundancy: R(M) = m1000 m2000 m3000 0000 m4000 m5000 m6000 0000 . . ., => code rate 3/16 Initial key: 01234 (digits represented by nibles) Chanel: Bounded BSC with at most 5 bit erors on every 16 received bits => Bmax = 5, Bchecks = 6885

  18. M = 3 8 a 8 e 9 8 7 3 7 7 c 8 3 c d f d 3 a 6 e 1 0 … R(M)=3 0 0 0 8 0 0 0 a 0 0 0 0 0 0 0 8 0 0 0 e 0 0 0 9 0 0 0 0 0 0 0 8 0 0 0 7 0 0 0 3 0 0 0 0 0 0 0 7 0 0 0 7 0 0 0 c 0 0 0 0 0 0 0 8 0 0 0 3 0 0 0 c 0 0 0 0 0 0 0 d 0 0 0 f 0 0 0 d 0 0 0 0 0 0 0 3 0 0 0 a 0 0 0 6 0 0 0 0 0 0 0 e 0 0 0 1 0 0 0 0 0 0 0 C = TASC(R(M)) = 9 4 a 0 f 0 7 d a c a 5 d 8 5 8 c 7 5 b 8 a d 0 8 5 a 9 2 1 3 b 0 5 d 6 2 7 2 d b 4 c d 9 1 4 4 2 7 d 1 5 4 8 5 0 8 4 8 8 2 3 5 2 6 8 9 b 2 a 1 8 d 6 c b 1 9 c 5 9 e e 4 f 4 4 7 3 e 6 5 d 5 7 2 c 5 2 5 8 0 a b 3 6 e 2 8 1 c 8 1 2 1 4 1 3 8 d b c 2 c b 6 7 e 5 … Eror sequence: 5 4 4 5 5 4 5 4 5 5 2 5 4 5 4 4 5 3 5 4 5 5 5 3 5 5 5 5 5 5 5 5 5 5 4 … C’ = 9 2 e 3 6 8 7 9 a 8 f d 7 0 c 8 d e c b 2 2 d 2 4 4 8 1 a 3 1 a 1 7 f 5 b f 3 c b 4 c 7 9 0 1 e 8 7 f 3 4 c 0 9 8 0 1 8 6 a 3 5 4 e d 9 b 2 f 9 4 d c 8 a 1 d 0 5 d b b e a 4 0 7 b 4 3 4 d d f 1 b 5 2 c 8 8 9 a 3 9 e 6 1 0 4 0 1 4 7 1 b 3 a 4 e c 0 9 b 3 6 4 5 9 e 5 7 e 7 f c f d 6 3 1 8 0 ....

  19. TRELIS OF DECODING PROCESSM = 3 8 a 8 e 9 8 7 3 7 7 c 8 3 c d f d 3 a 6 e 1 0 …

  20. TRELIS OF DECODING PROCESSM = 3 8 a 8 e 9 8 7 3 7 7 c 8 3 c d f d 3 a 6 e 1 0 …

  21. TRELIS OF DECODING PROCESSM = 3 8 a 8 e 9 8 7 3 7 7 c 8 3 c d f d 3 a 6 e 1 0 …

  22. TRELIS OF DECODING PROCESSM = 3 8 a 8 e 9 8 7 3 7 7 c 8 3 c d f d 3 a 6 e 1 0 …

  23. TRELIS OF DECODING PROCESSM = 3 8 a 8 e 9 8 7 3 7 7 c 8 3 c d f d 3 a 6 e 1 0 …

  24. TRELIS OF DECODING PROCESSM = 3 8 a 8 e 9 8 7 3 7 7 c 8 3 c d f d 3 a 6 e 1 0 …

  25. After 36 decrypted/decoded blocks we have two decoding candidates: • 3 8 a 8 e 9 8 7 3 7 7 c 8 3 c d f d 3 a 6 e 1 0 2 d c, b) 3 8 a 8 e 9 8 7 3 7 7 c 8 3 c d f d 3 a 6 e 1 0 2 d 1. The first candidate is the correct one.

  26. INSTEAD OF CONCLUSION For comparison, 3/16 Reed-Muller code of length 32 that can recover up to 7 errors in 32 bits is not able to decode successfully the message with so many errors. This example shows that the stream codes, in some cases, can be much better than the block codes.

  27. Thanks for your attention!

More Related