Homomorphic signatures for network coding: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 02:53, 7 July 2023 edit Citation bot (talk \| contribs) Bots 5,865,517 edits Removed parameters. \| Use this bot. Report bugs. \| #UCB_CommandLine ← Previous edit		Latest revision as of 09:58, 19 August 2024 edit undo InternetArchiveBot (talk \| contribs) Bots, Pending changes reviewers 5,679,364 edits Rescuing 1 sources and tagging 0 as dead.) #IABot (v2.0.9.5
(One intermediate revision by one other user not shown)
Line 1: [[Network coding]] has been shown to optimally use [[Bandwidth (computing)\|bandwidth]] in a network, maximizing information flow but the scheme is very inherently vulnerable to pollution attacks by malicious nodes in the network. A node injecting garbage can quickly affect many receivers. The pollution of [[network packet]]s spreads quickly since the output of (even an) honest node is corrupted if at least one of the incoming packets is corrupted. An attacker can easily corrupt a packet even if it is encrypted by either forging the signature or by producing a collision under the [[hash function]]. This will give an attacker access to the packets and the ability to corrupt them. Denis Charles, Kamal Jain and Kristin Lauter designed a new [[homomorphic encryption]] signature scheme for use with network coding to prevent pollution attacks.<ref>{{Cite journal \|citeseerx = 10.1.1.60.4738 \|title = Signatures for Network Coding \|year = 2006 \|url = https://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.60.4738 \|archive-url = https://web.archive.org/~~details~~web/~~signatures_for_network_coding~~20211121060603/https://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.60.4738 \|archive-date = 2021-11-2021 \|url-status = ~~live~~bot: unknown \|access-date = 2021-11-21 }}</ref> The homomorphic property of the signatures allows nodes to sign any linear combination of the incoming packets without contacting the signing authority. In this scheme it is computationally infeasible for a node to sign a linear combination of the packets without disclosing what [[linear combination]] was used in the generation of the packet. Furthermore, we can prove that the signature scheme is secure under well known [[Cryptography\|cryptographic]] assumptions of the hardness of the [[discrete logarithm]] problem and the computational [[Elliptic curve Diffie–Hellman]]. Line 29: ==History== Krohn, Freedman and Mazieres proposed a theory<ref>{{cite book \|last1=Krohn \|first1=Maxwell N. \|last2=Freedman \|first2=Michael J \|last3=Mazières \|first3=David \|title=IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004 \|chapter=On-the-fly verification of rateless erasure codes for efficient content distribution ~~\|journal=IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004~~ \|date=2004 \|pages=226–240 \|doi=10.1109/SECPRI.2004.1301326 \|chapter-url=https://www.cs.princeton.edu/~mfreed/docs/authcodes-sp04.pdf \|access-date=17 November 2022 \|___location=Berkeley, California, USA \|language=en-us \|issn=1081-6011\|isbn=0-7695-2136-3\|s2cid=6976686 }}</ref> in 2004 that if we have a hash function <math>H : V \longrightarrow G</math> such that: * <math>H</math> is [[Collision resistance\|collision resistant]] – it is hard to find <math>x</math> and <math>y</math> such that <math>H(x) = H(y)</math>;