Applications of Galois Geometries to Coding Theory and Cryptography - - PowerPoint PPT Presentation

Galois geometries Geometry and cryptography

Applications of Galois Geometries to Coding Theory and Cryptography

Leo Storme

Ghent University

• Dept. of Mathematics

Krijgslaan 281 - Building S22 9000 Ghent Belgium

Albena, July 1, 2013

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Affine spaces
• 2. Projective spaces

OUTLINE

1 GALOIS GEOMETRIES

• 1. Affine spaces
• 2. Projective spaces

2 GEOMETRY AND CRYPTOGRAPHY

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Affine spaces
• 2. Projective spaces

FINITE FIELDS

q = prime number.

Prime fields Fq = {0, 1, . . . , q − 1} (mod q). Binary field F2 = {0, 1}. Ternary field F3 = {0, 1, 2} = {−1, 0, 1}.

Finite fields Fq: q prime power.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Affine spaces
• 2. Projective spaces

AFFINE SPACE AG(n, q)

V(n, q) = n-dimensional vector space over Fq. AG(n, q) = V(n, q) plus parallelism. k-dimensional affine subspace = (translate) of k-dimensional vector space.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Affine spaces
• 2. Projective spaces

PARALLELISM IN AFFINE SPACE AG(n, q)

Let Πk be k-dimensional vector space of V(n, q). Πk + b, for b ∈ V(n, q), are the affine k-subspaces parallel to Πk. Two parallel affine k-subspaces are disjoint or equal. Parallelism leads to partitions of AG(n, q) into (parallel) affine k-subspaces.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Affine spaces
• 2. Projective spaces

AFFINE PLANE AG(2, 3) OF ORDER 3

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Affine spaces
• 2. Projective spaces

FROM V(3, q) TO PG(2, q)

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Affine spaces
• 2. Projective spaces

FROM V(3, q) TO PG(2, q)

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Affine spaces
• 2. Projective spaces

THE FANO PLANE PG(2, 2)

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Affine spaces
• 2. Projective spaces

THE FANO PLANE PG(2, 2)

Gino Fano (1871-1952)

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Affine spaces
• 2. Projective spaces

THE PLANE PG(2, 3)

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Affine spaces
• 2. Projective spaces

FROM V(4, q) TO PG(3, q)

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Affine spaces
• 2. Projective spaces

FROM V(4, q) TO PG(3, q)

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Affine spaces
• 2. Projective spaces

PG(3, 2)

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Affine spaces
• 2. Projective spaces

FROM V(n + 1, q) TO PG(n, q)

1

From V(1, q) to PG(0, q) (projective point),

2

From V(2, q) to PG(1, q) (projective line),

3

· · ·

4

From V(i + 1, q) to PG(i, q) (i-dimensional projective subspace),

5

· · ·

6

From V(n, q) to PG(n − 1, q) ((n − 1)-dimensional subspace = hyperplane),

7

From V(n + 1, q) to PG(n, q) (n-dimensional space).

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Affine spaces
• 2. Projective spaces

LINK BETWEEN AFFINE AND PROJECTIVE SPACES

AG(n, q) = PG(n, q) minus one hyperplane (the hyperplane at infinity).

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Affine spaces
• 2. Projective spaces

LINK BETWEEN AG(2, 3) AND PG(2, 3)

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

OUTLINE

1 GALOIS GEOMETRIES

• 1. Affine spaces
• 2. Projective spaces

2 GEOMETRY AND CRYPTOGRAPHY

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

SECRET SHARING SCHEME

1

Secret sharing scheme: cryptographic equivalent of vault that needs several keys to be opened.

2

Secret S divided into shares.

3

Authorised sets: have access to secret S by putting their shares together.

4

Unauthorised sets: have no access to secret S by putting their shares together.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

(n, k)-THRESHOLD SCHEME

1

n participants.

2

Each group of k participants can reconstruct secret S, but less than k participants have no way to learn anything about secret S.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

SHAMIR’S k-OUT-OF-n SECRET SHARING SCHEME

1

Fq = finite field of order q.

2

Dealer chooses polynomial f(X) = f0 + f1X + · · · + fk−1X k−1 ∈ Fq[X], and,

3

gives participant number i, point (xi, f(xi)) on graph of f (xi = 0).

4

Value f(0) = f0 is secret S.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

SHAMIR’S k-OUT-OF-n SECRET SHARING SCHEME

1

Set of k participants can reconstruct f(X) = f0 + f1X + · · · + fk−1X k−1 by interpolating their shares (xi, f(xi)). Then they can compute secret f(0).

2

If k′ < k persons try to reconstruct secret, for every y ∈ Fq, there are exactly |Fq|k−k′−1 polynomials of degree at most k − 1 which pass through their shares and the point (0, y). Thus they gain no information about f(0).

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

REALISATION OF SHAMIR’S k-OUT-OF-n SECRET

SHARING SCHEME

ut ut ut ut ut

S1 S2 S3 S4 S5

rs

secret point

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

GEOMETRICAL REALISATION OF SHAMIR’S k-OUT-OF-n

SECRET SHARING SCHEME (BLAKLEY)

1

Secret S = point of PG(3, q).

2

Shares = planes of PG(3, q) such that exactly three of them only intersect in S.

3

Classical example: Normal rational curve of planes X0 + tX1 + t2X2 + t3X3 = 0, t ∈ Fq, and X3 = 0.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

GEOMETRICAL REALISATION OF SHAMIR’S k-OUT-OF-n

SECRET SHARING SCHEME (BLAKLEY)

1

Secret S = point of PG(k, q).

2

Shares = hyperplanes of PG(k, q) such that exactly k of them only intersect in S.

3

Classical example: Normal rational curve of hyperplanes X0 + tX1 + t2X2 + · · · + tkXk = 0, t ∈ Fq, and Xk = 0.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

GEOMETRICAL REALISATION OF SHAMIR’S k-OUT-OF-n

SECRET SHARING SCHEME (BLAKLEY)

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

GEOMETRICAL REALISATION OF SHAMIR’S k-OUT-OF-n

SECRET SHARING SCHEME

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

GEOMETRICAL REALISATION OF SHAMIR’S k-OUT-OF-n

SECRET SHARING SCHEME

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

CODING-THEORETICAL REALISATION OF SHAMIR’S k-OUT-OF-n SECRET SHARING SCHEME

(McEliece and Sarwate)

1

C : [n + 1, k, n − k + 2]q MDS code.

2

For secret c0 ∈ Fq, dealer creates codeword c = (c0, c1, . . . , cn) ∈ C. Share of participant number i is symbol ci.

3

Since C is MDS code with minimum distance n − k + 2, codeword c can be uniquely reconstructed if only k symbols are known.

4

So any set of k persons can compute secret c0.

5

On the other hand, less than k persons do not learn anything about secret, since for any possible secret c′, the same number of codewords that fit to secret c′ and their shares exist.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

MORE GENERAL SECRET SHARING SCHEME

DEFINITION Support of c = (c1, . . . , cn) ∈ Fn

q :

sup(c) = {i | ci = 0}. Let C be linear code. Nonzero codeword c ∈ C is called minimal if ∀c′ ∈ C \ {0} : sup(c′) ⊆ sup(c) = ⇒ c′ = ρc, ρ ∈ Fq \ {0}. (In binary case, c minimal if no non-zero codeword c′ with sup(c′) ⊂ sup(c), sup(c′) = sup(c))

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

MORE GENERAL SECRET SHARING SCHEME

LEMMA (MASSEY) Let C be an [n + 1, k]q-code. Secret sharing scheme is constructed from C by choosing codeword c = (c0, . . . , cn). Secret is c0 and shares of participants are coordinates ci (1 ≤ i ≤ n). Minimal authorized sets of secret sharing scheme correspond to minimal codewords of C⊥ with 0 in their supports.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

BINARY REED-MULLER CODES

DEFINITION Binary r-th order Reed-Muller code RM(r, m) (0 ≤ r ≤ m) = set

• f all binary vectors f of length n = 2m associated with Boolean

polynomials f(x1, x2, ..., xm) of degree at most r: c = (f(0, . . . , 0), . . . , f(1, . . . , 1)). Minimum weight d = 2m−r. Minimum weight codewords of RM(r, m) = incidence vectors of AG(m − r, 2) in AG(m, 2).

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

BINARY REED-MULLER CODES

THEOREM (KASAMI, TOKURA, AND AZUMI) Let f(x1, ..., xm) be Boolean function of degree at most r, where r ≥ 2, such that |sup(f)| < 2m−r+1. Then f can be transformed by an affine transformation into f = x1 · · · xr−2(xr−1xr +· · ·+xr+2µ−3xr+2µ−2), 2 ≤ 2µ ≤ m−r +2,

• r

f = x1 · · · xr−µ(xr−µ+1 · · · xr +xr+1 · · · xr+µ), 3 ≤ µ ≤ r, µ ≤ m−r.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

BINARY REED-MULLER CODES

First type of codewords (1) f = x1 · · · xr−2(xr−1xr+· · ·+xr+2µ−3xr+2µ−2), 2 ≤ 2µ ≤ m−r+2, In PG(m − r + 2, 2) defined by X1 = X0, . . . , Xr−2 = X0, cone Ψ with vertex PG(m − r + 1 − 2µ, 2) at infinity, and base non-singular parabolic quadric Q(2µ, 2) in 2µ dimensions having non-singular hyperbolic quadric at infinity.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

QUADRATIC CONE

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

BINARY REED-MULLER CODES

Second type of codewords (2) f = x1 · · · xr−µ(xr−µ+1 · · · xr+xr+1 · · · xr+µ), 3 ≤ µ ≤ r, µ ≤ m−r. (Symmetric difference): Union of two (m − r)-dimensional affine spaces α and β, but not (m − r − µ)-dimensional affine intersection space α ∩ β.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

SYMMETRIC DIFFERENCE

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

COUNTING NON-MINIMAL CODEWORDS IN RM(r, m)

Non-minimal codeword c = c1 + c2, with c1, c2 non-zero codewords having disjoint supports. For w(c) < 3 · 2m−r, c1 codeword of smallest weight 2m−r, and c2 codeword of weight 2m−r or quadric or symmetric difference. Number of non-minimal codewords c of weight 2 · 2m−r calculated by Borissov, Manev, and Nikova. Number of non-minimal codewords c of weight 2 · 2m−r < w(c) < 3 · 2m−r calculated by Schillewaert, Storme, and Thas.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

COUNTING NON-MINIMAL CODEWORDS IN RM(r, m)

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

PROBLEM OF AUTHENTICATION

1

Problem: Alice wants to send Bob a message m.

2

Attacker intercepts m and sends alternated message m′ to Bob.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

PROBLEM OF AUTHENTICATION

How can Bob be sure that message he gets is correct? Introduce authentication!

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

EXAMPLE OF MESSAGE AUTHENTICATION CODE

1

ℓ = line of PG(2, q).

2

Message m = point of ℓ.

3

Authentication key K = point in PG(2, q)\ℓ.

4

Authentication tag = line through message m and key K.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

EXAMPLE OF AUTHENTICATION CODE

1

If attacker wants to create message (m, K) without knowing key K, he must guess an affine line through m. There are q possibilities, i.e. the chance for correct attack is 1

q.

2

If attacker already knows authenticated message (m, K), he knows that key K must lie on the line mK. But for every of q affine points on line mK, there exists line through m. So he cannot do better than guess the key which gives probability of 1

q for successful attack.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

SECURITY OF AUTHENTICATION CODE

1

pi = probability of attacker to construct pair (m, K) without knowledge of key K, if he only knows i different pairs (mj, K).

2

Smallest value r for which pr+1 = 1 is called order of authentication code.

3

For r = 1, p0 = probability of impersonation attack and probability p1 = probability of substitution attack. THEOREM If MAC has attack probabilities pi = 1/ni (0 ≤ i ≤ r), then |K| ≥ n0 · · · nr. MAC that satisfies this theorem with equality is called perfect.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

GEOMETRICAL CONSTRUCTION OF PERFECT MAC

DEFINITION Generalised dual arc D of order l with dimensions d1 > d2 > · · · > dl+1 of PG(n, q) is set of subspaces of dimension d1 such that:

1

each j subspaces intersect in subspace of dimension dj, 1 ≤ j ≤ l + 1,

2

each l + 2 subspaces have no common intersection. (n, d1, . . . , dl+1) = parameters of dual arc.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

GENERALISED DUAL ARCS

THEOREM There exists generalised dual arc in PG( n+d+1

d+1

• − 1, q), with

dimensions di = n+d+1−i

d+1−i

• − 1, i = 0, . . . , d + 1.

1

Spaces have dimension d1 = n+d

d

• − 1.

2

Two spaces intersect in space of dimension d2 = n+d−1

d−1

• − 1.

3

Three spaces intersect in space of dimension d3 = n+d−2

d−2

• − 1.

4

· · ·

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

LINK BETWEEN MAC AND GENERALISED DUAL ARC

1

π = hyperplane of PG(n + 1, q) and D = generalised dual arc of order l in π with parameters (n, d1, . . . , dl+1).

2

message m = element of D.

3

key K = point of PG(n + 1, q) not in π.

4

Authentication tag that belongs to message m and key K is generated (d1 + 1)-dimensional subspace.

5

Perfect MAC of order r = l + 1 with attack probabilities pi = qdi+1−di.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

ANONYMOUS DATABASE SEARCH

Anonymous database search: query a database anonomously. Peer-to-peer community: let users post queries on behalf

• f each other.

Neighbourhood attack: can be modeled as the intersection

• f neighbourhoods that may return a single identified

person in case of unique neighbourhoods. k-Anonymous neighbourhoods: neighbourhood of person is also neighbourhood of at least k − 1 other persons.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

TRANSVERSAL DESIGNS

Transversal design TDλ(k, n) = k-uniform structure (P, L)

• f points and blocks, with |P| = kn, that admits partition of

P in k groups of cardinality n, and that satisfies:

any group and block contain exactly one common point, every pair of points from distinct groups is contained in exactly λ blocks.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

FROM AG(2, n) TO TD1(k, n)

From affine plane AG(2, n) to transversal design TD1(k, n), 2 ≤ k ≤ n. Point set P of TD1(k, n) = points of AG(2, n) on k lines of

• ne parallel class of AG(2, n),

Groups = lines from this parallel class, Blocks of TD1(k, n) = lines of the other parallel classes of AG(2, n), restricted to the points in P.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

FROM AG(2, n) TO TD1(k, n)

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

TRANSVERSAL DESIGN TD1(k, n) AND n-ANONYMOUS

NEIGHBOURHOODS

THEOREM Transversal design TD1(k, n) has n-anonymous neighbourhoods.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

THEOREMS

THEOREM (STOKES AND FARRÀS) Combinatorial (v, b, r, k)-configuration with n-anonymous neighbourhoods satisfies: There exists partition G = {gi}m

i=1 of the point set such that

the points in the same part are not collinear and |gi| ≥ n, for all i ∈ {1, . . . , m}, r ≥ n and m ≥ k.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

THEOREMS

THEOREM (STOKES AND FARRÀS) In combinatorial (v, b, r, k)-configuration C with n-anonymous neighbourhoods and anonymity partition G = {gi}m

i=1 and

|gi| = n for all i ∈ {1, . . . , m}, v = n iff m = k. In this case, C is transversal design TD1(k, n), and v = kn and b = n2.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

APPLICATION IN PAY TELEVISION

(Korjik, Ivkov, Merinovich, Barg, and van Tilborg) subscribers = points of PG(2, q), codes = lines of PG(2, q), subscriber quits: codes of lines become invalid, new issue of codes: only necessary when codes of all lines through subscriber become invalid.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

THE FANO PLANE PG(2, 2)

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

REFERENCES

W.-A. Jackson, K.M. Martin, and C.M. O’Keefe, Geometrical contributions to secret sharing theory. J.

• Geom. 79 (2004), 102–133.

W.-A. Jackson, K.M. Martin, and M.B. Paterson, Applications of Galois geometry to cryptology. Chapter in Current research topics in Galois geometry (J. De Beule and L. Storme, Eds.), NOVA Academic Publishers (2012), 215–244.

Leo Storme Galois geometries and cryptography

Galois geometries Geometry and cryptography

• 1. Secret sharing scheme
• 2. Message Authentication code (MAC)
• 3. Anonymous database search
• 4. Application in pay television

Thank you very much for your attention!

Leo Storme Galois geometries and cryptography