[PPT] - Secure Network Coding via Filtered Secret Sharing Jon Feldman, Tal PowerPoint Presentation

SLIDE 1

Secure Network Coding via Filtered Secret Sharing

Jon Feldman, Tal Malkin, Rocco Servedio, Cliff Stein (Columbia University)

jonfeld@ieor, tal@cs, rocco@cs, cliff@ieor

✁

.columbia.edu

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.1/21

SLIDE 2

Network Coding and Security

Network coding: new model of transmission...

✁

...how do we make it secure?

1. Cai and Yeung[02]

✁

wire-tap adversary: can look at any

✂

edges.

✁

Suff. conditions for

✄

secure multicast code.

2. Jain[04]: More precise cond. (one terminal).
3. Ho, Leong, Koetter, Médard, Effros, Karger [04]:

Byzantine modification detection.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.2/21

SLIDE 3

Network Coding and Security

Network coding: new model of transmission...

✁

...how do we make it secure?

1. Cai and Yeung[02]

✁

wire-tap adversary: can look at any

✂

edges.

✁

Suff. conditions for

✄

secure multicast code.

2. Jain[04]: More precise cond. (one terminal).
3. Ho, Leong, Koetter, Médard, Effros, Karger [04]:

Byzantine modification detection.

This talk: precise analysis of wire-tap adversary,

balance between security, rate, edge bandwidth.

Related: robustness [Koetter Médard 02].

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.2/21

SLIDE 4

Making our Example Secure

✁

✂

✄

✂

✁

✂

✄

✂

✁

✂

✄

✂ ✂ ✂ ✂ ☎ ✆ ✝ ✆ ✞

Use

✟ ✠ ✡ ☛ ☞ ✌ ✍ ✌ ✎ ✏

.

Less ambitious goal: Send
ne symbol
✑

✟ ✠

to both sinks.

Choose

✂ ✑ ✟ ✠

randomly.

Can define symbols s.t.

any single wire-tapper learns nothing about

,

both sinks can compute

.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.3/21

SLIDE 5

Linear Multicast Network Coding (No Security) Given: Network

✡

✁ ✂ ✌ ✄ ☎

, source

☎ ✑ ✂

, sinks

✆ ✝ ✂

. min-cut value =

✞ ✡ ✟ ✠ ✡ ☛ ☞ ☛

.

Goal: get message

✌ ✑ ✟ ✍ ✎

to every sink.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.4/21

SLIDE 6

Linear Multicast Network Coding (No Security) Given: Network

✡

✁ ✂ ✌ ✄ ☎

, source

☎ ✑ ✂

, sinks

✆ ✝ ✂

. min-cut value =

✞ ✡ ✟ ✠ ✡ ☛ ☞ ☛

.

Goal: get message

✌ ✑ ✟ ✍ ✎

to every sink.

Network code:

✁

Define coding vectors

✁

✂ ✄ ✑ ✟ ✍ ✎

for each edge.

✁

Edge carries symbol

✌ ☎

✁

✂ ✄

.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.4/21

SLIDE 7

Linear Multicast Network Coding (No Security) Given: Network

✡

✁ ✂ ✌ ✄ ☎

, source

☎ ✑ ✂

, sinks

✆ ✝ ✂

. min-cut value =

✞ ✡ ✟ ✠ ✡ ☛ ☞ ☛

.

Goal: get message

✌ ✑ ✟ ✍ ✎

to every sink.

Network code:

✁

Define coding vectors

✁

✂ ✄ ✑ ✟ ✍ ✎

for each edge.

✁

Edge carries symbol

✌ ☎

✁

✂ ✄

.

Feasibility of transmission:

(i) Every

✁
✌
✄

spanned by

☛

✁

✁ ✌

✄

✏ ✂

(or

✁ ✡ ☎

).

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.4/21

SLIDE 8

Linear Multicast Network Coding (No Security) Given: Network

✡

✁ ✂ ✌ ✄ ☎

, source

☎ ✑ ✂

, sinks

✆ ✝ ✂

. min-cut value =

✞ ✡ ✟ ✠ ✡ ☛ ☞ ☛

.

Goal: get message

✌ ✑ ✟ ✍ ✎

to every sink.

Network code:

✁

Define coding vectors

✁

✂ ✄ ✑ ✟ ✍ ✎

for each edge.

✁

Edge carries symbol

✌ ☎

✁

✂ ✄

.

Feasibility of transmission:

(i) Every

✁
✌
✄

spanned by

☛

✁

✁ ✌

✄

✏ ✂

(or

✁ ✡ ☎

).

Recoverability at sinks:

(ii) For all

✆ ✑ ✆

, the vectors

☛

✁

✁ ✌ ✆ ✄ ✏ ✂

span

✟ ✍ ✎

.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.4/21

SLIDE 9

Wire-Tap Model, Randomness at the Source

Adversary has access to any set of

✂

edges,

knows symbol transmitted along edge,
knows network code, topology,
has unlimited computational power.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.5/21

SLIDE 10

Wire-Tap Model, Randomness at the Source

Adversary has access to any set of

✂

edges,

knows symbol transmitted along edge,
knows network code, topology,
has unlimited computational power.
Source allowed to generate random symbols (

✂

).

✁

(Jain [04]: random bits at intermediate nodes)

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.5/21

SLIDE 11

Wire-Tap Model, Randomness at the Source

Adversary has access to any set of

✂

edges,

knows symbol transmitted along edge,
knows network code, topology,
has unlimited computational power.
Source allowed to generate random symbols (

✂

).

✁

(Jain [04]: random bits at intermediate nodes)

Task: design function

✌ ✡

✁

✁ ✌ ✂ ☎

at source, coding vectors on edges s.t.:

✁

Coding vectors satisfy feasibility,

✁

Information

✁

recoverable at each sink,

✁

Information

✁

secure against adversary.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.5/21

SLIDE 12

Wire-Tap Model, Randomness at the Source

Adversary has access to any set of

✂

edges,

knows symbol transmitted along edge,
knows network code, topology,
has unlimited computational power.
Source allowed to generate random symbols (

✂

).

✁

(Jain [04]: random bits at intermediate nodes)

Task: design function

✌ ✡

✁

✁ ✌ ✂ ☎

at source, coding vectors on edges s.t.:

✁

Coding vectors satisfy feasibility,

✁

Information

✁

recoverable at each sink,

✁

Information

✁

secure against adversary.

Goal: information-theoretic security.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.5/21

SLIDE 13

Security, Rate and Bandwidth

We study possible trade-offs between security, rate

and bandwidth: Security =

✂

= # edges tapped

✞

✡ ✟ ✠ ✡ ☛ ☞ ☛

. Rate =

✆

= # information symbols multicast. Edge Bandwidth =

✁ ✂ ✄ ☎

, where symbols in

✟ ✎

.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.6/21

SLIDE 14

Security, Rate and Bandwidth

We study possible trade-offs between security, rate

and bandwidth: Security =

✂

= # edges tapped

✞

✡ ✟ ✠ ✡ ☛ ☞ ☛

. Rate =

✆

= # information symbols multicast. Edge Bandwidth =

✁ ✂ ✄ ☎

, where symbols in

✟ ✎

.

Easy to show:

✆

✞

✄ ✂

.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.6/21

SLIDE 15

Security, Rate and Bandwidth

We study possible trade-offs between security, rate

and bandwidth: Security =

✂

= # edges tapped

✞

✡ ✟ ✠ ✡ ☛ ☞ ☛

. Rate =

✆

= # information symbols multicast. Edge Bandwidth =

✁ ✂ ✄ ☎

, where symbols in

✟ ✎

.

Easy to show:

✆

✞

✄ ✂

.

Cai and Yeung [02]: If

☎

✁

✂ ✄ ✂ ☎ ✆

, can send

✆ ✡ ✞ ✄ ✂

symbols securely.

✁

Construction time

✝ ✁ ✂ ✄ ✂ ☎ ✆

.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.6/21

SLIDE 16

Our Results

If you give up a little capacity, bandwidth

requirement reduced significantly: Thm: For any

✍

, if

☎

✁

✄ ✁ ✂ ✄ ☎ ✆ ✝ ☎ ✞

, can send

✆ ✡ ✞ ✄

✂

symbols securely.

✁

Algorithm: poly-time, secure w.h.p.

✁

If

✂ ✡ ✟ ✁ ✁ ✄ ✁ ☎

, only need

☎

✎

✂ ✄ ☎ ✆ ✝ ☎ ✞

.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.7/21

SLIDE 17

Our Results

If you give up a little capacity, bandwidth

requirement reduced significantly: Thm: For any

✍

, if

☎

✁

✄ ✁ ✂ ✄ ☎ ✆ ✝ ☎ ✞

, can send

✆ ✡ ✞ ✄

✂

symbols securely.

✁

Algorithm: poly-time, secure w.h.p.

✁

If

✂ ✡ ✟ ✁ ✁ ✄ ✁ ☎

, only need

☎

✎

✂ ✄ ☎ ✆ ✝ ☎ ✞

.

If you do not give up capacity, then bandwidth

might have to be large: Thm: If

✆ ✡ ✞ ✄ ✂

, then there are examples where all solutions (using this method) must have

☎ ✁ ✄ ✁

☎

.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.7/21

SLIDE 18

Relation w/ Cai & Yeung

Core Lemma of Cai and Yeung: If one can

construct a matrix with certain independence properties relative to the coding vectors, then the network code can be altered to achieve security.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.8/21

SLIDE 19

Relation w/ Cai & Yeung

Core Lemma of Cai and Yeung: If one can

construct a matrix with certain independence properties relative to the coding vectors, then the network code can be altered to achieve security.

Our extensions:

✁

Independence properties are also necessary.

✁

Using orthogonal space, re-cast as coding theory problem.

✁

Give up some capacity to make coding problem solvable.

✁

Use necessary direction, covering radius, to prove negative result.

✁

Observation: don’t alter code, just input.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.8/21

SLIDE 20

Making a Given Network Code Secure [CY02] Given a linear solution

✁

✁

✂ ✄ ☎

✁

✄

to a network coding problem, can we use it securely?

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.9/21

SLIDE 21

Making a Given Network Code Secure [CY02] Given a linear solution

✁

✁

✂ ✄ ☎

✁

✄

to a network coding problem, can we use it securely?

Set

✌ ✡

✁

✁ ✌ ✂ ☎

, with info

✁ ✑ ✟

✎

, random

✂ ✑ ✟ ✁ ✎

.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.9/21

SLIDE 22

Making a Given Network Code Secure [CY02] Given a linear solution

✁

✁

✂ ✄ ☎

✁

✄

to a network coding problem, can we use it securely?

Set

✌ ✡

✁

✁ ✌ ✂ ☎

, with info

✁ ✑ ✟

✎

, random

✂ ✑ ✟ ✁ ✎

.

Send message

✌

normally using network code.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.9/21

SLIDE 23

Making a Given Network Code Secure [CY02] Given a linear solution

✁

✁

✂ ✄ ☎

✁

✄

to a network coding problem, can we use it securely?

Set

✌ ✡

✁

✁ ✌ ✂ ☎

, with info

✁ ✑ ✟

✎

, random

✂ ✑ ✟ ✁ ✎

.

Send message

✌

normally using network code.

Security condition: If adversary looks at any

✂

edges, can learn nothing about

✁

. (More formally, for all sets

✄

✁

✄

with

✁ ✄

✁
✂

, If

✂

is a random vector in

✟ ✁ ✎

, the random variable

✁

✁

✁ ✌ ✂ ☎ ☎

✁

✂ ✄ ☎

✁

✄ ✂

is independent of

✁

.)

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.9/21

SLIDE 24

Making a Given Network Code Secure [CY02] Given a linear solution

✁

✁

✂ ✄ ☎

✁

✄

to a network coding problem, can we use it securely?

Set

✌ ✡

✁

✁ ✌ ✂ ☎

, with info

✁ ✑ ✟

✎

, random

✂ ✑ ✟ ✁ ✎

.

Send message

✌

normally using network code.

Security condition: If adversary looks at any

✂

edges, can learn nothing about

✁

. (More formally, for all sets

✄

✁

✄

with

✁ ✄

✁
✂

, If

✂

is a random vector in

✟ ✁ ✎

, the random variable

✁

✁

✁ ✌ ✂ ☎ ☎

✁

✂ ✄ ☎

✁

✄ ✂

is independent of

✁

.)

Recoverability, feasibility follow immediately (as

long as

✁

can be determined from

✁

✁ ✌ ✂ ☎

).

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.9/21

SLIDE 25

Making a Given Network Code Secure [CY02] Given a linear solution

✁

✁

✂ ✄ ☎

✁

✄

to a network coding problem, can we use it securely?

Set

✌ ✡

✁

✁ ✌ ✂ ☎

, with info

✁ ✑ ✟

✎

, random

✂ ✑ ✟ ✁ ✎

.

Send message

✌

normally using network code.

Security condition: If adversary looks at any

✂

edges, can learn nothing about

✁

. (More formally, for all sets

✄

✁

✄

with

✁ ✄

✁
✂

, If

✂

is a random vector in

✟ ✁ ✎

, the random variable

✁

✁

✁ ✌ ✂ ☎ ☎

✁

✂ ✄ ☎

✁

✄ ✂

is independent of

✁

.)

Recoverability, feasibility follow immediately (as

long as

✁

can be determined from

✁

✁ ✌ ✂ ☎

).

Advantage: don’t need to alter network code.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.9/21

SLIDE 26

Secret Sharing (Shamir)

...

Secret

☎ ✝ ☎ ✞ ☎ ✠ ☎ ✍

Dealer has “secret”.
Distribute shares

☎ ✝ ✌

✌

☎ ✍

s.t.

✁

Given any

✂

shares, can recover secret.

✁

Given any

✂ ✄ ✍

shares, learn nothing.

Computational/info-theoretic security
“Access pattern” for recoverability/security.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.10/21

SLIDE 27

Connection to Secret Sharing

Simple case: single source/sink,

✞

parallel edges, adversary has any set of

✂

edges.

... s t

Modest goal

✆ ✡ ✍

: send one symbol

✁ ✑ ✟ ✎

.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.11/21

SLIDE 28

Connection to Secret Sharing

Suppose
✁

✂ ☛ ✄

=

✁ ☞ ✌ ☞ ✌

✌

☞ ✌ ✍ ✌ ☞ ✌

✌

☞ ☎

.

✁
✁

✁ ✌ ✂ ☎

is the “dealer” in secret sharing.

Encoding:

✁

Choose

✁ ✂ ✝ ✌

✂

☎ ☎

at random.

✁

Let

✂ ✁ ✄ ☎ ✡ ✁ ✁ ✂ ✝ ✄ ✁ ✂ ✞ ✄ ✞ ✁ ☎ ☎ ☎ ✁ ✂ ☎ ✄ ☎ ✁

Set message

✌ ✡ ✁ ✂ ✁ ☎ ✝ ☎ ✌

✌

✂ ✁ ☎ ✍ ☎ ☎

.

✁

(Encode (x,r) using a Reed-Solomon code.)

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.12/21

SLIDE 29

Connection to Secret Sharing

Suppose
✁

✂ ☛ ✄

=

✁ ☞ ✌ ☞ ✌

✌

☞ ✌ ✍ ✌ ☞ ✌

✌

☞ ☎

.

✁
✁

✁ ✌ ✂ ☎

is the “dealer” in secret sharing.

Encoding:

✁

Choose

✁ ✂ ✝ ✌

✂

☎ ☎

at random.

✁

Let

✂ ✁ ✄ ☎ ✡ ✁ ✁ ✂ ✝ ✄ ✁ ✂ ✞ ✄ ✞ ✁ ☎ ☎ ☎ ✁ ✂ ☎ ✄ ☎ ✁

Set message

✌ ✡ ✁ ✂ ✁ ☎ ✝ ☎ ✌

✌

✂ ✁ ☎ ✍ ☎ ☎

.

✁

(Encode (x,r) using a Reed-Solomon code.)

Decoding:

✁

Knowing all

✂ ✁ ☎ ☛ ☎

reveals

✂

(interpolation).

✁

Knowing

✂

r fewer

✌ ☛

’s tells you nothing.

✁

Works for any

✂

✞

✄ ✍

.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.12/21

SLIDE 30

Filtered Secret Sharing

“Classical” secret sharing: adversary has

✂

shares.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.13/21

SLIDE 31

Filtered Secret Sharing

“Classical” secret sharing: adversary has

✂

shares.

“Filtered” secret sharing:

✁

“Menu” of

lin. combos of all

✞

shares

✁

Adversary chooses

✂

items from the menu

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.13/21

SLIDE 32

Filtered Secret Sharing

“Classical” secret sharing: adversary has

✂

shares.

“Filtered” secret sharing:

✁

“Menu” of

lin. combos of all

✞

shares

✁

Adversary chooses

✂

items from the menu

Secret is

✁ ✑ ✟

✎

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.13/21

SLIDE 33

Filtered Secret Sharing

“Classical” secret sharing: adversary has

✂

shares.

“Filtered” secret sharing:

✁

“Menu” of

lin. combos of all

✞

shares

✁

Adversary chooses

✂

items from the menu

Secret is

✁ ✑ ✟

✎
Given:

✞

by-
full-rank “filter” matrix

✂

ver

✟ ✎

.

Find: Function
✟
✎

✁ ✟ ✁ ✎ ✂ ✟ ✍ ✎

such that: For all

✞

by-

✂

submatrices

✂

f

✂

,

ver random

✂ ✄ ✟ ✁ ✎

, we have

✁

✁ ✌ ✂ ☎ ☎ ✂

indep. of

✁

(

☎ ✁

).

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.13/21

SLIDE 34

Filtered Secret Sharing

Given:

✞

by-
full-rank “filter” matrix

✂

ver

✟ ✎

.

Find: Function
✟
✎

✁ ✟ ✁ ✎ ✂ ✟ ✍ ✎

such that: For all

✞

by-

✂

submatrices

✂

f

✂

,

ver random

✂ ✄ ✟ ✁ ✎

, we have

✁

✁ ✌ ✂ ☎ ☎ ✂

indep. of

✁

.

Classical: special case

✆ ✡ ✍

,

✡

✞

,

✂ ✡

.
For network coding:

✁

✡

✁ ✄ ✁

,

✂

is

✞

by-

✁ ✄ ✁

matrix of coding vectors.

✁

Ignores network topology.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.14/21

SLIDE 35

Design of Linear Error-Correcting Codes

Code
✁

= linear subspace generated by the rows of

✂

by-
matrix
.
Distance(
✁

) =

✟ ✠ ✡ ✄ ✁ ☎ ✆ ✝ ✁ ✞ ✌ ☞ ✍ ☎

.

Goal in coding theory:

✁

For given rate

✂ ✟

, find code with large

distance.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.15/21

SLIDE 36

Design of Linear Error-Correcting Codes

Code
✁

= linear subspace generated by the rows of

✂

by-
matrix
.
Distance(
✁

) =

✟ ✠ ✡ ✄ ✁ ☎ ✆ ✝ ✁ ✞ ✌ ☞ ✍ ☎

.

Goal in coding theory:

✁

For given rate

✂ ✟

, find code with large

distance. ——————————————-

Generalization:

✁

Designed code must be far from

☞ ✍

, and some

ther given points.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.15/21

SLIDE 37

Generalized Coding Problem

For generators
,

✁

, define:

✝ ✂ ✁

✌

✁ ☎ ✄ ✟ ✠ ✡ ✄ ✁ ☎ ☎ ✆ ✄ ✂ ✁ ☎ ✝ ✆ ✄ ✂ ✞ ✟ ✠ ✝ ✁ ✞ ✌ ✞

☎

✁

Note: Asymmetric

✁

Note:

✝ ✂ ✁

✌

✁ ☎

min-dist(
✡

)

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.16/21

SLIDE 38

Generalized Coding Problem

For generators
,

✁

, define:

✝ ✂ ✁

✌

✁ ☎ ✄ ✟ ✠ ✡ ✄ ✁ ☎ ☎ ✆ ✄ ✂ ✁ ☎ ✝ ✆ ✄ ✂ ✞ ✟ ✠ ✝ ✁ ✞ ✌ ✞

☎

✁

Note: Asymmetric

✁

Note:

✝ ✂ ✁

✌

✁ ☎

min-dist(
✡

)

“Span Distance Problem” (over field

✟ ✎

): Given an

☎

by-
matrix
, find a

✂

by-
matrix

✁

where

✝ ✂ ✁

✌

✁ ☎

✂

.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.16/21

SLIDE 39

Generalized Coding Problem

For generators
,

✁

, define:

✝ ✂ ✁

✌

✁ ☎ ✄ ✟ ✠ ✡ ✄ ✁ ☎ ☎ ✆ ✄ ✂ ✁ ☎ ✝ ✆ ✄ ✂ ✞ ✟ ✠ ✝ ✁ ✞ ✌ ✞

☎

✁

Note: Asymmetric

✁

Note:

✝ ✂ ✁

✌

✁ ☎

min-dist(
✡

)

“Span Distance Problem” (over field

✟ ✎

): Given an

☎

by-
matrix
, find a

✂

by-
matrix

✁

where

✝ ✂ ✁

✌

✁ ☎

✂

.

Goal: Design code
✡

with distance

✂

to every codeword in

.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.16/21

SLIDE 40

Filtered Secret sharing

✁

Span Distance

Filtered secret sharing (linear
) is a special case
f the span distance problem:

✄

(linear) f.s.s. solution

with

✆ ✡ ✞ ✄

✂
✁

(for all

✍

)

✄

solution to the span distance problem with

✁

✡

✂

, (
generates null space of

✂

)

✁ ✂ ✡ ✆

,

✁

Required distance =

✂

.

Parameter
✍

for network coding application: amount of capacity given up.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.17/21

SLIDE 41

Positive result

Given any
, choose

✁

randomly.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.18/21

SLIDE 42

Positive result

Given any
, choose

✁

randomly.

Analysis like random lin. codes on G-V bound:

✁

Each vector in

✡

has

✁
✁

Vol

✎ ✁ ✂ ✌

☎

✟ ☎

prob. of having dist.
✂

from

.

✁

Union bound over

☎ ✁

codewords

✡

: Random

✁

has

✝ ✂ ✁

✌

✁ ☎

✂

w/ prob.

✍

✄ ☎ ✁ ☎ ✂ ☎ ✄

Vol

✎ ✁ ✂ ✌

☎

✡ ✍ ✄ ☎ ✄ ☎ ☎

Vol

✎ ✁ ✂ ✌

☎

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.18/21

SLIDE 43

Positive result

Given any
, choose

✁

randomly.

Analysis like random lin. codes on G-V bound:

✁

Each vector in

✡

has

✁
✁

Vol

✎ ✁ ✂ ✌

☎

✟ ☎

prob. of having dist.
✂

from

.

✁

Union bound over

☎ ✁

codewords

✡

: Random

✁

has

✝ ✂ ✁

✌

✁ ☎

✂

w/ prob.

✍

✄ ☎ ✁ ☎ ✂ ☎ ✄

Vol

✎ ✁ ✂ ✌

☎

✡ ✍ ✄ ☎ ✄ ☎ ☎

Vol

✎ ✁ ✂ ✌

☎
In general, Pr
☞

if

☎

✂

✄ ☎ ✆ ✝ ☎ ✞

.

For

✂ ✡ ✟ ✁

☎

, need only

☎

✎

✂ ✄ ✝

✄

☎ ✄ ✝ ✞ ✞

.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.18/21

SLIDE 44

Negative Result: Using the Covering Radius

Covering radius(
) =

✟

✁

✂ ✁ ✄ ☎ ✆ ✝ ✁ ✄ ✌

☎

.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.19/21

SLIDE 45

Negative Result: Using the Covering Radius

Covering radius(
) =

✟

✁

✂ ✁ ✄ ☎ ✆ ✝ ✁ ✄ ✌

☎

.

If
has covering radius

✂ ✡ ✁

no

✑

✟

✎

(let alone subspace

✡

) has dist

✂

from

.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.19/21

SLIDE 46

Negative Result: Using the Covering Radius

Covering radius(
) =

✟

✁

✂ ✁ ✄ ☎ ✆ ✝ ✁ ✄ ✌

☎

.

If
has covering radius

✂ ✡ ✁

no

✑

✟

✎

(let alone subspace

✡

) has dist

✂

from

.
Setting
✡

✍

, using result of [Cohen, Frankl 85]: Thm:

☎ ☎ ✌ ✂

s.t. (

✁

✂ ✄ ☎ ✆ ✝ ✞ ☎ ✆ ✝ ✟ ✄ ☎ ✆ ✝

Vol

✠ ✡ ☛ ☞ ✞ ✌ ☎ ✆ ✝ ✟ ✍ ✎ ✏ ✑ ✒ ✂ ✍ ✏ ✑ ✒ ✓ ✍ ✏ ✑ ✒ ✏ ✔ ✓

) and (

✕ ✍ ✖ ✗ ✂ ✄

✁

☎ ✆ ✝ ✞ ☎ ✆ ✝ ✟ ✍ ☎ ✆ ✝

Vol

✠ ✡ ☛ ☞ ✞ ✌ ☎ ✆ ✝ ✟ ✄ ✎ ✏ ✑ ✒ ✂ ✄ ✏ ✑ ✒ ✓ ✄ ✏ ✑ ✒ ✏ ✔ ✓

),

✄

s.t.

✘ ✁

where

✝ ✂ ✁

✌

✁ ☎

✂

✡

✄

☎ ✄ ✂

.

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.19/21

SLIDE 47

Negative Result: Using the Covering Radius

Covering radius(
) =

✟

✁

✂ ✁ ✄ ☎ ✆ ✝ ✁ ✄ ✌

☎

.

If
has covering radius

✂ ✡ ✁

no

✑

✟

✎

(let alone subspace

✡

) has dist

✂

from

.
Setting
✡

✍

, using result of [Cohen, Frankl 85]: Thm:

☎ ☎ ✌ ✂

s.t. (

✁

✂ ✄ ☎ ✆ ✝ ✞ ☎ ✆ ✝ ✟ ✄ ☎ ✆ ✝

Vol

✠ ✡ ☛ ☞ ✞ ✌ ☎ ✆ ✝ ✟ ✍ ✎ ✏ ✑ ✒ ✂ ✍ ✏ ✑ ✒ ✓ ✍ ✏ ✑ ✒ ✏ ✔ ✓

) and (

✕ ✍ ✖ ✗ ✂ ✄

✁

☎ ✆ ✝ ✞ ☎ ✆ ✝ ✟ ✍ ☎ ✆ ✝

Vol

✠ ✡ ☛ ☞ ✞ ✌ ☎ ✆ ✝ ✟ ✄ ✎ ✏ ✑ ✒ ✂ ✄ ✏ ✑ ✒ ✓ ✄ ✏ ✑ ✒ ✏ ✔ ✓

),

✄

s.t.

✘ ✁

where

✝ ✂ ✁

✌

✁ ☎

✂

✡

✄

☎ ✄ ✂

.

✄

reasonable settings of

☎ ✌ ✂ ✌ ✂

, where

✄

s.t.

☎

✂

✄

☎
✁

✂ ☎ ✞

if

✁

exists. (Contrast to C/Y upper

bound

✁

☎

✆

.)

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.19/21

SLIDE 48

Conclusions

Given a fixed linear network code, the problem of

making it secure (using linear filtered secret sharing) is a generalized [classical] code design problem.

To achieve security: trade-off between rate

✁ ✆ ✡ ✞ ✄

✂

☎

and required link bandwidth

✁ ✁ ✂ ✄ ☎ ☎

.

✁

Sacrificing small amount of capacity allows large savings in required bandwidth.

Secret sharing can be extended from

[adversary gets

✂

shares] ,to [adversary gets

✂

linear combinations (from a given set) of all

✞

shares] .

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.20/21

SLIDE 49

Future Work

Better upper/lower bounds (
✡

✍

, or in general).

Consider (network topology, code design, security,

robustness) simultaneously.

Allow more power at nodes [Jain: random bits].
Relax notion of security [Jain: computationally

bounded adversary].

Different adversaries, non-linear network codes,

non-multicast?

Feldman, Malkin, Servedio, Stein: Secure Network Coding via Filtered Secret Sharing – p.21/21