Journal of Applied Mathematics

Volume 2013 (2013), Article ID 320392, 7 pages

http://dx.doi.org/10.1155/2013/320392

## A New Construction of Multisender Authentication Codes from Polynomials over Finite Fields

College of Science, Civil Aviation University of China, Tianjin 300300, China

Received 3 February 2013; Accepted 7 April 2013

Academic Editor: Yang Zhang

Copyright © 2013 Xiuli Wang. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

#### Abstract

Multisender authentication codes allow a group of senders to construct an authenticated message for a receiver such that the receiver can verify the authenticity of the received message. In this paper, we construct one multisender authentication code from polynomials over finite fields. Some parameters and the probabilities of deceptions of this code are also computed.

#### 1. Introduction

Multisender authentication code was firstly constructed by Gilbert et al. [1] in 1974. Multisender authentication system refers to who a group of senders, cooperatively send a message to a receiver; then the receiver should be able to ascertain that the message is authentic. About this case, many scholars and researchers had made great contributions to multisender authentication codes, such as [2–6].

In the actual computer network communications, multisender authentication codes include sequential model and simultaneous model. Sequential model is that each sender uses his own encoding rules to encode a source state orderly, the last sender sends the encoded message to the receiver, and the receiver receives the message and verifies whether the message is legal or not. Simultaneous model is that all senders use their own encoding rules to encode a source state, and each sender sends the encoded message to the synthesizer, respectively; then the synthesizer forms an authenticated message and verifies whether the message is legal or not. In this paper, we will adopt the second model.

In a simultaneous model, there are four participants: a group of senders , the key distribution center, he is responsible for the key distribution to senders and receiver, including solving the disputes between them, a receiver , and a synthesizer, where he only runs the trusted synthesis algorithm. The code works as follows: each sender and receiver has their own Cartesian authentication code, respectively. Let be the senders’ Cartesian authentication code, be the receiver’s Cartesian authentication code, be the synthesis algorithm, and be a subkey generation algorithm, where is the key set of the key distribution center. When authenticating a message, the senders and the receiver should comply with the protocol. The key distribution center randomly selects an encoding rule and sends to the th sender , secretly; then he calculates by according to an effective algorithm and secretly sends to the receiver . If the senders would like to send a source state to the receiver , computes and sends to the synthesizer through an open channel. The synthesizer receives the message and calculates by the synthesis algorithm and then sends message to the receiver; he checks the authenticity by verifying whether or not. If the equality holds, the message is authentic and is accepted. Otherwise, the message is rejected.

We assume that the key distribution center is credible, and though he know the senders’ and receiver’s encoding rules, he will not participate in any communication activities. When transmitters and receiver are disputing, the key distribution center settles it. At the same time, we assume that the system follows the Kerckhoff principle in which, except the actual used keys, the other information of the whole system is public.

In a multisender authentication system, we assume that the whole senders are cooperative to form a valid message; that is, all senders as a whole and receiver are reliable. But there are some malicious senders who together cheat the receiver; the part of senders and receiver are not credible, and they can take impersonation attack and substitution attack. In the whole system, we assume that are senders, is a receiver, is the encoding rules set of the sender , and is the decoding rules set of the receiver . If the source state space and the key space of receiver are according to a uniform distribution, then the message space and the tag space are determined by the probability distribution of and . , , , . Now consider that let us consider the attacks from malicious groups of senders. Here, there are two kinds of attack.

The opponent’s impersonation attack to receiver: , after receiving their secret keys, encode a message and send it to the receiver. are successful if the receiver accepts it as legitimate message. Denote by the largest probability of some opponent’s successful impersonation attack to receiver; it can be expressed as

The opponent’s substitution attack to the receiver: replace with another message , after they observe a legitimate message . are successful if the receiver accepts it as legitimate message; it can be expressed as

There might be malicious senders who together cheat the receiver; that is, the part of senders and the receiver are not credible, and they can take impersonation attack. Let , and . Assume that , after receiving their secret keys, send a message to the receiver ; are successful if the receiver accepts it as legitimate message. Denote by the maximum probability of success of the impersonation attack to the receiver. It can be expressed as
*Notes. * implies that any information encoded by can be authenticated by .

In [2], Desmedt et al. gave two constructions for MRA-codes based on polynomials and finite geometries, respectively. To construct multisender or multireceiver authentication by polynomials over finite fields, many researchers have done much work, for example, [7–9]. There are other constructions of multisender authentication codes that are given in [3–6]. The construction of authentication codes is combinational design in its nature. We know that the polynomial over finite fields can provide a better algebra structure and is easy to count. In this paper, we construct one multisender authentication code from the polynomial over finite fields. Some parameters and the probabilities of deceptions of this code are also computed. We realize the generalization and the application of the similar idea and method of the paper [7–9].

#### 2. Some Results about Finite Field

Let be the finite field with elements, where is a power of a prime and is a field containing ; denote by be the nonzero elements set of . In this paper, we will use the following conclusions over finite fields.

Conclusion 1. *A generator of is called a primitive element of .*

Conclusion 2. *Let ; if some polynomials contain as their root and their leading coefficient are 1 over , then the polynomial having least degree among all such polynomials is called a minimal polynomial over .*

Conclusion 3. *Let , then is an -dimensional vector space over . Let be a primitive element of and the minimal polynomial about over ; then and is a basis of . Furthermore, is linear independent, and it is equal to ( is a primitive element, is also linear independent; moreover, is also linear independent.*

Conclusion 4. *Consider , where and is a nonnegative power of character of .*

Conclusion 5. *Let . Then, the number of matrices of rank over is .*

More results about finite fields can be found in [10–12].

#### 3. Construction

Let the polynomial , where the coefficient , , and these vectors by the composition of their coefficient are linearly independent. The set of source states ; the set of th transmitter’s encoding rules ; the set of receiver’s encoding rules , where is a primitive element of ; the set of th transmitter’s tags ; the set of receiver’s tags .

Define the encoding map , , .

The decoding map , .

The synthesizing map , .

The code works as follows.

Assume that is larger than, or equal to, the number of the possible message and .

##### 3.1. Key Distribution

The key distribution center randomly generates polynomials , where , and make these vectors by composed of their coefficient is linearly independent, it is equivalent to the column vectors of the matrix is linearly independent. He selects distinct nonzero elements again and makes secret; then he sends privately to the sender . The key distribution center also randomly chooses a primitive element of satisfying and sends to the receiver .

##### 3.2. Broadcast

If the senders want to send a source state to the receiver , the sender calculates , and then sends to the synthesizer.

##### 3.3. Synthesis

After the synthesizer receives , he calculates and then sends to the receiver .

##### 3.4. Verification

When the receiver receives , he calculates . If , he accepts ; otherwise, he rejects it.

Next, we will show that the above construction is a well defined multisender authentication code with arbitration.

Lemma 1. * Let ; then the code is an A-code, .*

* Proof. * For any ,, because , so . Conversely, for any , choose , where , and let ; it is equivalent to
It follows that
Denote
The above linear equation is equivalent to , because the column vectors of are linearly independent, is equivalent to a Vandermonde matrix, and is inverse; therefore, the above linear equation has a unique solution, so is only defined; that is, ) is a surjection.

If is another source state satisfying , and it is equivalent to , then
Thus
Similar to , we know that the homogeneous linear equation has a unique solution; that is, there is only zero solution, so . So, is the unique source state determined by and ; thus, is an A-code.

Lemma 2. * Let ; then the code is an A-code.*

* Proof. * For any , , from the definition of , we assume that , where is a primitive element of , ; on the other hand, for any , choose , where is a primitive element of , ; it is equivalent to
that is, . From Conclusion 3, we know that is linearly independent and the column vectors of are also linearly independent; therefore, the above linear equation has unique solution, so is only defined; that is, is a surjection.

If is another source state satisfying , then
that is, . Similar to , we get that the homogeneous linear equation has a unique solution; that is, there is only zero solution, so ; that is, . So, is the unique source state determined by and ; thus, is an A-code.

At the same time, for any valid , we have known that , and it follows that . We also have known that ; from Conclusion 4, , where is a nonnegative power of character of , and we get ; therefore, , and the receiver accepts .

From Lemmas 1 and 2, we know that such construction of multisender authentication codes is reasonable and there are senders in this system. Next, we compute the parameters of this code and the maximum probability of success in impersonation attack and substitution attack by the group of senders.

Theorem 3. * Some parameters of this construction are . Where is the Euler function of , it represents the number of primitive element of here.*

* Proof. *For , , and , the results are straightforward. For , because , where , and these vectors by the composition of their coefficient are linearly independent, it is equivalent to the columns of is linear independent. From Conclusion 5, we can conclude that the number of satisfying the condition is . On the other hand, the number of distinct nonzero elements in is , so . For , , where is a primitive element of . For , from Conclusion 1, a generator of is called a primitive element of , ; by the theory of the group, we know that the number of generator of is ; that is, the number of is . For . From above, we have confirmed that the number of these polynomials is ; therefore, .

Lemma 4. * For any , the number of contained is .*

* Proof. *Let , , where is a primitive element of . If , then . For any , suppose that there is another such that , then , because is linearly independent, so , but is arbitrarily; therefore, ; that is, , and it follows that is only determined by . Therefore, as , for any given and , the number of contained in is .

Lemma 5. * For any and with , the number of contained and is .*

* Proof. *Assume that , where is a primitive element of . If and , then , . It is equivalent to because , so ; otherwise, we assume that and since and the column vectors of both are linearly independent, it forces that ; this is a contradiction. Therefore, we get
since is given, is unique, by equation , for any given and , we obtain that is only determined; thus, the number of contained and is .

Lemma 6. * For any fixed containing a given , then the number of which is incidence with is .*

* Proof. *For any fixed containing a given , we assume that , , where is a primitive element of . From the definitions of and and Conclusion 4, we can conclude that is incidence with if and only if . For any , since , so the equation always has a solution. From the proof of Theorem 3, we know the number of which is incident with (i.e., the number of all ) is .

Lemma 7. * For any fixed containing a given and , the number of which is incidence with and contained in is .*

* Proof. *For any , we assume that , where is a primitive element of . Similar to Lemma 6, for any fixed , containing a given , we have known that is incident with if and only if
Again, with , we can get
By (11) and (12) and the property of , we have the following conclusion:
because is any given. Similar to the proof of Lemma 4, we can get ,; that is, , but and also are fixed; thus, and are only determined, so the number of which is incident with and contained in is .

Theorem 8. * In the constructed multisender authentication codes, if the senders’ encoding rules and the receiver’s decoding rules are chosen according to a uniform probability distribution, then the largest probabilities of success for different types of deceptions, respectively, are
*

*Proof. *By Theorem 3 and Lemma 4, we get

By Lemmas 4 and 5, we get

By Lemmas 6 and 7, we get

#### Acknowledgments

This paper is supported by the NSF of China (61179026) and the Fundamental Research of the Central Universities of China Civil Aviation University of Science special (ZXH2012k003).

#### References

- E. N. Gilbert, F. J. MacWilliams, and N. J. A. Sloane, “Codes which detect deception,”
*The Bell System Technical Journal*, vol. 53, pp. 405–424, 1974. View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - Y. Desmedt, Y. Frankel, and M. Yung, “Multi-receiver/multi-sender network security: efficient authenticated multicast/feedback,” in
*Proceedings of the the 11th Annual Conference of the IEEE Computer and Communications Societies (Infocom '92)*, pp. 2045–2054, May 1992. View at Scopus - K. Martin and R. Safavi-Naini, “Multisender authentication schemes with unconditional security,” in
*Information and Communications Security*, vol. 1334 of*Lecture Notes in Computer Science*, pp. 130–143, Springer, Berlin, Germany, 1997. View at Google Scholar - W. Ma and X. Wang, “Several new constructions of multi trasmitters authentication codes,”
*Acta Electronica Sinica*, vol. 28, no. 4, pp. 117–119, 2000. View at Google Scholar - G. J. Simmons, “Message authentication with arbitration of transmitter/receiver disputes,” in
*Advances in Cryptology—EUROCRYPT '87, Workshop on the Theory and Application of of Cryptographic Techniques*, vol. 304 of*Lecture Notes in Computer Science*, pp. 151–165, Springer, 1988. - S. Cheng and L. Chang, “Two constructions of multi-sender authentication codes with arbitration based linear codes to be published in,”
*WSEAS Transactions on Mathematics*, vol. 11, no. 12, 2012. View at Google Scholar - R. Safavi-Naini and H. Wang, “New results on multi-receiver authentication codes,” in
*Advances in Cryptology—EUROCRYPT '98 (Espoo)*, vol. 1403 of*Lecture Notes in Comput. Sci.*, pp. 527–541, Springer, Berlin, Germany, 1998. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - R. Aparna and B. B. Amberker, “Multi-sender multi-receiver authentication for dynamic secure group communication,”
*International Journal of Computer Science and Network Security*, vol. 7, no. 10, pp. 47–63, 2007. View at Google Scholar - R. Safavi-Naini and H. Wang, “Bounds and constructions for multireceiver authentication codes,” in
*Advances in cryptology—ASIACRYPT'98 (Beijing)*, vol. 1514 of*Lecture Notes in Comput. Sci.*, pp. 242–256, Springer, Berlin, Germany, 1998. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - S. Shen and L. Chen,
*Information and Coding Theory*, Science press in China, 2002. - J. J. Rotman,
*Advanced Modern Algebra*, High Education Press in China, 2004. - Z. Wan,
*Geometry of Classical Group over Finite Field*, Science Press in Beijing, New York, NY, USA, 2002.