Journal of Applied Mathematics

Volume 2013, Article ID 602539, 10 pages

http://dx.doi.org/10.1155/2013/602539

## A New Construction of Multisender Authentication Codes from Pseudosymplectic Geometry over Finite Fields

College of Science, Civil Aviation University of China, Tianjin 300300, China

Received 7 December 2012; Accepted 20 February 2013

Academic Editor: Song Cen

Copyright © 2013 Xiuli Wang. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

#### Abstract

Multisender authentication codes allow a group of senders to construct an authenticated message for one receiver such that the receiver can verify authenticity of the received message. In this paper, we construct one multisender authentication code from pseudosymplectic geometry over finite fields. The parameters and the probabilities of deceptions of this code are also computed.

#### 1. Introduction

Multisender authentication code was firstly constructed by Gilbert et al. in [1] in 1974. Multisender authentication system refers to a group of senders that cooperatively send a message to the receiver, and then the receiver should be able to ascertain that the message is authentic. About this case, many scholars had also much researches and had made great contributions to multisender authentication codes [2–6].

In the actual computer network communications, multisender authentication codes include sequential model and simultaneous model. Sequential model is that each sender uses its own encoding message to the receiver, and the receiver receives the message and verifies whether the message is legal or not. Simultaneous model is that all senders use their own encoding rules to encode a source state, and each sender sends the encoded message to the synthesizer, respectively, and then the synthesizer forms an authenticated message and verifies whether the message is legal or not. In this paper, we will adopt the second model.

In a simultaneous model, there are four participants: a group of senders , the keys distribution center, he is responsible for the key distribution to senders and receiver, including solving the disputes between them, a receiver , a synthesizer, he only runs the trusted synthesis algorithm. The code works as follows: each sender and receiver has their own cartesian authentication code, respectively. Let be the senders’ cartesian authentication code, be the receiver's cartesian authentication code, the synthesis algorithm. is a subkey generation algorithm, where is the key set of the key distribution center. When authenticating a message, the senders and the receiver should comply with the protocol. The key distribution center randomly selects an encoding rule and sends to the th sender secretly, and then he calculates by according to an effective algorithm and secretly sends to the receiver ; if the senders would like to send a source state to the receiver , computes and sends to the synthesizer through an open channel; the synthesizer receives the message and calculates by the synthesis algorithm and then sends message to the receiver , he checks the authenticity by verifying whether or not. If the equality holds, the message is authentic and is accepted. Otherwise, the message is rejected.

We assume that the key distribution center is credible, though he know the senders' and receiver's encoding rules, he will not participate in any communication activities. When transmitters and receiver are disputing, the key distribution center settles it. At the same time, we assume that the system follows Kerckhoff's principle in which except for the actual used keys, the other information of the whole system is public.

In a multisender authentication system, we assume that the whole senders are cooperating to form a valid message; that is, all senders as a whole and receiver are reliable. But there are some malicious senders which they together cheat the receiver, the part of senders and receiver are not credible, they can take impersonation attack and substitution attack. In the whole system, we assume that are senders, is a receiver, is the encoding rules set of the sender , and is the decoding rules set of receiver . If the source state space and the key space of receiver are according to a uniform distribution, then the probability distribution of message space and tag space is determined by the probability distribution of and . Consider , , and . Now, let us consider the attacks from malicious groups of senders. Here, there still are two kinds of attacks.

(i) *The Opponent's Impersonation Attack*. sends a message to receiver. is successful if the receiver accepts it as legitimate message. Denote as the largest probability of some opponent's successful impersonation attack, and it can be expressed as

(ii) *The Opponent's Substitution Attack*. It is the largest probability of some opponent's successful substitution attack, and it can be expressed as
In this paper, we give a construction about multisender authentication code from pseudosymplectic geometry over finite fields.

#### 2. Pseudosymplectic Geometry

Let be the finite field with elements, where is a power of , , and . Let and is a nonalternate symmetric matrix.

The pseudosymplectic group of degree over is defined to be the set of matrices denoted by .

Let be the -dimensional row vector space over . has an action on defined as follows: The vector space together with this group action is called the pseudosymplectic space over the finite field of characteristic 2.

Let be an -dimensional subspace of ; then, is cogredient to one of the following three normal forms: for some such that . We say that is a subspace of type , where , or 2 and or 1, if (i) is cogredient to ;(ii) or according to or , respectively.

Let be an -dimensional subspace of . Denote by the set of vectors which are orthogonal to every vector of ; that is, Obviously, is a -dimensional subspace of .

More properties of pseudosymplectic geometry over finite fields can be found in [7].

In [2], Desmedt et al. gave two constructions for MRA-codes based on polynomials and finite geometries, respectively. There are other constructions of multisender authentication codes which are given in [3–6]. The construction of authentication codes is of combinational design in its nature. We know that the geometry of classical groups over finite fields, including symplectic geometry, pseudosymplectic geometry, unitary geometry, and orthogonal geometry, can provide a better combination of structure and can be easy to count. In this paper, we construct one multisender authentication code from pseudosymplectic geometry over finite fields. The parameters and the probabilities of deceptions of this code are also computed. We realize the generalization and application of the similar idea and method of article [8] from symplectic geometry to pseudosymplectic geometry over finite fields.

#### 3. Construction

Let be a finite field with elements and the row vector in whose th coordinate is 1 and all other coordinates are 0. Assume that . Let ; that is, is an -dimensional subspace of generated by , and then . Consider , ; then, . The set of source states is a subspace of type and ; the set of th sender's encoding rules , ; the set of receiver's decoding rules = is a subspace of type and; the set of th sender's tags is a subspace of type and ; the set of receiver's tags is a subspace of type and .

Define the encoding map , .

The decoding map .

The synthesizing map , where is a nonsingular matrix and is a subspace of type .

The code works as follows.

(1) *Key Distribution*. The key distribution center randomly chooses an and selects a subspace such that , and it selects so that , and is a nonsingular matrix satisfying . The key distribution center randomly secretly sends to the receiver and the senders, respectively, and sends to the synthesizer.

(2) *Broadcast*. If the senders want to send a source state to the receiver , the sender calculates then sends to the synthesizer.

(3) *Synthesis*. After the synthesizer receives , he calculates and then sends to the receiver .

(4) *Verification*. When the receiver receives , he calculates . If , he accepts ; otherwise, he rejects it.

Letthen,

Lemma 1. *Let ; the code is a cartesian authentication code, .*

*Proof. *For any . Because is a subspace of type and , we can assume thatObviously, . Let ; since , has the form as follows:
where is a subspace of type in the pseudosymplectic space . Let ; then,Obviously, . So, is a subspace of type satisfying ; that is, . Furthermore, we know that .

Conversely, for any , let , satisfying . Obviously, . For , letObviously,For being a subspace of type , then is a subspace of type ; that is, . Choose
Let ; then, , and . Therefore, is a surjection. For any , if there exist so that ; then, . However, , and so ; that is, is determined by and .

Lemma 2. *Let ; the code is a cartesian authentication code.*

* Proof. *(1) For any , . From the definition of and , we assume that
Obviously, for any and , ; therefore,
From the above mentioned, is a subspace of type and ; that is, .

(2) For , is a subspace of type and ; so, there is a subspace , satisfying
Then, we can assume that
satisfying
Let
for is a subspace of type and ; that is, is a source state. For any and , is obvious; that is, . Therefore, . Let ; then, is receiver's decoding rule satisfying .

If is another source state contained in , then . Therefore, , while dim , and so ; that is, is the uniquely source state contained in .

From Lemmas 1 and 2, we know that such construction of multisender authentication codes is reasonable, and there are senders in this system. Next, we compute the parameters of this code and the maximum probability of success in impersonation attack and substitution attack by group of senders.

Lemma 3. *Some parameters of this code are
*

*Proof. *Since , has the following form:
where is a subspace of type in the pseudosymplectic space . So, .

For any , we can assume that has the following form:Since is a subspace of type , so and , arbitrarily. Therefore, .

Lemma 4. *(1) For any , the number of containing is ;** (2) The number of the th sender's tag is .*

*Proof. *(1) Considering the transitivity properties of the same subspaces under the pseudosymplectic groups, we may take as follows:If , then we assume thatfrom , we know that , where arbitrarily, and therefore the number of containing is (.

(2) We know that every contains only one source state and the number of containing . Therefore, we have .

Lemma 5. *(1) The number of the receiver's decoding rules is .** (2) For any , the number of which contained is .** (3) The number of the receiver's tag is .*

*Proof. *(1) Let ; has the following form:For being a subspace of type , so and arbitrarily. Therefore,.

(2) Considering the transitivity properties of the same subspaces under the pseudosymplectic groups, we may choose as follows:If , thenwhere and arbitrarily. Therefore, the number of which contained is .

(3) Similar to Lemma 4(2), , , ; .

Without loss of generality, we assume that , , and . Now, let us consider the attacks on from malicious groups of senders.

Lemma 6. *For any , the number of containing is .*

* Proof. *For any , we assume to be as follows:If , then has the following form:where arbitrarily. Therefore, the number of containing is .

Lemma 7. *For any and , the number of which contained in and containing is .*

* Proof. *For any , we assume to be as follows:If , then has the following form:Since , then we assume to be as follows:where and arbitrarily. Therefore, the number of which contained in and containing is .

Lemma 8. *Assume that and are two distinct tags decoded by receiver's key , and and contained in and are two source states, respectively. Let , dim; then, , and the number of which contained in and containing is .*

*Proof. *Since , and , then . For any , , obviously . Assume that is the complementary subspace of in the ; then, . From and , we know that , and , since ; then, , while , and so we have .

From the definition of , we may take , as follows:LetFrom the above mentioned, we know that , and then ; therefore,For any , we can assume thatwhere every row of
is the linear combination of the base of
Therefore, the number of and containing is .

Theorem 9. *In the constructed multisender authentication codes, the largest probabilities of success for impersonation attack and substitution attack from on a receiver are
*

*respectively.*

* Proof. **Impersonation Attack*. , after receiving his secret keys, encodes a message and sends it to receiver. is successful if the receiver accepts it as legitimate message. So,
*Substitution Attack*. replaces with another message , after it observes a legitimate message . is successful if the receiver accepts it as legitimate message. So,

#### Acknowledgments

This work is supported by the NSF of China (61179026) and Fundamental Research of the Central Universities of China Civil Aviation University of Science special (ZXH2012k003).

#### References

- E. N. Gilbert, F. J. MacWilliams, and N. J. A. Sloane, “Codes which detect deception,”
*The Bell System Technical Journal*, vol. 53, pp. 405–424, 1974. View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - Y. Desmedt, Y. Frankel, and M. Yung, “Multi-receiver/multi-sender network security: efficient authenticated multicast/feedback,” in
*Proceedings of the the 11th Annual Conference of the IEEE Computer and Communications Societies (Infocom '92)*, pp. 2045–2054, May 1992. View at Scopus - K. Martin and R. Safavi-Naini, “Multi-sender authentication schemes with unconditional security,” in
*Information and Communications Security*, vol. 1334 of*Lecture Notes in Computer Science*, pp. 130–143, Springer, Berlin, Germany, 1997. View at Publisher · View at Google Scholar - W. Ma and X. Wang, “Several new constructions of multi-trasmitters authentication codes,”
*Acta Electronica Sinica*, vol. 28, no. 4, pp. 117–119, 2000. View at Google Scholar - G. J. Simmons, “Message authentication with arbitration of transmitter/receiver disputes,” in
*Proceedings of the 6th Annual International Conference on Theory and Application of Cryptographic Techniques (Eurcrypt '87)*, vol. 304 of*Lecture Notes in Computer Science*, pp. 151–165, 1987. - C. Shangdi and C. Lizhen, “Two constructions of multi-sender authentication codes with arbitration based linear codes,”
*WSEAS Transactions on Mathematics*, vol. 11, no. 12, 2012. View at Google Scholar - Z. Wan,
*Geometry of Classical Groups over Finite Fields*, Science Press, Beijing, China, 2nd edition, 2002. - C. Shangdi and Z. Dawei, “Two constructions of multireceiver authentication codes from symplectic geometry over finite fields,”
*Ars Combinatoria*, vol. 99, pp. 193–203, 2011. View at Google Scholar · View at MathSciNet