Abstract

Multisender authentication codes allow a group of senders to construct an authenticated message for one receiver such that the receiver can verify authenticity of the received message. In this paper, we construct one multisender authentication code from pseudosymplectic geometry over finite fields. The parameters and the probabilities of deceptions of this code are also computed.

1. Introduction

Multisender authentication code was firstly constructed by Gilbert et al. in [1] in 1974. Multisender authentication system refers to a group of senders that cooperatively send a message to the receiver, and then the receiver should be able to ascertain that the message is authentic. About this case, many scholars had also much researches and had made great contributions to multisender authentication codes [2–6].

In the actual computer network communications, multisender authentication codes include sequential model and simultaneous model. Sequential model is that each sender uses its own encoding message to the receiver, and the receiver receives the message and verifies whether the message is legal or not. Simultaneous model is that all senders use their own encoding rules to encode a source state, and each sender sends the encoded message to the synthesizer, respectively, and then the synthesizer forms an authenticated message and verifies whether the message is legal or not. In this paper, we will adopt the second model.

In a simultaneous model, there are four participants: a group of senders , the keys distribution center, he is responsible for the key distribution to senders and receiver, including solving the disputes between them, a receiver , a synthesizer, he only runs the trusted synthesis algorithm. The code works as follows: each sender and receiver has their own cartesian authentication code, respectively. Let be the senders’ cartesian authentication code,   be the receiver's cartesian authentication code, the synthesis algorithm. is a subkey generation algorithm, where is the key set of the key distribution center. When authenticating a message, the senders and the receiver should comply with the protocol. The key distribution center randomly selects an encoding rule and sends to the th sender secretly, and then he calculates by according to an effective algorithm and secretly sends to the receiver ; if the senders would like to send a source state to the receiver , computes and sends to the synthesizer through an open channel; the synthesizer receives the message and calculates by the synthesis algorithm and then sends message to the receiver , he checks the authenticity by verifying whether or not. If the equality holds, the message is authentic and is accepted. Otherwise, the message is rejected.

We assume that the key distribution center is credible, though he know the senders' and receiver's encoding rules, he will not participate in any communication activities. When transmitters and receiver are disputing, the key distribution center settles it. At the same time, we assume that the system follows Kerckhoff's principle in which except for the actual used keys, the other information of the whole system is public.

In a multisender authentication system, we assume that the whole senders are cooperating to form a valid message; that is, all senders as a whole and receiver are reliable. But there are some malicious senders which they together cheat the receiver, the part of senders and receiver are not credible, they can take impersonation attack and substitution attack. In the whole system, we assume that are senders, is a receiver, is the encoding rules set of the sender , and is the decoding rules set of receiver . If the source state space and the key space of receiver are according to a uniform distribution, then the probability distribution of message space and tag space is determined by the probability distribution of and . Consider , , and . Now, let us consider the attacks from malicious groups of senders. Here, there still are two kinds of attacks.

(i) The Opponent's Impersonation Attack. sends a message to receiver. is successful if the receiver accepts it as legitimate message. Denote as the largest probability of some opponent's successful impersonation attack, and it can be expressed as

(ii) The Opponent's Substitution Attack. It is the largest probability of some opponent's successful substitution attack, and it can be expressed as In this paper, we give a construction about multisender authentication code from pseudosymplectic geometry over finite fields.

2. Pseudosymplectic Geometry

Let be the finite field with elements, where is a power of , , and . Let and is a nonalternate symmetric matrix.

The pseudosymplectic group of degree over is defined to be the set of matrices denoted by .

Let be the -dimensional row vector space over . has an action on defined as follows: The vector space together with this group action is called the pseudosymplectic space over the finite field of characteristic 2.

Let be an -dimensional subspace of ; then, is cogredient to one of the following three normal forms: for some such that . We say that is a subspace of type , where , or 2 and or 1, if (i) is cogredient to ;(ii) or according to or , respectively.

Let be an -dimensional subspace of . Denote by the set of vectors which are orthogonal to every vector of ; that is, Obviously, is a -dimensional subspace of .

More properties of pseudosymplectic geometry over finite fields can be found in [7].

In [2], Desmedt et al. gave two constructions for MRA-codes based on polynomials and finite geometries, respectively. There are other constructions of multisender authentication codes which are given in [3–6]. The construction of authentication codes is of combinational design in its nature. We know that the geometry of classical groups over finite fields, including symplectic geometry, pseudosymplectic geometry, unitary geometry, and orthogonal geometry, can provide a better combination of structure and can be easy to count. In this paper, we construct one multisender authentication code from pseudosymplectic geometry over finite fields. The parameters and the probabilities of deceptions of this code are also computed. We realize the generalization and application of the similar idea and method of article [8] from symplectic geometry to pseudosymplectic geometry over finite fields.

3. Construction

Let be a finite field with elements and the row vector in whose th coordinate is 1 and all other coordinates are 0. Assume that . Let ; that is, is an -dimensional subspace of generated by , and then . Consider , ; then, . The set of source states is a subspace of type and ; the set of th sender's encoding rules , ; the set of receiver's decoding rules = is a subspace of type and; the set of th sender's tags is a subspace of type and ; the set of receiver's tags is a subspace of type and .

Define the encoding map , .

The decoding map .

The synthesizing map , where is a nonsingular matrix and is a subspace of type .

The code works as follows.

(1) Key Distribution. The key distribution center randomly chooses an and selects a subspace such that , and it selects so that , and is a nonsingular matrix satisfying . The key distribution center randomly secretly sends to the receiver and the senders, respectively, and sends to the synthesizer.

(2) Broadcast. If the senders want to send a source state to the receiver , the sender calculates then sends to the synthesizer.

(3) Synthesis. After the synthesizer receives , he calculates and then sends to the receiver .

(4) Verification. When the receiver receives , he calculates . If , he accepts ; otherwise, he rejects it.

Letthen,

Lemma 1. Let ; the code is a cartesian authentication code, .

Proof. For any . Because is a subspace of type and , we can assume thatObviously, . Let ; since , has the form as follows: where is a subspace of type in the pseudosymplectic space . Let ; then,Obviously, . So, is a subspace of type satisfying ; that is, . Furthermore, we know that .
Conversely, for any , let , satisfying . Obviously, . For , letObviously,For being a subspace of type , then is a subspace of type ; that is, . Choose Let ; then, , and . Therefore, is a surjection. For any , if there exist so that ; then, . However, , and so ; that is, is determined by and .

Lemma 2. Let ; the code is a cartesian authentication code.

Proof. (1) For any , . From the definition of and , we assume that Obviously, for any and , ; therefore, From the above mentioned, is a subspace of type and ; that is, .
(2) For , is a subspace of type and ; so, there is a subspace , satisfying Then, we can assume that satisfying Let for is a subspace of type and ; that is, is a source state. For any and , is obvious; that is, . Therefore, . Let ; then, is receiver's decoding rule satisfying .
If is another source state contained in , then . Therefore, , while dim , and so ; that is, is the uniquely source state contained in .
From Lemmas 1 and 2, we know that such construction of multisender authentication codes is reasonable, and there are senders in this system. Next, we compute the parameters of this code and the maximum probability of success in impersonation attack and substitution attack by group of senders.

Lemma 3. Some parameters of this code are

Proof. Since , has the following form: where is a subspace of type in the pseudosymplectic space . So, .
For any , we can assume that has the following form:Since is a subspace of type , so and , arbitrarily. Therefore, .

Lemma 4. (1) For any , the number of containing is ;
(2) The number of the th sender's tag is .