Journal of Applied Mathematics

Volume 2014, Article ID 102301, 7 pages

http://dx.doi.org/10.1155/2014/102301

## A Construction of Multisender Authentication Codes with Sequential Model from Symplectic Geometry over Finite Fields

^{1}College of Science, Civil Aviation University of China, Tianjin 300300, China^{2}Information Security Center, Beijing University of Posts and Telecommunications, P.O. Box 126, Beijing 100876, China

Received 26 August 2013; Revised 26 December 2013; Accepted 5 January 2014; Published 30 April 2014

Academic Editor: Francesco Pellicano

Copyright © 2014 Shangdi Chen and Chunli Yang. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

#### Abstract

Multisender authentication codes allow a group of senders to construct an authenticated message for a receiver such that the receiver can verify authenticity of the received message. In this paper, we construct multisender authentication codes with sequential model from symplectic geometry over finite fields, and the parameters and the maximum probabilities of deceptions are also calculated.

#### 1. Introduction

Information security consists of confidentiality and authentication. Confidentiality is to prevent the confidential information from decrypting by adversary. The purpose of authentication is to ensure the sender is real and to verify that the information is integrated. Digital signature and authentication codes are two important means of authenticating the information and provide good service in the network. In practical, digital signature is computationally secure assuming that the computing power of adversary is limited and a mathematical problem is intractable and complex. However, authentication codes are generally safe (unconditional secure) and relatively simple. In the 1940s, C. E. Shannon first put forward the concept of perfect secrecy authentication system using the information theory. In the 1980s, information theory method had been applied to the problem of authentication by G. J. Simmons; then authentication codes became the foundation for constructing unconditionally secure authentication system. In 1974, Gilbert et al. constructed the first authentication code [1], which is a landmark in the development of authentication theory. During the same period, Simmons independently studied the authentication theory and established three participants and four participants certification models [2]. The famous mathematician Wan Zhexian constructed an authentication code without arbitration from the subspace of the classical geometry [3]. In the case of transmitter and receiver being not honest, Ma et al. constructed a series of authentication codes with arbitration [4–9]. Xing et al. constructed authentication codes using algebraic curve and nonlinear functions, respectively [10, 11]. Safavi-Naini and Wang gave some results on multireceiver authentication codes [12]. Chen et al. made great contributions on multisender authentication codes from polynomials and matrices [13–19].

With the rapid development of information science, the traditional one-to-one authentication codes have been unable to meet the requirements of network communication, thus making the study of multiuser authentication codes particularly important. Multiuser authentication code is a generalization of traditional two-user authentication code. It can be divided into two cases: one is a sender and many receivers authentication codes; the other one is many senders and a receiver authentication codes. We call the former as multireceiver authentication codes and the latter as multisender authentication codes. Safavi-Naini R gave some results on multireceiver authentication codes using the subspace of the classical geometry, while there are only some multisender authentication codes using polynomials and matrices to construct. We present the first construction multisender authentication code using the subspace of the classical geometry, specifically symplectic geometry.

The main contribution of our paper is constructing a multi-sender authentication code using symplectic geometry. Furthermore, we calculate the corresponding parameters and the maximum probabilities of deceptions.

The paper is organised as follows. Section 2 gives the models of multisender authentication codes. In Section 3, we provide the calculation formulas on probability of success in attacks by malicious groups of senders. In Section 4, we give some definitions and properties on geometry of symplectic groups over finite fields. In Section 5, a construction of multisender authentication codes with sequential model from symplectic geometry over finite fields is given; then the parameters and the maximum probabilities of deceptions are also calculated. We give a comparison with the other construction of multisender authentication [19] in Section 6.

#### 2. Models of Multisender Authentication Codes

We review the concepts of authentication codes which can be extracted from [20].

*Definition 1 (see [20]). *A systematic Cartesian authentication code is a -tuple , where is the set of source states, is the set of keys, is the set of authenticators, and is the authentication mapping. The message space is the set of all possible messages.

In the actual computer network communications, multisender authentication codes include sequential models and simultaneous models. Sequential models are that each sender uses his own encoding rules to encode a source state orderly, and the last sender sends the encoded message to the receiver; then the receiver receives the message and verifies whether the message is legal or not. Simultaneous models are that all senders use their own encoding rules to encode a source state simultaneously; then the synthesizer forms an authenticated message and sends it to the receiver; the receiver receives the message and verifies whether the message is legal or not.

In the following we will give out the working principles of two modes of multisender authentication codes and the protocols that the participants should follow.

*Definition 2 (see [17]). *In sequential model, there are three participants: a group of senders ; a Key Distribution Center (KDC), for the distribution keys to senders and receiver; a receiver who receives the authenticated message and verifies the message true or not. The code works as follows: each sender and receiver has their own Cartesian authentication code, respectively. It is used to generate part of the message and verify authenticity of the received message. Sender’s authentication codes are called branch authentication codes, and receiver’s authentication code is called channel authentication code. Let , , be the th sender’s Cartesian authentication codes, and let , , be the receiver’s Cartesian authentication code, and let , be a subkey generation algorithm. For authenticating a message, the senders and the receiver should comply with protocols:(1)KDC randomly selects an and secretly sends it to the receiver and sends to the th sender , ;(2)if the senders would like to send a source state to the receiver , calculates and then sends to through an open channel; receives and calculates and then sends to through an open channel. In general, receives and calculates and then sends to through an open channel, . receives and calculates and then sends through an open channel to the receiver ;(3)when the receiver receives the message , he checks the authenticity by verifying whether or not. If the equality holds, the message is regarded as authentic and is accepted. Otherwise, the message is rejected.

*Definition 3 (see [17]). *In simultaneous model of a multisender authentication code, there are four participants: a group of senders ; a Key Distribution Center (KDC), for the distribution keys to senders and receiver; a synthesizer who only runs the trusted synthesis algorithm; a receiver who receives the authenticated message and verifies the message true or not. The code works as follows: each sender and receiver has their own Cartesian authentication code, respectively. It is used to generate part of the message and verify the received message. Sender’s authentication codes are called branch authentication codes, and receiver’s authentication code is called channel authentication code. Let , , be the sender’s Cartesian authentication codes, let be the receiver’s Cartesian authentication code, let be the synthesis algorithm, and let be a subkey generation algorithm. For authenticating a message, the senders and the receiver should comply with protocols:(1)KDC randomly selects a encoding rule and secretly sends it to the receiver and sends to the th sender ;(2)if the senders would like to send a source state to the receiver , computes , , and sends to the synthesizer through an open channel;(3)the synthesizer receives the messages , , and calculates using the synthesis algorithm ; then sends message to the receiver ;(4)when the receiver receives the message , he checks the authenticity by verifying whether or not. If the equality holds, the message is regarded as authentic and is accepted. Otherwise, the message is rejected.

#### 3. Probabilities of Deceptions

We assume that the arbitrator (KDC) and the synthesizer (C) are credible; though they know the senders’ and receiver’s encoding rules, they do not participate in any communication activities. When transmitter and receiver are disputing, the arbitrator settles it. At the same time, assume that the system follows Kerckhoff’s principle which the other information of the whole system is public except the actual used keys. Assume that the source state space and the receiver’s decoding rules space are according to a uniform probability distribution; then the probability distribution of message space and tag space is determined by the probability distribution of and . In a multisender authentication system, assume that the whole senders cooperate to form a valid message; that is, all senders as a whole and receiver are reliable. But there are some malicious senders which they together cheat the receiver; the part of senders and receiver are not credible; they can take impersonation attack and substitution attack.

Assume that are senders, is a receiver, and is the encoding rules of , . is the decoding rules of receiver . , , , .

*Impersonation Attack*. , after receiving their secret keys, sends a message to receiver. is successful if the receiver accepts it as legitimate message. Denote as the maximum probability of success of the impersonation attack. It can be expressed as

*Substitution Attack*. , after observing a legitimate message, substitutes it with another message . is successful if is accepted by receiver as authentic. Denote as the maximum probability of success of the substitution attack. It can be expressed as

#### 4. Symplectic Geometry

In this section, we give some definitions and properties on geometry of symplectic groups over finite fields, which can be extracted from [20].

Let be a finite field with elements, and define the alternate matrix The symplectic group of degree over , denoted by , is defined to be the set of matrices with matrix multiplication as its group operation. Let be the -dimensional row vector space over . has an action on defined as follows: The vector space together with this action of is called the symplectic space over .

Let be an -dimensional subspace of . We use the same latter to denote a matrix representation of ; that is, is an matrix of rank such that its rows form a basis of . The is alternate. Assume that it is of rank ; then is called a subspace of type . It is known that subspaces of type exist in if and only if It is also known that subspaces of the same type form an orbit under . Denote by the number of subspaces of type in .

Denote by the set of vectors which are orthogonal to every vector of ; that is, Obviously, is a -dimensional subspace of .

Readers can refer to [15] for notations and terminology, which are not explained, on symplectic geometry of classical groups over finite fields.

#### 5. Construction

Let be a finite field with elements. Assume that . ; then . Let ; then . The set of source states is a subspace of type and ; the set of th sender’s encoding rules is a subspace of type , and , ; the set of receiver’s decoding rules is a subspace of type and ; the set of tags is a subspace of type and , .

Define the encoding maps:

Define the decoding map:

This code works as follows.(1)*Key Distribution*. First, the KDC does a list of senders; assume that . Then, the KDC randomly chooses a subspace and privately sends to the receiver . Last, the KDC randomly chooses a subspace and , then privately sends to the th sender, .(2)*Broadcast*. For a source state , the sender calculates and sends to . The sender calculates and sends to . Finally, the sender calculates and sends to the receiver .(3)*Verification*. Since the receiver holds the decoding rule , accepts as authentic if . Otherwise, it is rejected by .

Lemma 4. *Let , , ; then , , are all Cartesian authentication codes.*

*Proof. *First, we show that is a Cartesian authentication code.

(1) For . Let
From the definition of and , we can assume that
Obviously, we have for any and . Therefore,
From above, is a subspace of type and ; that is, .

(2) For , is a subspace of type containing . So there is subspace , satisfying
Then, we can assume that , satisfying
Let ; then is a subspace of type and ; that is, is a source state. For any and , we have and . Therefore, . Let ; then is a transmitter’s encoding rule satisfying .

If is another source state contained in , then . Therefore, , while , so . That is, is the uniquely source state contained in .

Similarly, we can show that and are also Cartesian authentication code.

From Lemma 4, we know that such construction of multisender authentication codes is reasonable. Next we compute the parameters of this code.

Lemma 5. *The number of the source states is .*

*Proof. *For any , since , has the form
where is a subspace of type in the symplectic space . Therefore, the number of the source states is .

Lemma 6. *The number of the th sender’s encoding rules is .*

*Proof. *For any , is a subspace of type containing and is orthogonal to . So we can assume that , where . Obviously, , , and arbitrarily. Therefore, .

Lemma 7. *The number of the receiver’s decoding rules is .*

*Proof. *For any , since is a subspace of type containing , has the form
where , are arbitrary matrices. Therefore, .

Lemma 8. *(1) The number of decoding rules contained in is ;**(2) the number of the tags is .*

*Proof. *(1) For any , is a subspace of type and . We assume that has the form
If , then we can assume that
where are arbitrary matrices. Therefore, the number of contained in is .

(2) We know that a tag contains only one source state and the number of decoding rules contained in is . Therefore, we have .

Theorem 9. *The parameters of the above constructed multisender authentication code are
*

*Without loss of generality, we can assume that , , where .*

*Lemma 10. For any , the number of containing is . *

*Proof. *For any , we can assume that
If , then has the form
where , are arbitrary matrices. Therefore, the number of containing is .

*Lemma 11. For any and , the number of contained in and containing is .*

*Proof. *For any , is a subspace of type and . We assume that has the form
If , assume that has the formIf and , thenwhere , are arbitrary matrices. Therefore, the number of contained in and containing is .

*Lemma 12. Assume that and are two distinct tags which are decoded by receiver’s decoding rule . and contained in and , respectively. Let , ; then ; the number of contained in and containing is .*

*Proof. *Since , and , then . And for any , , therefore, . Assume that is the complementary subspace of in the ; then . Because of , and , , we know , and . Since , then , while , so .

From the definition of the and , we assume that

Let
And from above we know that ; then ; therefore,
For any , we assume that
If and , then has the form
So, every row of is the linear combination of . Therefore, the number of contained in and containing is .

*Theorem 13. In the constructed multi-sender authentication codes, the maximum probabilities of success for impersonation attack and substitution attack from on the receiver are
*

*Proof. *(1)* Impersonation Attack*. , after receiving their secret keys, sends a message to . is successful if the receiver accepts it as authentic. Therefore,

(2)* Substitution Attack*. , after observing a message that is transmitted by the sender, replaces with another message . is successful if is accepted by as authentic. Therefore,

*6. The Advantage of the Constructed Authentication Code*

*6. The Advantage of the Constructed Authentication Code*

*The security of an authentication code could be measured by the maximum probabilities of deceptions. The smaller the probability of successful attack, the higher the security of the authentication codes. Now let us compare the security of our constructed authentication code with the known one [19].*

*The constructed authentication code in [19] is also a multisender authentication code from symplectic geometry over finite fields, but which is in simultaneous model. If we choose the parameters , , , and with , , and , from Table 1 we see that the maximum probabilities of deceptions of our construction are smaller than the construction in [19]. Therefore, compared with the construction in [19], our construction is more efficient.*

*Conflict of Interests*

*Conflict of Interests*

*The authors declare that there is no conflict of interests regarding the publication of this paper.*

*Acknowledgments*

*Acknowledgments*

*The Project is sponsored by the National Natural Science Foundation of China (no. 61179026) and the Fundamental Research Funds of the Central Universities (no. 3122013 K001).*

*References*

*References*

- E. N. Gilbert, F. J. MacWilliams, and N. J. A. Sloane, “Codes which detect deception,”
*The Bell System Technical Journal*, vol. 53, pp. 405–424, 1974. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - G. J. Simmons, “Message authentication with arbitration of transmitter/receiver disputes,” in
*Proceedings of the 6th Annual International Conference on Theory and Application of Cryptographic Techniques (Eurocrypt '87)*, vol. 304, pp. 151–165, 1988. - Z. X. Wan, “Construction of cartesian authentication codes from unitary geometry,”
*Designs, Codes and Cryptography*, vol. 2, no. 4, pp. 333–356, 1992. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - W. P. Ma and X. M. Wang, “A construction of authentication codes with arbitration based on symplectic spaces,”
*Chinese Journal of Computers*, vol. 22, no. 9, pp. 949–952, 1999. View at Google Scholar · View at MathSciNet - G. You, S. Xinhua, and W. Hongli, “Construction of authentication codes with arbitration from symplectic geometry over finite fields,”
*Acta Scientiarum Naturalium Universitatis Nankaiensis*, vol. 41, no. 6, pp. 72–77, 2008. View at Google Scholar - S. Chen and D. Zhao, “New construction of authentication codes with arbitration from pseudo-symplectic geometry over finite fields,”
*Ars Combinatoria*, vol. 97, pp. 453–465, 2010. View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - S. Chen and D. Zhao, “Two constructions of optimal Cartesian authentication codes from unitary geometry over finite fields,”
*Acta Mathematicae Applicatae Sinica*, vol. 29, no. 4, pp. 829–836, 2013. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - S. Chen and D. Zhao, “Construction of multi-receiver multi-fold authentication codes from singular symplectic geometry over finite fields,”
*Algebra Colloquium*, vol. 20, no. 4, pp. 701–710, 2013. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - L. Ruihu and L. Zunxian, “Construction of
*A*^{2}-codes from symplectic geometry,”*Journal of Shanxi Normal University*, vol. 26, no. 4, pp. 10–15, 1998. View at Google Scholar - C. Xing, H. Wang, and K.-Y. Lam, “Constructions of authentication codes from algebraic curves over finite fields,”
*IEEE Transactions on Information Theory*, vol. 46, no. 3, pp. 886–892, 2000. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - C. Carlet, C. Ding, and H. Niederreiter, “Authentication schemes from highly nonlinear functions,”
*Designs, Codes and Cryptography*, vol. 40, no. 1, pp. 71–79, 2006. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - R. Safavi-Naini and H. Wang, “Multireceiver authentication codes: models, bounds, constructions, and extensions,”
*Information and Computation*, vol. 151, no. 1-2, pp. 148–172, 1999. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - S. Chen and D. Zhao, “Construction of multi-receiver multi-fold authentication codes from singular symplectic geometry over finite fields,”
*Algebra Colloquium*, vol. 20, no. 4, pp. 701–710, 2013. View at Publisher · View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - S. Chen and D. Zhao, “Two constructions of multireceiver authentication codes from symplectic geometry over finite fields,”
*Ars Combinatoria*, vol. 99, pp. 193–203, 2011. View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - Y. Desmedt, Y. Frankel, and M. Yung, “Multi-receiver/multi-sender network security: efficient authenticated multicast/feedback,” in
*Proceedings of the the 11th Annual Conference of the IEEE Computer and Communications Societies*, vol. 3, pp. 2045–2054, May 1992. View at Scopus - Q. Yingchun and Z. Tong, “Multiple authentication Code with multi-transmitter and its constructions,”
*Journal of Zhongzhou University*, vol. 20, no. 1, pp. 118–120, 2003. View at Google Scholar - M. Wen-Ping and W. Xin-Mei, “Several new constructions on multitransmitters authentication codes,”
*Acta Electronica Sinica*, vol. 28, no. 4, pp. 117–119, 2000. View at Google Scholar - D. Qingling and L. Shuwang, “Bounds and construction for multi-sender authentication code,”
*Computer Engineering and Applications*, vol. 10, pp. 9–10, 2004. View at Google Scholar - S. Chen and C. Yang, “A new construction of multisender authentication codes from symplectic geometry over finite fields,”
*Ars Combinatoria*, vol. 106, pp. 353–366, 2012. View at Google Scholar · View at Zentralblatt MATH · View at MathSciNet - Z. Wan,
*Geometry of Classical Groups over Finite Fields*, Science Press, Beijing, China, 2nd edition, 2002.

*
*