1 / 73

Fighting Byzantine Adversaries in Networks: Network Error-Correcting Codes

Fighting Byzantine Adversaries in Networks: Network Error-Correcting Codes. Sidharth Jaggi. Michelle Effros Michael Langberg Tracey Ho. Sachin Katti Muriel Médard Dina Katabi. Obligatory Example/History. s. [ACLY00]. [ACLY00] Characterization Non-constructive. b 1. b 2. E V

genna
Download Presentation

Fighting Byzantine Adversaries in Networks: Network Error-Correcting Codes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Fighting Byzantine Adversaries in Networks: Network Error-Correcting Codes Sidharth Jaggi Michelle Effros Michael Langberg Tracey Ho Sachin Katti Muriel Médard Dina Katabi

  2. Obligatory Example/History s [ACLY00] [ACLY00] Characterization Non-constructive b1 b2 E V E R B E T T E R C=2 [LYC03], [KM02] Constructive (linear) Exp-time design b1 b2 [JCJ03], [SET03] Poly-time design Centralized design b1 b1 b2 [HKMKE03], [JCJ03]Decentralized design b1+b2 . . . b1 b1 b1+b2 b1+b2 Tons of work t1 t2 [This work]All the above, plus security (b1,b2) b1 (b1,b2) [SET03] Gap provably exists

  3. Multicast Network Model ALL of Alice’s information decodable EXACTLY by EACH Bob Wireless Wired Network = Hypergraph Simplifying assumptions • All links unit capacity • (1 packet/transmission) [GDPHE04],[LME04] – No intereference • Acyclic network

  4. Multicast Networks Webcasting P2P networks Sensor networks

  5. Multicast Network Model 2 ALL of Alice’s information decodable EXACTLY by EACH Bob 2 3 Upper bound for multicast capacity C, C ≤ min{Ci} [ACLY00] With mixing, C = min{Ci} achievable! [LCY02],[KM01],[JCJ03],[HKMKE03] Simple (linear) distributed codes suffice!

  6. Mixing F(2m)-linear network [KM01] b1 b2 bm Source:- Group together m bits, Every node:- Perform linear combinations over finite field F(2m) X1 β1 X2 β2 Generalization: The X are length n vectors over F(2m) βk Xk

  7. Problem! Corrupted links Eavesdropped links Attacked links

  8. Setup Eureka Who knows what Stage • Scheme A B C • Network C • Message A C • Code C • Bad links C • Coin A • Transmit B C • Decode B Eavesdropped links ZI Attacked links ZO Privacy

  9. Result(s) First codes • Optimal rates (C-2ZO,C-ZO) • Poly-time • Distributed • Unknown topology • End-to-end • Rateless • Information theoretically secure • Information theoretically private • Wired/wireless [HLKMEK04],[JLHE05],[CY06],[CJL06],[GP06]

  10. Error Correcting Codes T Y X Y=TX+E Generator matrix Low-weight vector (Reed-Solomon Code) E

  11. Error Correcting Codes T Y X Y=TX+E =TX+TZZ TZ Network transform matrices Low-weight vector Unknown Z

  12. When stuck… • Useful abstraction/ • building block “ε-rate secret uncorrupted channels” • Existing model • ([GP06],[CJL06]) • We improve!

  13. Example 6 secret hashes of X C=3 n-length vectors scalars non-linear ZO=1 4n known 3n known 4n+6 known 4n unknown 4n+6 unknown R = C - Zo X3=X1+X2 Redundancy added at source 2 3 1 Solve for

  14. Example 6 secret hashes of X C=3 Invertible with high probability ZO=1 4n+6 known 4n+6 unknown X3=X1+X2 Z=(0 z(2) z(3)… z(n))

  15. Thm 1,Proof T R = C - Zo Theorem 1: Rate C-ZO-ε achievable with ZI={E}, ε-rate secret uncorrupted channel Improves on [GP06/Avalanche] (Decentralized) and [CJL06] (optimal) packets CxC identity matrix n>>C [HKMKE03]

  16. Thm 1,Proof T Theorem 1: Rate C-ZO-ε achievable with ZI={E}, ε-rate secret uncorrupted channel TZ CxC matrix Invertible w.h.p.

  17. Thm 2 Theorem 2: Rate C-2ZO-ε achievable with ZI={E}

  18. Example revisited nZO nZO R = C – Zo - redundancy R = C – Zo R = C – 2Zo X3=X1+X2 2 3 1 1 3 1 1 Z=(0 z(2) z(3)… z(n)) Z=(0 0 0… 0) n more constraints added on X Tight (ECC, [CY06]) DX=0

  19. Thm 2,“Proof” R = C - 2Zo Theorem 2: Rate C-2ZO-ε achievable with ZI={E} nZO extra constraints D chosen uniformly at random, known to Alice, Bob and Calvin

  20. Thm 2,“Proof” Theorem 2: Rate C-2ZO-ε achievable with ZI={E} non-linear linear May not be Basis change Invertible T’’ ? D of appropriate dimensions crucial Disjoint

  21. Thm 3,Proof Theorem 3: Rate C-ZO-ε achievable, with ZI+2ZO<C Theorem 4, etc: ZI<C-2ZO ZI<R Algorithm 2 rate Information-theoretic Privacy Eavesdropping rate Using algorithm 2 for small header, can transmit secret, correct information… … which can be used for algorithm 1 decoding!

  22. Summary Optimal rates Poly-time Distributed Unknown topology End-to-end Rateless Information theoretically secure/private Wired/wireless

  23. Backup slides

  24. Network Coding “Justification” R. Ahlswede, N. Cai, S.-Y. R. Li and R. W. Yeung, "Network information flow," IEEE Trans. on Information Theory, vol. 46, pp. 1204-1216, 2000. • http://tesla.csl.uiuc.edu/~koetter/NWC/Bibliography.html ≈ 200 papers in 3 years • NetCod Workshops, DIMACS working group, ISIT 2005 - 4+ sessions, tutorials, … • Several patents, theses…

  25. But what IS Network Coding? “The core notion of network coding is to allow and encourage mixing of data at intermediate network nodes.” (Network Coding homepage)

  26. Point-to-point flows Min-cut Max-flow (Menger’s) Theorem [M27] Ford-Fulkerson Algorithm [FF62] C t s

  27. Multicasting Webcasting t1 t2 s1 Network P2P networks s|S| t|T| Sensor networks

  28. Justifications revisited - I s Throughput b1 b2 b1 b2 b1 b1+b2 b1 ? b2 b1 b1 b1+b2 b1+b2 t1 t2 [ACLY00] (b1,b2) b1 (b1,b2)

  29. Gap Without Coding s [JSCEEJT05] . . . . . . Coding capacity = h Routing capacity≤2

  30. Multicasting Upper bound for multicast capacity C, C ≤ min{Ci} t1 [ACLY00] - achievable! C1 [LYC02] - linear codes suffice!! C2 t2 [KM01] - “finite field” linear codes suffice!!! s Network C|T| t|T|

  31. Multicasting F(2m)-linear network [KM01] b1 b2 bm Source:- Group together `m’ bits, Every node:- Perform linear combinations over finite field F(2m) β1 β2 βk

  32. Multicasting Upper bound for multicast capacity C, C ≤ min{Ci} t1 [ACLY00] - achievable! C1 [LYC02] - linear codes suffice!! C2 t2 [KM01] - “finite field” linear codes suffice!!! s Network [JCJ03],[SET03] - polynomial time code design!!!! C|T| t|T|

  33. Thms: Deterministic Codes For m ≥ log(|T|), exists an F(2m)-linear network which can be designed in O(|E||T|C(C+|T|)) time. [JCJ03],[SET03] [JCJ03],[LL03] Exist networks for which minimum m≈0.5(log(|T|))

  34. Justifications revisited - II s Robustness/Distributed design One link breaks t1 t2

  35. Justifications revisited - II s Robustness/Distributed design b1 b2 b1 b2 b1+b2 b1+2b2 b1 b2 (Finite field arithmetic) b1+b2 b1+b2 b1+2b2 t1 t2 (b1,b2) (b1,b2)

  36. Thm: Random Robust Codes t1 C1 C = min{Ci} C2 t2 Original Network s C|T| t|T|

  37. Thm: Random Robust Codes t1 C1' C' = min{Ci'} C2' t2 Faulty Network s If value of C' known to s, same code can achieve C' rate! (interior nodes oblivious) C|T|' t|T|

  38. Thm: Random Robust Codes m sufficiently large, rate R<C Choose random [ß] at each node b1 b2 bm  ’ b’1 b’2 b’m Probability over [ß] that code works >1-|E||T|2-m(C-R)+|V|  ’’ [JCJ03] [HKMKE03] (different notions of linearity) b’’1 b’’2 b’’m Much “sparser” linear operations (O(m) instead of O(m2)) [JCE06] Decentralized design Vs. prob of error - necessary evil?

  39. Zero-error Decentralized Codes No a priori network topological information available - information can only be percolated down links Desired - zero-error code design One additional resource - each node vi has a unique ID number i (GPS coordinates/IP address/…) Need to use yet other types of linear codes [JHE06?]

  40. Inter-relationships between notions of linearity M Multicast G General Global Local I/O ≠ Local I/O = a Acyclic A Algebraic B Block C Convolutional Does not exist Є epsilon rate loss [JEHM04] B G G G Є G M a G M M a a G ? M a A C M a M a G

  41. Justifications revisited - III s Security Evil adversary hiding in network eavesdropping, injecting false information [JLHE05],[JLHKM06?] t1 t2

  42. Greater throughput Robust against random errors . . . Aha! Network Coding!!!

  43. ? ? ?

  44. ? ? ? Yvonne1 . . . ? ? ? Xavier Yvonne|T| Zorba

  45. Setup Eureka Who knows what Stage • Scheme X Y Z • Network Z • Message X Z • Code Z • Bad links Z • Coin X • Transmit Y Z • Decode Y Wired Wireless (packet losses, fading) Eavesdropped links ZI Attacked links ZO

  46. Setup ? C ? ? Yvonne1 ? ? ? MO Xavier Yvonne|T| Zorba Xavier and Yvonnes share no resources (private key, randomness) Distributed design (interior nodes oblivious/overlay to network coding) Zorba (hidden) knows network; Xavier and Yvonnes don’t Zorba sees MI links ZI, controls MO links ZO pI=MI/C, pO=MO/C Zorba computationally unbounded; Xavier and Yvonnes -- “simple” computations Zorba knows protocols and already knows almost all of Xavier’s message (except Xavier’s private coin tosses) Goal: Transmit at “high” rate and w.h.p. decode correctly

  47. Background • Noisy channel models (Shannon,…) • Binary Symmetric Channel 1 C (Capacity) H(p) 0 1 0 0.5 1 p (“Noise parameter”)

More Related