1 / 33

Coded Modulation and the Arrival of Signcryption

Enhancing Crypto-Primitives with Techniques from Coding Theory NATO Advanced Research Workshop 6-9 Oct. 2008, Veliko Tarnovo, Bulgaria. Coded Modulation and the Arrival of Signcryption. Yuliang Zheng University of North Carolina at Charlotte yzheng@uncc.edu. Outline.

vicky
Download Presentation

Coded Modulation and the Arrival of Signcryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enhancing Crypto-Primitives with Techniques from Coding Theory NATO Advanced Research Workshop6-9 Oct. 2008, Veliko Tarnovo, Bulgaria Coded Modulation and the Arrival of Signcryption Yuliang Zheng University of North Carolina at Charlotte yzheng@uncc.edu

  2. Outline • Exposure to coded modulation • Motivations • Signcryption • Look into the future

  3. Communications system Source Encoder Security (Authen) Security (Encryptor) Error Corr (Encoder) Modulation Channel Source Decoder Security (Authen) Security (Decryptor) Error Corr (Decoder) Demodulation

  4. Prof. Hideki Imai’s Lab,in the late 80’s Source Encoder Security (Authen) Security (Encryptor) Error Corr (Encoder) Modulation Channel Source Decoder Security (Authen) Security (Decryptor) Error Corr (Decoder) Demodulation

  5. Coded modulation--- one of the hottest in 80’s Source Encoder Security (Authen) Security (Encryptor) Error Correcting (encoder) + Modulation Channel Source Decoder Security (Authen) Security (Decryptor) Error Correcting (decoder) + Demodulation

  6. Coded modulation • Combination/Co-design of • error-correcting codes • Multi-level modulation • 2 types • Trellis-coded modulation (TCM) • Gottfried Ungerboeck, • Proposed in1975; Published in IEEE Trans on IT in 1982 • Block-coded modulation (BCM) • Hideki Imai and Shuji Hirakawa • Published in IEEE Trans on IT in 1976

  7. Goals of coded modulation • To transmit data • as fast as possible, and • as reliable (little errors) as possible • To achieve Shannon’s capacity limit:C = B log2(1+S/N) • C: channel capacity (bps) (= max. data transmission rate without error) • B: channel bandwidth (Hz) • S: power of signal (W) • N: power of noise (W)

  8. Challenges • Modulation • Transmission rate can be increased by • Increase the number of waveforms (constellation points) for modulation • However, an enlarged waveform set will also decrease “spacing” between waveforms, resulting in larger chances of errors at receiver • Error-correcting codes • Increasing error-correcting capabilities requires appending more parity bits/symbols, whereby reducing effective transmission rate

  9. Address the challenges • Co-design/integrate multi-level modulation and convolutional error-correcting code • Assign waveforms to code words in such a way that maximizesEuclideandistance between the waveforms that are the most likely to be confused

  10. Ungerboeck’s set partitioning(16QAM constellation mapper)

  11. The end result • Increase transmission rate • while at the same time, reduce errors at receiver • KILL 2 BIRDS IN 1 STONE Error Corr (encoder) Modulation Trellis coded modulation

  12. Importance of coded modulation

  13. Musing on coded modulation • ½ dozen of my fellow PhD students working on coded modulation • Doing Imai Lab’s ritual for 5 years • weekly, long group seminars with students working on a vast array of different projects • Applicable to cryptography ? • Continue to muse after moving to Down Under

  14. Major goals of cryptography • Authenticity • Trusted parties --- symmetric/private key authentication • Untrusted parties --- asymmetric/public key authentication (digital signature, unforgeability) • Confidentiality • Symmetric/private key encryption • Asymmetric/public key encryption • Reduce cost/overhead • Computation (over large integers) • Expansion in length (=communication overhead)

  15. In the paper & ink world:Signature-then-Seal To achieve: authenticity(unforgeability & non-repudiation) To achieve: confidentiality

  16. m sig In the digital world:Signature-then-Encryption • 1. Add Signature • Alice signs a message m using her secret key, i.e. creating sig on m. • 2. Do Encryption • Alice encrypts (m,sig) using AES with k. • Alice creates another data so that Bob can recover k. (Typically, Alice encrypts k using Bob’s public key). m mod exp mod exp m sig k 15/65

  17. Signature-then-Encryption(based on Discrete Logarithm) EXP=3+2.17 encrypted using a private key cipher with k m sig gx used by the receiver to reconstruct k communication overhead

  18. Cost of Signature-then-Encryption

  19. Questions on Efficiency • Can we do better than “signature followed by encryption” ? • For resource-constrained applications • Wireless mobile devices • Smart card applications • Can we learn from other disciplines such as • Communication engineering • Imai-Hirakawa block coded modulation • Ungerboeck trellis coded modulation

  20. Co-design of digital signature and public key encryption ? ? Source Encoder Security (Authen) Security (Encryptor) Error Correcting (encoder) + Modulation Channel ? Source Decoder Security (Authen) Security (Decryptor) Error Correcting (decoder) + Demodulation

  21. Goal: Signcryption (1996) • To achieve both • confidentiality, • authenticity • unforgeability & • non-repudiation • With a significantly smallercomp. & comm. CostCost (signcryption) << Cost (signature) + Cost (encryption)

  22. How to co-design • Focus on discrete logarithm (DL) based schemes: • ElGamal type public key encryption • DSS/Schnorr type digital signature • Notice both use an “ephemeral public key”: gx • Let them share the same ephemeral public key ! • Hide it, as long as it can be recovered by the recipient !

  23. Signcryption -- public & secret parameters • Public to all • p : a large prime • q : a large prime factor of p-1 • g : 0<g<p & with order q mod p • Two 1-way hash functions: • G: {0,1}*→ {0,1}L • H: {0,1}* → Zq • (E,D) : private-key encryption & decryption algorithms • Alice’s keys • : secret key • : public key • Bob’s keys • : secret key • : public key

  24. Signcryption and Unsigncryption m  (c, r, s) (c, r, s)  m • Unsigncryption by Bob • Compute • k=G(T) • m=Dk(c) • Check if r = H(m, ya, yb, T) • Output m if yes, and Reject otherwise • Signcryption by Alice • x ← {1,…,q-1}at random • T = ybx mod p • r = H(m, ya, yb, T) • s = x/(r+xa) mod q • k=G(T) • c=Ek(m) • Output (c, r, s)

  25. Cost ofSigncryption(based on Discrete Logarithm) EXP=1+1.17 encrypted using a private key cipher with k m sig communication overhead

  26. Why 1.17 exponentiations? This can be done in a smart way, costing only 1.17 exponentiations on average ! D. Knuth, Seminumerical Algorithms, Vol. 2 of The Art of Computer Programming, 2nd edition, Addison-Wesley, Exercise 27, Pages 465 & 637.

  27. DL Signcryption v.s. sign-then-encrypt # of multiplications (the smaller the better) |p|=|n|

  28. DL Signcryption v.s. sign-then-encrypt comm. Overhead ((# of bits, the smaller the better)

  29. The end result С един куршум - два заека (With one bullet - two rabbits)

  30. Other developments • Extensions: pairing, factorization, …… • Add “bells and whistles” • Multi-recipients, proxy, blind, threshold, ring, ID based, …… • Authenticated encryption (Authencryption) • Co-design of shared key authentication and encryption

  31. Beyond coded modulationand signcryption ? • There is no crypto equivalent of “Shannon’s capacity limit” • Good ? Or Bad ? Signcryption Source Encoder Error Correcting (encoder) + Modulation Channel Unsigncryption Source Decoder Error Correcting (decoder) + Demodulation

  32. Много благодаря ! Thank you !

More Related