Unconditionally Reliable and Secure Message Transmission in Directed Networks Revisited
Lecture Notes in Computer Science
Consider the following problem: a sender S and a receiver R are part of a directed synchronous network and connected through intermediate nodes. Specifically, there exists n node disjoint paths, also called as wires, which are directed from S to R and u wires, which are directed from R to S. Moreover, the wires from S to R are disjoint from the wires directed from R to S. There exists a centralized, static adversary A static t , who has unbounded computing power and who can control at most t
... es between S and R in Byzantine fashion. S has a message m S , which we wants to send to R. The challenge is to design a protocol, such that after interacting in phases 5 as per the protocol, R should correctly output m R = m S , except with error probability 2 −Ω(κ) , where κ is the error parameter. This problem is called as statistically reliable message transmission (SRMT). The problem of statistically secure message transmission (SSMT) has an additional requirement that at the end of the protocol, m S should be information theoretically secure from A static t . Desmedt et.al [14, 55] have given the necessary and sufficient condition for the existence of SRMT and SSMT protocols in the above settings. They also presented an SSMT protocol, satisfying their characterization. The authors in [14, 55] claimed that their protocol is efficient and has polynomial computational and communication complexity. However, we show that it is not so. That is, we specify an adversary strategy, which may cause the protocol to have exponential computational and communication complexity 6 . We then present 6 This is an extended, modified and elaborate version of  new and efficient SRMT and SSMT protocols, satisfying the characterization of [14, 55] . Finally we show that the our proposed protocols are communication optimal by deriving lower bound on the communication complexity of SRMT and SSMT protocols. As far our knowledge is concerned, our protocols are the first communication optimal SRMT and SSMT protocols in directed networks. Irrespective of the settings in which RMT and SMT are studied, the following issues are common: (i) Possibility: What is the necessary and sufficient condition for the existence of a protocol in a given network? (ii) Feasibility: Once the existence of a protocol is ensured then does there exist a polynomial time efficient protocol on the given network? (iii) Optimality: Given a message of specific length, what is the minimum communication complexity (lower bound) needed by any protocol to transmit the message and how to design a protocol whose total communication complexity matches the lower bound on the communication complexity? In this paper, we study the above issues in the context of statistical RMT and SMT in directed synchronous network. We call statistical RMT and SMT as SRMT and SSMT respectively. We now define SRMT and SSMT. More formal and rigorous definition will appear in section 2. 3 t having unbounded computing power can corrupt up to t wires between S 5 and R (including top and bottom band) in Byzantine fashion. Any protocol in the network operates as a sequence of phases, where a phase is a communication from S to R or vice-versa. Throughout this paper, we use m S to denote the message that S wishes to send to R. The message is assumed to be a sequence of ℓ elements from the finite field F with ℓ ≥ 1. Without loss of generality, we assume that m S is selected uniformly and randomly from F. The size of F is a function of κ which is the error probability of the SRMT and SSMT protocol. Specifically, F = GF (2 κ ) and thus each field element can be represented by O(κ) bits. Moreover, without loss of generality, we assume that n = poly(κ). In our protocols, we assume that the messages sent over any wire are from the right domain. Thus if S (R) is expecting some message in a specific form and if no message arrives then S (R) assumes some pre-defined message in the specified form. Thus we separately do not consider the case when no message or syntactically incorrect message is received along a wire. The phase complexity of any SRMT/SSMT protocol is the total number of phases taken by the protocol. The communication complexity of any SRMT/SSMT protocol is the total number of field elements communicated by S and R in the protocol. The computational complexity of any SRMT/SSMT protocol is the total amount of computation done by S and R in the protocol. Any SRMT/SSMT protocol is called efficient if the phase complexity, computational complexity and communication complexity of the protocol is polynomial in n. Since we measure the size of the message in terms of the number of field elements, we also measure the communication complexity in units of field elements. Let the message to be transmitted be drawn uniformly and randomly from F. We define the View of a node P j , at any point of the execution of a protocol Π to be the information that P j can get from its local input to the protocol (if any), all the messages that P j had earlier sent or received, the protocol code executed by P j and random coins of P j . The View of A static t at any point of the execution of Π is defined as all the information that A static t can get from the Views of all the nodes corrupted by A static t (i.e. all the information that these nodes can commonly compute from their Views). For a message m S ∈ F, any t-active threshold adversary characterized by A static t and any protocol Π, let Γ(A static t , m S , Π) denote the probability distribution on the View of the adversary A static t at the end of the execution of Π. We now give the following definition Definition 2 (SSMT). A protocol Π is said to facilitate statistically secure message transmission (SSMT) between S and R if for any message m S drawn from F and for every adversary A static t , the following conditions are satisfied: ). That is, the two distributions are identical irrespective of the message transmitted. 2. Statistical Reliability: R should receive m S correctly, except with error probability 2 −Ω(κ) , where κ is the error parameter. 6 Definition 3 (SRMT). A protocol Π is said to facilitate statistically reliable message transmission (SRMT) between S and R if it satisfies statistical reliability condition of SSMT. Definition 4 (Communication Optimal SRMT/SSMT Protocol). Let Π be an r (r ≥ 1) phase SRMT (SSMT) protocol which reliably (securely) sends a message m S containing ℓ (ℓ ≥ 1) field elements by communicating O(b) field elements, over a directed network. If the lower bound on the communication complexity of any r phase SRMT (SSMT) protocol to send m S over such a network is Ω(b) field elements, then Π is said to be a communication optimal SRMT (SSMT) protocol to reliably (securely) send m. Existing Literature and Our Contribution As mentioned earlier, SRMT and SSMT in directed network was first studied by Desmedt et.al. Specifically, they gave the following characterization: Theorem 1 ([14, 55]). Suppose there exists u ≤ t wires in the bottom band and n wires in the top band, such that the wires in the top band are disjoint from the wires in the bottom band. Then any SRMT/SSMT protocol tolerating A static t is possible iff n = max (2t − u + 1, t + 1).