删除或更新信息,请邮件至freekaoyan#163.com(#换成@)

A Construction of Multi-Sender Authentication Codes from Eigenvalues and Eigenvectors of the Matrix

本站小编 哈尔滨工业大学/2019-10-24

A Construction of Multi-Sender Authentication Codes from Eigenvalues and Eigenvectors of the Matrix Over Finite Fields

Xiuli Wang, Lina Wang,Yakun Hao

(College of Science, Civil Aviation University of China, Tianjin 300300, China)



Abstract:

We construct one multi-sender authentication code by algebraic combination method from eigenvalues and eigenvectors of the matrix over nite elds. Some parameters and the probabilities of three kinds of successful attack of this code are also computed. For multi-sender authentication code, it allows a group of senders to construct an authenticated message for a receiver such that the receiver can verify authenticity of the received message.

Key words:  multi-sender authentication codes  nonsingular symmetric matrix  eigenvalues  eigenvectors  finite fields

DOI:10.11916/j.issn.1005-9113.17021

Clc Number:WT5”B1〗O157.4; O236.2

Fund:


Xiuli Wang, Lina Wang, Yakun Hao. A Construction of Multi-Sender Authentication Codes from Eigenvalues and Eigenvectors of the Matrix Over Finite Fields[J]. Journal of Harbin Institute of Technology (New Series), 2019, 26(1): 51-60. DOI: 10.11916/j.issn.1005-9113.17021.
Fund Sponsored by the National Natural Science Foundation of China (Grant No. 61179026) and the Fundamental Research of the Central Universities of China Civil Aviation University of Science Special (Grant No. 3122016L005) Corresponding author Xiuli Wang, E-mail: xlwangcauc@163.com Article history Received: 2017-02-16



Contents            Abstract            Full text            Figures/Tables            PDF


A Construction of Multi-Sender Authentication Codes from Eigenvalues and Eigenvectors of the Matrix Over Finite Fields
Xiuli Wang, Lina Wang, Yakun Hao    
College of Science, Civil Aviation University of China, Tianjin 300300, China

Received: 2017-02-16
Fund: Sponsored by the National Natural Science Foundation of China (Grant No. 61179026) and the Fundamental Research of the Central Universities of China Civil Aviation University of Science Special (Grant No. 3122016L005)
Corresponding author: Xiuli Wang, E-mail: xlwangcauc@163.com


Abstract: We construct one multi-sender authentication code by algebraic combination method from eigenvalues and eigenvectors of the matrix over nite elds. Some parameters and the probabilities of three kinds of successful attack of this code are also computed. For multi-sender authentication code, it allows a group of senders to construct an authenticated message for a receiver such that the receiver can verify authenticity of the received message.
Keywords: multi-sender authentication codes    nonsingular symmetric matrix    eigenvalues    eigenvectors    finite fields    
1 Introduction Multi-sender authentication code was given by Gilbert, Macwilliams and Sloane firstly in Ref.[1] in 1974. Multi-sender authentication system refers to that a group of senders cooperatively transmits a message to a receiver, and then the receiver should be able to ascertain that the message is authentic. The results of the study on authentication codes and Multi-sender authentication codes were very fruitful and many scholars made great contributions [2-16].

In the realistic computer network communications, Multi-sender authentication code includes two kinds of models, that is, sequential model and simultaneous model. Sequential model refers to that each sender uses his own encoding rules to encode a source state in order, and the final sender transmits the encoded message to the receiver, the receiver receives the message and identities whether the message is legal or not. Simultaneous model refers to that all senders use their own encoding rules to encode a source state, and each sender transmits the encoded message to the synthesizer respectively, then the synthesizer forms an authenticated message and transmits the authenticated message to the receiver, the receiver receives the message and identifies whether the message is legal or not. In this article, the second model is adopted.

In a simultaneous model, there are four participants: a group of senders U={U1, U2, …, Un}, a receiver R, the keys distribution center and a synthesizer. The keys distribution center is responsible for the key distribution to senders and receiver, including settling the disputes between senders and receiver. The synthesizer only runs the reliable synthesis algorithm. Each sender and receiver have their own Cartesian authentication code respectively. Let (S, Ei, Ti; fi)(i=1, 2, …, n) be the sender's Cartesian authentication code, (S, ER, T; g) be the receiver's Cartesian authentication code, h: T1×T2×…×TnT be the synthesis algorithm, πi: EEi be a subkey generation algorithm, where E is the key set of the key distribution center. When authenticating a message, the senders and the receiver should comply with the agreement: the key distribution center randomly selects an encoding rule eE and transmits ei=πi(e) to the ith sender Ui(1, 2, …, n) secretly, then it computes eR by e according to an efficient algorithm, and secretly transmits eR to the receiver R. If the senders would like to transmit a source state s to the receiver R, Ui computes ti=fi(s, ei) (i=1, 2, …, n) and transmits mi=(s, ti)(i=1, 2, …, n) to the synthesizer through an open channel. The synthesizer receives the message mi=(s, ti)(i=1, 2, …, n) and computes t=h(t1, t2, …, tn) by the synthesis algorithm h, then transmits the message m=(s, t) to the receiver, it checks the authenticity by identifying whether t=g(s, eR) or not. If the equality holds, the message is authentic and is accepted. If not, the message is rejected.

Suppose the key distribution center is reliable, though he knows the senders' and receiver's encoding rules, it will not participate in any communication activities. When senders and receiver are disputing, the key distribution center solves it. At the same time, suppose the system follows the Kerckhoff's principle which excepts the actual used keys, the other information of the whole system is public.

In a Multi-sender authentication system, suppose that the whole senders are cooperated to form a valid message, that is, all senders as a whole and receiver are reliable. But there are some malicious senders, they unite to deceive the receiver, the part of senders and receiver are not reliable, they can take impersonation attack and substitution attack. In the whole system, suppose {U1, U2, …, Un} are senders, R is a receiver, Ei is the encoding rules set of the sender Ui, eR is the decoding rules set of the receiver R. If the source state space S and the key space ER of receiver R conform to a uniform distribution, then the message space M and the tag space T are determined by the probability distribution of S and ER.We denote L={i1, i2, …, il}? {1, 2, …, n}, l < n, UL={Ui1, Ui2, …, Uil}, EL={Ei1, Ei2, …, Eil}. Now study the attacks from malicious groups of transmitters. We consider three kinds of spoofing attack:

1) The opponent's impersonation attack to receiver.UL, after receiving their secret keys, encodes a message and transmits it to receiver. UL is successful if receiver accepts it as legitimate message. Denote PI the largest probability of some opponent's successful impersonation attack to receiver, it can be represented as:

${P_I} = \mathop {\max }\limits_{m \in M} \left\{ {\frac{{\left| {\left\{ {{e_R} \in {E_R}\left| {{e_R} \subset m} \right.} \right\}} \right|}}{{\left| {{E_R}} \right|}}} \right\}$

2) The opponent's substitution attack to the receiver.UL uses another message m′ instead of the message m, after they observe a legitimate message m. UL is successful if the receiver accepts it as a legitimate message, it can be represented as:

${P_S} = \mathop {\max }\limits_{m \in M} \left\{ {\frac{{\mathop {\max }\limits_{m' \ne m \in M} \left| {\left\{ {{e_R} \in {E_R}\left| {{e_R} \subset m,m'} \right.} \right\}} \right|}}{{\left| {\left\{ {{e_R} \in {E_R}\left| {{e_R} \subset m} \right.} \right\}} \right|}}} \right\}$

3) There might be l malicious senders who unite to cheat the receiver, that is, the part of senders and the receiver are not reliable, they can take impersonation attack.

Let L={i1, i2, …, il}?{1, 2, …, n}, l < n, EL={Ei1, Ei2, …, Eil}. Assume UL={Ui1, Ui2, …, Uil}, UL after receiving their secret keys, transmits a message m to the receiver R, UL is successful if the receiver accepts it as a legitimate message. Denote PU(L) the maximum probability of success of the impersonation attack to the receiver. It can be represented as:

${P_U}\left( L \right) = \mathop {\max }\limits_{{e_L} \in {E_{L,}}} \mathop {\max }\limits_{{e_L} \in {e_u}} \left\{ {\frac{{\mathop {\max }\limits_{m \in M} \left| {\left\{ {{e_R} \in {E_R}\left| {{e_R} \subset m} \right.,{\rm{and}}\;p\left( {{e_R},{e_U}} \right) \ne 0} \right\}} \right|}}{{\left| {\left\{ {{e_R} \in {E_R}\left| {\;p\left( {{e_R},{e_U}} \right) \ne 0} \right.} \right\}} \right|}}} \right\}$

2 Preliminary Knowledge 2.1 Definition of Finite Fields and Some Relevant Conclusions Definition 2.1.1??A finite field is a field that contains finite elements.

Theorem 2.1.2??Let Fq be the finite field with q elements, denote Fq* all nonzero elements set of Fq, and Fq* forms a cycle group.

Definition 2.1.3??A generator α of Fq* is called a primitive element of Fq.

Definition 2.1.4??Let α be a primitive element of Fq, then 1, α, α2, …, αn-1 are linearly independent, furthermore, α, α2, …, αn(n < q) are also linearly independent.

Theorem 2.1.5??Let α be a generator of Fq*, and if k is an integer that is relatively prime to m, then αk is also a generator of Fq*.

The above conclusions come from the Ref.[17].

2.2 Eigenvalues and Eigenvectors of a Matrix and the Relevant Properties Definition 2.2.1??Let A be a matrix over Fqn×n, x be a n dimension non-zero column vector over Fq, λFq be a number, if the equation Axx holds, then we call x an eigenvector of A, and call λ an eigenvalue of A corresponding to x.

Theorem 2.2.2??A n×n matrix A is diagonalized if and only if A has n linearly independent eigenvectors.

Theorem 2.2.3??Let A be a n×n diagonalized matrix over Fq, x1, x2, …, xn be n linearly independent unit eigenvectors (column vector) of A, and λ1, λ2, …, λn be corresponding eigenvectors of x1, x2, …, xn respectively. If we have the matrices

$\mathit{\boldsymbol{P}} = \left[ {{x_1},{x_2}, \cdots ,{x_n}} \right]$

$\mathit{\boldsymbol{ \boldsymbol{\varLambda} }} = \left[ {\begin{array}{*{20}{c}}{{\lambda _1}}&0& \cdots &0\\0&{{\lambda _2}}& \cdots &0\\ \vdots&\vdots&\vdots&\vdots \\0&0& \cdots &{{\lambda _n}}\end{array}} \right]$

then the equation A=PΛP-1 holds.

Theorem 2.2.4??A n order invertible symmetrical matrix must be diagonalized.

Lemma 2.2.5??If A is a n×n invertible symmetrical matrix, then the eigenvectors of corresponding different eigenvalues are orthogonal. Making these linearly independent eigenvector which are corresponding multiple eigenvalue of A are orthogonal to each other by Schmidt orthogonal method, and making them unitization again, we get a group of orthogonal unitization eigenvectors ξ1, ξ2, …, ξn. Denote P=[ξ1, ξ2, …, ξn], obviously, P is an orthogonal matrix and the equation A=PΛP-1 holds.

The above conclusions come from the Pef.[18].

Theorem 2.2.6[19]??The number of invertible matrix over Fqn×n is

$\prod\limits_{j = 0}^{n - 1} {\left( {{q^n} - {q^j}} \right)} = {q^{\frac{{n\left( {n - 1} \right)}}{2}}}\prod\limits_{j = 1}^n {\left( {{q^j} - 1} \right)} $

Theorem 2.2.7[18]??If for any n order square matrix A, a n order square matrix P satisfying the equation AP=PA, then P is a n order scalar matrix.

2.3 Related Definition of Authentication Codes Definition 2.3.1[3]??Let S, E and M be nonempty set. Assume f: S×EM is a surjective mapping from S×E to M, if for any given eE, mM, s satisfying f(s, e)=m is uniquely determined by e and m, then we called the tetrad (S, E, M; f) an authentication code.

2.4 Some Definition and Related Properties of Group Theory Definition 2.4.1??Suppose G is a group, H is a subgroup of G, then the number of left (or right) cosets of H in G is called index of H in G, denoted by [G: H].

Theorem 2.4.2??Let G be a finite group. If H is a subgroup of G, then |G|=|H|[G: H].

Definition 2.4.3??Suppose Ω be the object set and the group G effects on Ω, aΩ, then Ωa={g(a)|gG} is called an orbit of Ω under G, a is called representative element of the orbit.

Definition 2.4.4??Let the group G effect on Ω, aΩ, then Ga={g|gG, g(a)=a} is called stable subgroup about the element a, denoted by StabGa.

Theorem 2.4.5??For the group G, the orbit Ωa and the stable subgroup Ga, the orbit formula about them is as follows: |Ωa|=[G: Ga].

The above conclusions come from the Ref.[20].

2.5 Some Definition and Properties of the Matrix Over Finite Fields Definition 2.5.1??Let S be an n×n invertible symmetric matrix over Fq, a n×n invertible symmetric matrix T is called orthogonal with respect to S, if the following equation holds: TSTT=S.

Theorem 2.5.2??A n×n invertible symmetric matrix over Fq is cogredient to one and only one of the following four normal forms:

${\mathit{\boldsymbol{S}}_{2\nu }} = \left[ {\begin{array}{*{20}{c}}0&{{I^{\left( \nu \right)}}}\\{{I^{\left( \nu \right)}}}&0\end{array}} \right]$

${\mathit{\boldsymbol{S}}_{2\nu + 1,1}} = \left[ {\begin{array}{*{20}{c}}0&{{I^{\left( \nu \right)}}}&0\\{{I^{\left( \nu \right)}}}&0&0\\0&0&0\end{array}} \right]$

${\mathit{\boldsymbol{S}}_{2\nu + 1,z}} = \left[ {\begin{array}{*{20}{c}}0&{{I^{\left( \nu \right)}}}&0\\{{I^{\left( \nu \right)}}}&0&0\\0&0&z\end{array}} \right]$

${\mathit{\boldsymbol{S}}_{2\nu + 2}} = \left[ {\begin{array}{*{20}{c}}0&{{I^{\left( \nu \right)}}}&0&0\\{{I^{\left( \nu \right)}}}&0&0&0\\0&0&1&0\\0&0&0&{ - z}\end{array}} \right]$

The above is the corresponding form successively when n=2ν, n=2ν+1, n=2ν+1 and n=2ν+2 respectively. In order to cover the four cases at the same time, we introduce the sign S2ν+δ, Δ, where ν is its index, Δ denotes its definite part, the expression of Δ is as follows:

$\Delta = \left\{ \begin{array}{l}\begin{array}{*{20}{c}}{\phi ,}&{\;\;\;\;\;\;\;\;\;\;\delta = 0}\end{array}\\\begin{array}{*{20}{c}}{\left( 1 \right){\rm{or}}\left( z \right),}&{\delta = 1}\end{array}\\\begin{array}{*{20}{c}}{\left[ {\begin{array}{*{20}{c}}1&0\\0&{ - z}\end{array}} \right],}&{\delta = 2}\end{array}\end{array} \right.$

Theorem 2.5.3??Denote the set of all matrices which is orthogonal with respect to S2ν+δ, Δ over Fq by O2ν+δ, Δ(Fq), then,

${O_{2\nu + \delta ,\Delta \left( {{F_q}} \right)}} = {q^{\nu \left( {\nu + \delta - 1} \right)}}\prod\limits_{i = 1}^\nu {\left( {{q^i} - 1} \right)} \prod\limits_{i = 0}^{\nu + \delta - 1} {\left( {{q^i} + 1} \right)} $

The above conclusions come from the Ref.[19].

3 Construction of the Multi-sender Authentication Code 3.1 Construction of the Multi-sender Authentication Code Let Fq be a finite field of characteristic not 2, with q≥5, A be a nonsingular symmetric matrix over Fqn×n, λ1, λ2, …, λn be eigenvalues of A, ξ1, ξ2, …, ξn be corresponding orthogonal unit eigenvectors, P=[ξ1, ξ2, …, ξn], obviously P is an orthogonal matrix, Λ be a diagonal matrix over Fqn×n, its form is as follows:

$\mathit{\boldsymbol{ \boldsymbol{\varLambda} }} = \left[ {\begin{array}{*{20}{c}}{{\lambda _1}}&0& \cdots &0\\0&{{\lambda _2}}& \cdots &0\\ \vdots&\vdots&\vdots&\vdots \\0&0& \cdots &{{\lambda _n}}\end{array}} \right]$

From Theorem 2.2.5, we know that A=PΛP-1, Λ=P-1AP. Set α is a primitive element of Fq, N={1, 2, …, n}.

The source states set S=Fq*;

The encoding rules set of the senders is EUi={(λ1, i)|λiFq*, iN}(1≤in).

The decoding rules set of the receiver is ER={(P, A, α)|P, AFqn×n, α is a primitive element};

The label set of the sender Ti=Fq*(1≤in);

The label set of the receiver is T=Fq*;

The encoding function of the sender Ui: fi:

$S \times {E_{{U_i}}} \to {T_i},{f_i}\left( {s,{e_{{U_i}}}} \right) = {\lambda _i}{s^i},1 \le i \le n$

The decoding function of the receiver R:

$g:S \times {E_R} \to T$

$\mathit{\boldsymbol{g}}\left( {s,{e_R}} \right) = \left[ {s,{s^2}, \cdots ,{s^n}} \right]{\mathit{\boldsymbol{P}}^{ - 1}}\mathit{\boldsymbol{AP}}\left[ {\begin{array}{*{20}{c}}\alpha \\{{\alpha ^2}}\\ \vdots \\{{\alpha ^n}}\end{array}} \right]$

The Multi-sender authentication code works as follows:

1) Key distribution. The key distribution center randomly generates a n×n nonsingular symmetric matrix A over Fq. He computes n eigenvalues and n corresponding orthogonal unit eigenvectors, and selects a eigenvalue randomly, denoted by λi. If λi is a k- tuples eigenvalue, then it is taken k times at most, and it selects a eigenvector from all these orthogonal unit eigenvectors belonging to λi, denoted by ξi, and it sends privately (λi, i) to the sender Ui(1≤in), it means eUi=(λi, i). After all eUi have been sent, ξ1, ξ2, …, ξn will be defined. When he generates the matrix P=[ξ1, ξ2, …, ξn], he selects a primitive elements α of Fq, and sends (A, P, α) to the receiver R, it means eR=(A, P, α).

2) Broadcast. If the senders would like to transmit a source state sS to the receiver R, then the sender Ui computes ti=fi(s, eUi)=λisi(1≤in) and sends ti to the synthesizer H.

3) Synthesis.After the synthesizer receives t1, t2, …, tn, it computes h(t1, t2, …, tn)=t1α+t2α2+…+tnαn=t and transmits m=(s, t) to the receiver R.

4) Verification. When the receiver R receives m=(s, t), it calculates

$t' = g\left( {s,{e_R}} \right) = \left[ {s,{s^2}, \cdots ,{s^n}} \right]{\mathit{\boldsymbol{P}}^{ - 1}}\mathit{\boldsymbol{AP}}\left[ {\begin{array}{*{20}{c}}\alpha \\{{\alpha ^2}}\\ \vdots \\{{\alpha ^n}}\end{array}} \right]$

If t=t′, it accepts t; If not, it rejects it.

From the definition of these parameters, we know when there is no attack.

$\begin{array}{l}t' = \left[ {s,{s^2}, \cdots ,{s^n}} \right]{\mathit{\boldsymbol{P}}^{ - 1}}\mathit{\boldsymbol{AP}}\left[ {\begin{array}{*{20}{c}}\alpha \\{{\alpha ^2}}\\ \vdots \\{{\alpha ^n}}\end{array}} \right] = \\\left[ {s,{s^2}, \cdots ,{s^n}} \right]\mathit{\boldsymbol{ \boldsymbol{\varLambda} }}\left[ {\begin{array}{*{20}{c}}\alpha \\{{\alpha ^2}}\\ \vdots \\{{\alpha ^n}}\end{array}} \right] = \\\left[ {s,{s^2}, \cdots ,{s^n}} \right]\left[ {\begin{array}{*{20}{c}}{{\lambda _1}}&0& \cdots &0\\0&{{\lambda _2}}& \cdots &0\\ \vdots&\vdots&\vdots&\vdots \\0&0& \cdots &{{\lambda _n}}\end{array}} \right]\left[ {\begin{array}{*{20}{c}}\alpha \\{{\alpha ^2}}\\ \vdots \\{{\alpha ^n}}\end{array}} \right] = \\{\lambda _1}s\alpha + {\lambda _2}{s^2}{\alpha ^2} + \cdots + {\lambda _n}{s^n}{\alpha ^n} = \\{t_1}\alpha + {t_2}{\alpha ^2} + \cdots + {t_n}{\alpha ^n} = t\end{array}$

3.2 The Rationality of the Constructed Authentication Code Lemma 3.2.1??Let Ci=(S, EUi, Ti; fi)(1≤in). Then the code is an A-code for the sender.

Proof??For any eUiEUi, sS, because EUi=(Fq*, N), S=Fq*, so ti=λisiFq*=Ti. For any tiTi=Fq*, because Fq* forms a cyclic group and the primitive element α of Fq is a generator of Fq*, so we can assume ti=αk. We choose eUi=(λi, i)=(αk-i, i)∈(Fq*, N)=EUi, then there is s=α such that fi(s, eUi)=λisi=αk-i·αi=αk=ti holds, so fi is surjective.

If s′∈S is another source state satisfying ti=λisi(1≤in), that is,

$\left[ {s',{{s'}^2}, \cdots ,{{s'}^n}} \right]\left[ {\begin{array}{*{20}{c}}{{\lambda _1}}&0& \cdots &0\\0&{{\lambda _2}}& \cdots &0\\ \vdots&\vdots&\vdots&\vdots \\0&0& \cdots &{{\lambda _n}}\end{array}} \right]\left[ {\begin{array}{*{20}{c}}t\\{{t^2}}\\ \vdots \\{{t^n}}\end{array}} \right]$

then

$\begin{array}{*{20}{c}}{\left[ {s',{{s'}^2}, \cdots ,{{s'}^n}} \right]\left[ {\begin{array}{*{20}{c}}{{\lambda _1}}&0& \cdots &0\\0&{{\lambda _2}}& \cdots &0\\ \vdots&\vdots&\vdots&\vdots \\0&0& \cdots &{{\lambda _n}}\end{array}} \right] = \left[ {\begin{array}{*{20}{c}}t\\{{t^2}}\\ \vdots \\{{t^n}}\end{array}} \right] = }\\{\left[ {s,{s^2}, \cdots ,{s^n}} \right]\left[ {\begin{array}{*{20}{c}}{{\lambda _1}}&0& \cdots &0\\0&{{\lambda _2}}& \cdots &0\\ \vdots&\vdots&\vdots&\vdots \\0&0& \cdots &{{\lambda _n}}\end{array}} \right]}\end{array}$

and

$\left[ {s - s',{s^2} - {{s'}^2}, \cdots ,{s^n} - {{s'}^n}} \right]\left[ {\begin{array}{*{20}{c}}{{\lambda _1}}&0& \cdots &0\\0&{{\lambda _2}}& \cdots &0\\ \vdots&\vdots&\vdots&\vdots \\0&0& \cdots &{{\lambda _n}}\end{array}} \right] = 0$

Because λiFq*, that is, λi≠0, so

$\left[ {\begin{array}{*{20}{c}}{{\lambda _1}}&0& \cdots &0\\0&{{\lambda _2}}& \cdots &0\\ \vdots&\vdots&\vdots&\vdots \\0&0& \cdots &{{\lambda _n}}\end{array}} \right]$

is invertible. Therefore [s-s′, s2-s2, …, sn-sn]=[0, 0, …, 0], then s′=s, that is, s is the unique source state determined by eUi and ti.

In conclusion, Ci(1≤in) is an A-code for the senders.

Lemma 3.2.2??Let C=(S, ER, T; g), then the code is an A-code for the receiver.

Proof??(1) For any sS, eRER, because S=Fq*, ER={(P, A, α)|P, AFqn×n, α is a primitive element}, then

$\begin{array}{l}g\left( {s,{e_R}} \right) = \left[ {s,{s^2}, \cdots ,{s^n}} \right]{\mathit{\boldsymbol{P}}^{ - 1}}\mathit{\boldsymbol{AP}}{\left[ {\alpha ,{\alpha ^2}, \cdots ,{\alpha ^n}} \right]^{\rm{T}}} = \\\;\;\;\;\;\;t \in F_q^ * \end{array}$

otherwise, we suppose

$\left[ {s,{s^2}, \cdots ,{s^n}} \right]{\mathit{\boldsymbol{P}}^{ - 1}}\mathit{\boldsymbol{AP}}{\left[ {\alpha ,{\alpha ^2}, \cdots ,{\alpha ^n}} \right]^{\rm{T}}} = t = 0$

Because α1, α2, …, αn is linearly independent, so [s, s2, …, sn]P-1AP=0, but P-1AP is invertible, so [s, s2, …, sn]=[0, 0, …, 0], that is, s=0, it is a contradiction to sS=Fq*.Meanwhile, for any tT, we choose eRER. Since sS such that g(s, eR)=t holds, then

$\left[ {s,{s^2}, \cdots ,{s^n}} \right]\left[ {\begin{array}{*{20}{c}}{{\lambda _1}}&0& \cdots &0\\0&{{\lambda _2}}& \cdots &0\\ \vdots&\vdots&\vdots&\vdots \\0&0& \cdots &{{\lambda _n}}\end{array}} \right]\left[ {\begin{array}{*{20}{c}}\alpha \\{{\alpha ^2}}\\ \vdots \\{{\alpha ^n}}\end{array}} \right] = t$

It is equivalent to

$\left[ {{\alpha _1},{\alpha _2}, \cdots ,{\alpha _n}} \right]\left[ {\begin{array}{*{20}{c}}{{\lambda _1}}&0& \cdots &0\\0&{{\lambda _2}}& \cdots &0\\ \vdots&\vdots&\vdots&\vdots \\0&0& \cdots &{{\lambda _n}}\end{array}} \right]\left[ {\begin{array}{*{20}{c}}s\\{{s^2}}\\ \vdots \\{{s^n}}\end{array}} \right] = t$

Let x1=s, x2=s2, …, xn=sn be unknown variable, getting the matrix B as follows:

$\mathit{\boldsymbol{B}} = \left[ {{\alpha _1},{\alpha _2}, \cdots ,{\alpha _n}} \right]\left[ {\begin{array}{*{20}{c}}{{\lambda _1}}&0& \cdots &0\\0&{{\lambda _2}}& \cdots &0\\ \vdots&\vdots&\vdots&\vdots \\0&0& \cdots &{{\lambda _n}}\end{array}} \right]$

So getting a system of linear equations in the variables

${x_1},{x_2}, \cdots ,{x_n}:\mathit{\boldsymbol{B}}\left[ {\begin{array}{*{20}{c}}{{x_1}}\\{{x_2}}\\ \vdots \\{{x_n}}\end{array}} \right] = t$

where B is the coefficient matrix of the system of linear equations. Obviously rank(B)=1, B=[B, t] is the augmented matrix the system of linear equations, from the definition of α, λi, t, we know rank(B)=1, that is, rank (B)=rank(B)=1.Therefore, from Theorem 2.2.8, the system of linear equations has solution, that is, there exists s satisfying g(s, eR)=t. So g is surjective.

(2) If s′ is another source state satisfying t=g(s′, eR), so get

$\begin{array}{*{20}{c}}{\left[ {s',{{s'}^2}, \cdots ,{{s'}^n}} \right]\left[ {\begin{array}{*{20}{c}}{{\lambda _1}}&0& \cdots &0\\0&{{\lambda _2}}& \cdots &0\\ \vdots&\vdots&\vdots&\vdots \\0&0& \cdots &{{\lambda _n}}\end{array}} \right]\left[ {\begin{array}{*{20}{c}}\alpha \\{{\alpha ^2}}\\ \vdots \\{{\alpha ^n}}\end{array}} \right] = t = }\\{\left[ {s,{s^2}, \cdots ,{s^n}} \right]\left[ {\begin{array}{*{20}{c}}{{\lambda _1}}&0& \cdots &0\\0&{{\lambda _2}}& \cdots &0\\ \vdots&\vdots&\vdots&\vdots \\0&0& \cdots &{{\lambda _n}}\end{array}} \right]\left[ {\begin{array}{*{20}{c}}\alpha \\{{\alpha ^2}}\\ \vdots \\{{\alpha ^n}}\end{array}} \right]}\\{\left[ {s - s',{s^2} - {{s'}^2}, \cdots ,{s^n} - {{s'}^n}} \right]\left[ {\begin{array}{*{20}{c}}{{\lambda _1}}&0& \cdots &0\\0&{{\lambda _2}}& \cdots &0\\ \vdots&\vdots&\vdots&\vdots \\0&0& \cdots &{{\lambda _n}}\end{array}} \right]\left[ {\begin{array}{*{20}{c}}\alpha \\{{\alpha ^2}}\\ \vdots \\{{\alpha ^n}}\end{array}} \right]{\rm{ = }}0}\\{\left[ {{\alpha _1},{\alpha _2}, \cdots ,{\alpha _n}} \right]\left[ {\begin{array}{*{20}{c}}{{\lambda _1}}&0& \cdots &0\\0&{{\lambda _2}}& \cdots &0\\ \vdots&\vdots&\vdots&\vdots \\0&0& \cdots &{{\lambda _n}}\end{array}} \right]\left[ {\begin{array}{*{20}{c}}{s - s'}\\{{s^2} - {{s'}^2}}\\ \vdots \\{{s^n} - {{s'}^n}}\end{array}} \right] = 0}\end{array}$ (1)

Because α is primitive element, from Theorem 2.1.4, we know that α, α2, …, αn linearly independent. So

$\left[ \begin{array}{c}{\lambda _1}\;\;0\;\; \cdots \;\;0\\0\;\;{\lambda _2}\;\; \cdots \;\;0\\ \vdots \;\;\; \vdots \;\;\; \vdots \;\;\;\;\; \vdots \\0\;\;0\;\; \cdots \;\;{\lambda _n}\end{array} \right]\left[ \begin{array}{l}s - s'\\{s^2} - {{s'}^2}\\ \vdots \\{s^n} - {{s'}^n}\end{array} \right] = 0$

Because λi≠0 1≤in,

$\left[ {\begin{array}{*{20}{c}}{{\lambda _1}}&0& \cdots &0\\0&{{\lambda _2}}& \cdots &0\\ \vdots&\vdots&\vdots&\vdots \\0&0& \cdots &{{\lambda _n}}\end{array}} \right]$

is invertible. Therefore, the above system of the Eq.(1) has only zero solution. Then

$\left[ {s - s',{s^2} - {{s'}^2}, \cdots ,{s^n} - {{s'}^n}} \right]{\rm{ = }}\left[ {0,0, \cdots ,0} \right]$

So s-s′=0, s′=s, that is, s satisfying g(s, eR)=t is the unique determined by eR and t.

In conclusion, the code is an A-code for the receiver.

From Lemmas 3.2.1 and 3.2.2, it can be seen that the construction of this Multi-sender authentication code is reasonable. Next, we will begin to calculate the relevant parameters of constructed Multi-sender authentication code.

3.3 Computation of the Relevant Parameters About the Constructed Authentication Code Lemma 3.3.1??Some relevant parameters of Multi-sender authentication code are as follows:

$\begin{array}{*{20}{c}}{\left| S \right| = q - 1,\left| T \right| = q - 1,\left| {{T_i}} \right| = q - 1}\\{{E_{{U_i}}} = n\left( {q - 1} \right)\left( {1 \le i \le n} \right)}\end{array}$

Proof??From the definitions of S, T, Ti and EUi, these results are obvious.

Theorem 3.3.2??Let A be n×n invertible symmetrical matrix over Fq. If A is cogredient to S2υ+δ, Δ of Theorem 2.5.2, where 2υ+Δ=n, then the number of such A is:

$\mathit{\Theta } = \frac{{{q^{n\left( {n - 1} \right)}}\prod\limits_{j = 1}^n {\left( {{q^j} - 1} \right)} }}{{{q^{v\left( {v + \delta - 1} \right)}}\prod\limits_{i = 1}^v {\left( {{q^i} - 1} \right)} \prod\limits_{i = 0}^{v + \delta - 1} {\left( {{q^i} + 1} \right)} }}$

Proof??Let G be the set of all invertible matrix over Fqn×n. Obviously, (G, ×) is a group, where × is the multiplication with matrix, Ω be the set of all invertible symmetrical matrix over Fqn×n. Choose S2υ+δΩ. We assume that Ω forms an orbit under G, ΩS2υ+δ={T(S2υ+δ, Δ)TG}, where T satisfies T(S)=TSTT. Obviously, T(S) is cogredient to S, then the stable subgroup of S2υ+δ, Δis:

${G_{{S_{2v + \delta ,\Delta }}}} = \left\{ {\mathit{\boldsymbol{T}}\left| {\mathit{\boldsymbol{T}} \in G} \right.,\mathit{\boldsymbol{T}}\left( {{S_{2v + \delta ,\Delta }}} \right) = {S_{2v + \delta ,\Delta }}} \right\}$

T contained in GS2υ+δ, Δ satisfies the equation T(S2υ+δ, Δ)=TS2υ+δ, ΔTT=S2υ+δ, Δ. According to Definition 2.5.1, T is orthogonal with respect to S2υ+δ, Δ, GS2υ+δ, Δ is composed of all T orthogonal with respect to S2υ+δ, Δ. Therefore, from Theorem 2.5.3, we know that

$\begin{array}{l}\left| {{G_{{S_{2v + \delta ,\Delta }}}}} \right| = \left| {{O_{{S_{2v + \delta ,\Delta }}}}\left( {{F_q}} \right)} \right| = \\\;\;\;{q^{v\left( {v + \delta - 1} \right)}}\prod\limits_{i = 1}^v {\left( {{q^i} - 1} \right)} \prod\limits_{i = 0}^{v + \delta - 1} {\left( {{q^i} + 1} \right)} \end{array}$

Therefore, by Theorem 2.4.4 and Theorem 2.4.7, we get

$\left| {{\mathit{\Omega }_{{S_{2v + \delta ,\Delta }}}}} \right| = \left| {G:{G_{{S_{2v + \delta ,\Delta }}}}} \right| = \frac{{\left| G \right|}}{{\left| {{G_{{S_{2v + \delta ,\Delta }}}}} \right|}}$

Because G is the set of all invertible matrices over Fqn×n again, by Theorem 2.2.6, we know $\left| G \right| = {q^{\frac{{n\left( {n - 1} \right)}}{2}}}\prod\limits_{j = 1}^n {\left( {{q^j} - 1} \right)} $. Therefore,

$\begin{array}{l}\left| {{\mathit{\Omega }_{{S_{2v + \delta ,\Delta }}}}} \right| = \frac{{\left| G \right|}}{{\left| {{G_{{S_{2v + \delta ,\Delta }}}}} \right|}} = \\\;\;\;\;\;\;\frac{{{q^{n\left( {n - 1} \right)}}\prod\limits_{j = 1}^n {\left( {{q^j} - 1} \right)} }}{{{q^{v\left( {v + \delta - 1} \right)}}\prod\limits_{i = 1}^v {\left( {{q^i} - 1} \right)} \prod\limits_{i = 0}^{v + \delta - 1} {\left( {{q^i} + 1} \right)} }}\end{array}$

Since ΩS2υ+δ, Δ is made up of all elements A which are cogredient to S2υ+δ, Δ, |ΩS2υ+δ, Δ| is equal to the number of invertible symmetrical matrix over Fqn×n cogredienting to S2υ+δ, Δ, that is,

$\mathit{\Theta } = \frac{{{q^{n\left( {n - 1} \right)}}\prod\limits_{j = 1}^n {\left( {{q^j} - 1} \right)} }}{{{q^{v\left( {v + \delta - 1} \right)}}\prod\limits_{i = 1}^v {\left( {{q^i} - 1} \right)} \prod\limits_{i = 0}^{v + \delta - 1} {\left( {{q^i} + 1} \right)} }}$

Lemma 3.3.3??If α is a primitive element of Fq, then there are φ(n-1) choices for α, where φ(n-1) expresses the number of less than q-1 and relatively prime to q-1.

Proof??Because α is a primitive element of Fq, by Definition 2.1.3, α is a generator of Fq*, the order of α is m, from the properties of generator, m=|Fq*|=q-1. If k is an integer that relatively prime to m, by Theorem 2.1.5, αk is a generator of Fq*, that is, αk is a primitive element of Fq.

When k > m, αk=αk-m and k-m relatively prime to m, the number of generator in Fq* is equal to the number of positive integer less than m and relatively prime with m, because m=q-1. Therefore, there are φ(n-1) choices of α.

Lemma 3.3.4

$\left| {{E_R}} \right| = \mathit{\Theta }\varphi \left( {q - 1} \right)n!\prod\limits_{i = 1}^m {\frac{{{q^{{s_i}\left( {{s_i} - 1} \right)/2}}\prod\limits_{j = 1}^{{s_i}} {\left( {{q^j} - 1} \right)} }}{{{\mathit{\boldsymbol{s}}_i}!}}} $

where Θ is given by Theorem 3.3.2, si means the multiple number of the eigenvalue λi and when ij, λiλj, 1≤i, jm, $\sum\limits_{i = 1}^m {{s_i} = n} $.

Proof??For any given n×n invertible symmetrical matrix A over Fq, it has m eigenvalues λ1, λ2, …, λm and they are different from each other, where λi is si multiple eigenvalues, 1≤imn and $\sum\limits_{i = 1}^m {{s_i} = n} $. Because A is a symmetrical matrix, the eigenvalue λi has si linearly independent eigenvectors. In order to solve the corresponding eigenvectors of λi, need to solve the homogeneous linear equations (λiE-Α)x=0. Since the rank of coefficient matrix λiE-Α is n-si, there are si free variables, the number of solutions of the homogeneous linear equations is equal to the number of invertible matrix, where the order of invertible matrix is si over Fq. By the theorem 2.2.5, the number of such invertible matrix is

$\prod\limits_{j = 0}^{{s_i} - 1} {\left( {{q^{{s_i}}} - {q^j}} \right)} = {q^{{s_i}\left( {{s_i} - 1} \right)/2}}\prod\limits_{j = 1}^{{s_i}} {\left( {{q^j} - 1} \right)} $

Once the basic solutions system of λiE-A is determined, then si linearly independent eigenvectors of λi are also unique determined and these eigenvectors are in order, when these eigenvectors are no order, suppose there are ki possible choices for si eigenvectors, then there is the equation:

${k_i}{s_i}! = {q^{{s_i}\left( {{s_i} - 1} \right)/2}}\prod\limits_{j = 1}^{{s_i}} {\left( {{q^j} - 1} \right)} $

so

${k_i} = \frac{{{q^{{s_i}\left( {{s_i} - 1} \right)/2}}\prod\limits_{j = 1}^{{s_i}} {\left( {{q^j} - 1} \right)} }}{{{s_i}!}}$

By Schmidt orthogonal method, because the results of the orthogonality of the vector group x1, x2, …, xn and the vector group kx1, kx2, …, kxn (k≠0) are the same, so there are

$\frac{{{k_i}}}{{q - 1}} = \frac{{{q^{\frac{{{s_i}\left( {{s_i} - 1} \right)}}{2}}}\prod\limits_{j = 1}^{{s_i}} {\left( {{q^j} - 1} \right)} }}{{\left( {q - 1} \right){s_i}!}}$

choice for si unit eigenvectors of corresponding to λi. Therefore, for any given matrix A, the number of ξ1, ξ2, …, ξn possible choice is

$\prod\limits_{i = 1}^m {\frac{{{k_i}}}{{q - 1}}} = \prod\limits_{i = 1}^m {\frac{{{q^{\frac{{{s_i}\left( {{s_i} - 1} \right)}}{2}}}\prod\limits_{j = 1}^{{s_i}} {\left( {{q^j} - 1} \right)} }}{{\left( {q - 1} \right){s_i}!}}} $

where ξ1, ξ2, …, ξn are no order.

From the construction method of P from the above, every possible choice of P all is a permutation for ξ1, ξ2, …, ξn, therefore, for any given ξ1, ξ2, …, ξn, there are n! possible choice of P. So for any given A, the number of all possible cases of P is

$n!\prod\limits_{i = 1}^m {\frac{{{q^{\frac{{{s_i}\left( {{s_i} - 1} \right)}}{2}}}\prod\limits_{j = 1}^{{s_i}} {\left( {{q^j} - 1} \right)} }}{{\left( {q - 1} \right){s_i}!}}} $

Because eR=(A, P, α), where there are Θ possible cases for A, the number of P is

$n!\prod\limits_{i = 1}^m {\frac{{{q^{\frac{{{s_i}\left( {{s_i} - 1} \right)}}{2}}}\prod\limits_{j = 1}^{{s_i}} {\left( {{q^j} - 1} \right)} }}{{\left( {q - 1} \right){s_i}!}}} $

and there are φ(n-1) choice for α.Therefore, there are

$\mathit{\Theta }n!\prod\limits_{i = 1}^m {\frac{{{q^{\frac{{{s_i}\left( {{s_i} - 1} \right)}}{2}}}\prod\limits_{j = 1}^{{s_i}} {\left( {{q^j} - 1} \right)} }}{{\left( {q - 1} \right){s_i}!}}} $

choice for eR=(A, P, α). That is,

$\left| {{E_R}} \right| = \mathit{\Theta }\varphi \left( {q - 1} \right)n!\prod\limits_{i = 1}^m {\frac{{{q^{\frac{{{s_i}\left( {{s_i} - 1} \right)}}{2}}}\prod\limits_{j = 1}^{{s_i}} {\left( {{q^j} - 1} \right)} }}{{\left( {q - 1} \right){s_i}!}}} $

Lemma 3.3.5??For each mM, the number of eR contained in m is 2φ3(q-1).

Proof??For each

$m\left( {s,t} \right) \in M,{e_R} = \left( {P,A,\alpha } \right) \in {E_R}$

if eR?m, then

$\begin{array}{l}g\left( {s,{e_R}} \right) = \\\;\;\;\left[ {s,{s^2}, \cdots ,{s^n}} \right]{\mathit{\boldsymbol{P}}^{ - 1}}\mathit{\boldsymbol{AP}}{\left[ {\alpha ,{\alpha ^2}, \cdots ,{\alpha ^n}} \right]^{\rm{T}}} = \\\;\;\;\left[ {s,{s^2}, \cdots ,{s^n}} \right]\mathit{\boldsymbol{ \boldsymbol{\varLambda} }}{\left[ {\alpha ,{\alpha ^2}, \cdots ,{\alpha ^n}} \right]^{\rm{T}}} = t\end{array}$

For any α, suppose there is another Λ′ such than [s, s2, …, sn]Λ′[α, α2, …, αn]T=t. We have

$\left[ {s,{s^2}, \cdots ,{s^n}} \right]\left( {\mathit{\boldsymbol{ \boldsymbol{\varLambda} }} - \mathit{\boldsymbol{ \boldsymbol{\varLambda} '}}} \right){\left[ {\alpha ,{\alpha ^2}, \cdots ,{\alpha ^n}} \right]^{\rm{T}}} = 0$

Because α, α2, …, αn are linearly independent, we get [s, s2, …, sn](Λ-Λ′)=0, from [s, s2, …, sn] is arbitrarily, we have Λ-Λ′=0, that is, Λ=Λ′. Therefore, Λ is only determined by α, so the number of α is φ(q-1).

In the following, we will discuss when Λ is determined, the number of A and P satisfying P-1AP. Let G be the set of all invertible matrix over Fqn×n. Obviously, (G, ×) is a group, where "×" is multiplication with matrix. Let Ω be the set of all invertible symmetrical matrix over Fqn×n. We choose AΩ and assume Ω forms an orbit ΩA under the action of G: ΩA={P(A)|PG}, where P(A)=P-1AP, then stable subgroup of A is GA={P|PG, P(A)=A}, P contained in GA satisfies the equation P(A)=P-1AP=A i.e. AP=PA. By Theorem 2.2.7, such P is scalar matrix λE, because PG is an orthogonal matrix, PPT=E. So λ=±1, PE, where E is a n order unit matrix. Then |GA|=2.

From the orbit formula and the Lagrange theorem, we know that |G|=|ΩA|·|GA|. Now because the elements of ΩA taking the form P(A)=P-1AP and P-1AP is only determined by α, for P-1AP, there are φ(q-1) possible cases, that is, |ΩA|=φ(q-1). So |G|=2φ(q-1), that is, there are 2φ(q-1) possible choices for P.

Because |ΩA| is the number of all A turned into diagonal matrix by the similarity transformation P-1AP, therefore, the number of A is φ(q-1) now. So when P-1AP is determined, the number of (A, P) is 2φ2(q-1). In summary, the number of the triple (A, P, α) satisfying the known condition is 2φ3(q-1), that is, the number of eR which is contained in m is 2φ3(q-1).

Lemma 3.3.6??For each m=(s, t)∈M, and m′=(s′, t′)∈m′ with ss′, the number of eR which is contained m and m′ is 2φ2(q-1).

Proof??We assume eR=(P, A, α). If eR?m and eR?m′, then

$\begin{array}{*{20}{c}}{g\left( {s',{e_R}} \right) = \left[ {s',{{s'}^2}, \cdots ,{{s'}^n}} \right]{\mathit{\boldsymbol{P}}^{ - 1}}\mathit{\boldsymbol{AP}}{{\left[ {\alpha ,{\alpha ^2}, \cdots ,{\alpha ^n}} \right]}^{\rm{T}}} = }\\{\left[ {s',{{s'}^2}, \cdots ,{{s'}^n}} \right]\mathit{\boldsymbol{ \boldsymbol{\varLambda} }}{{\left[ {\alpha ,{\alpha ^2}, \cdots ,{\alpha ^n}} \right]}^{\rm{T}}} = t'}\end{array}$

Furthermore, we obtain

$\left[ {s - s',{s^2} - {{s'}^2}, \cdots ,{s^n} - {{s'}^n}} \right]\mathit{\boldsymbol{ \boldsymbol{\varLambda} }}{\left[ {\alpha ,{\alpha ^2}, \cdots ,{\alpha ^n}} \right]^{\rm{T}}} = t - t'$

If t=t′, then t-t′=0. Since α, α2, …, αn is linearly independent,

$\left[ {s - s',{s^2} - {{s'}^2}, \cdots ,{s^n} - {{s'}^n}} \right]\mathit{\boldsymbol{ \boldsymbol{\varLambda} }} = 0$

Because Λ is invertible, we get

$\left[ {s - s',{s^2} - {{s'}^2}, \cdots ,{s^n} - {{s'}^n}} \right] = 0$

so s=s′, it is contradiction with the known conditions. So tt′, t-t′≠0. We obtain

${\left( {t - t'} \right)^{ - 1}}\left\lfloor {\left[ {s - s',{s^2} - {{s'}^2}, \cdots ,{s^n} - {{s'}^n}} \right]\mathit{\boldsymbol{ \boldsymbol{\varLambda} }}{{\left[ {\alpha ,{\alpha ^2}, \cdots ,{\alpha ^n}} \right]}^{\rm{T}}}} \right\rfloor = 1$

For any given m=(s, t), m′=(s′, t′), where s, s′, t and t′ are only determined. From the uniqueness of inverse element over finite fields, Λ[α, α2, …, αn]T is only determined. From the properties of Λ and α, we know that such Λ and α are also only determined respectively. Similar to the proof of Lemma 3.3.5, the number of two-tuple (A, P) is 2φ2(q-1). So the number of eR which is contained m and m′ is 2φ2(q-1).

Lemma 3.3.7??For each eU containing a given eL, the number of eR which is incidence with eU is

$\left| {{E_R}} \right| = \mathit{\Theta }\varphi \left( {q - 1} \right)n!\prod\limits_{i = 1}^m {\frac{{{q^{{s_i}\left( {{s_i} - 1} \right)/2}}\prod\limits_{j = 1}^{{s_i}} {\left( {{q^j} - 1} \right)} }}{{\left( {q - 1} \right){s_i}!}}} $

Proof??From the above construction methods and the properties of eU and eR, we know that for any source state s,

$\left| {{E_R}} \right| = \mathit{\Theta }\varphi \left( {q - 1} \right)n!\prod\limits_{i = 1}^m {\frac{{{q^{{s_i}\left( {{s_i} - 1} \right)/2}}\prod\limits_{j = 1}^{{s_i}} {\left( {{q^j} - 1} \right)} }}{{\left( {q - 1} \right){s_i}!}}} $

Lemma 3.3.8??For each eU containing a given eL, and m=(s, t), the number of eR which is incidence with eU and contained in m is 2φ2(q-1).

Proof??For any sS, eRER, from Lemma 3.3.7, we know that for any given eU, all of eR are incidence with eU Because eR?m, so

$\begin{array}{*{20}{c}}{g\left( {s,{e_R}} \right) = \left[ {s,{s^2}, \cdots ,{s^n}} \right]{\mathit{\boldsymbol{P}}^{ - 1}}\mathit{\boldsymbol{AP}}{{\left[ {\alpha ,{\alpha ^2}, \cdots ,{\alpha ^n}} \right]}^{\rm{T}}} = }\\{\left[ {s,{s^2}, \cdots ,{s^n}} \right]\mathit{\boldsymbol{ \boldsymbol{\varLambda} }}{{\left[ {\alpha ,{\alpha ^2}, \cdots ,{\alpha ^n}} \right]}^{\rm{T}}} = t}\end{array}$

Furthermore, t-1[s, s2, …, sn]Λ[α, α2, …, αn]T=1.

Similar to Lemma 3.3.6, it can be seen that Λ[α, α2, …, αn]T is uniquely determined. Therefore, the number of eR which is incidence with eU and contained in m is 2φ2(q-1).

3.4 Computation of the Attack Probability About the Authentication Code Theorem 3.4.1??In the constructed Multi-sender authentication code, if the senders' encoding rules and the receiver's decoding rules are chosen conforming to a uniform probability distribution, then the largest probabilities of success for different types of spoofing attack respectively are:

${P_I} = \frac{{2{\varphi ^2}\left( {q - 1} \right)}}{{n!\frac{{{q^{n\left( {n - 1} \right)/2}}\prod\limits_{j = 1}^n {\left( {{q^j} - 1} \right)} }}{{{q^{v\left( {v + \delta - 1} \right)}}\prod\limits_{i = 1}^v {\left( {{q^j} - 1} \right)} \prod\limits_{i = 0}^{v + \delta - 1} {\left( {{q^i} + 1} \right)} }}\prod\limits_{i = 1}^m {\frac{{{q^{{s_i}\left( {{s_i} - 1} \right)/2}}\prod\limits_{j = 1}^{{s_i}} {\left( {{q^j} - 1} \right)} }}{{\left( {q - 1} \right){s_i}!}}} }}$

${P_S} = \frac{1}{{\varphi \left( {n - 1} \right)}}$

${P_U}\left( L \right) = \frac{{2\varphi \left( {q - 1} \right)}}{{n!\frac{{{q^{n\left( {n - 1} \right)/2}}\prod\limits_{j = 1}^n {\left( {{q^j} - 1} \right)} }}{{{q^{v\left( {v + \delta - 1} \right)}}\prod\limits_{i = 1}^v {\left( {{q^i} - 1} \right)} \prod\limits_{i = 0}^{v + \delta - 1} {\left( {{q^i} + 1} \right)} }}\prod\limits_{i = 1}^m {\frac{{{q^{{s_i}\left( {{s_i} - 1} \right)/2}}\prod\limits_{j = 1}^{{s_i}} {\left( {{q^j} - 1} \right)} }}{{\left( {q - 1} \right){s_i}!}}} }}$

Proof??By Lemma 3.3.4 and Lemma 3.3.5,

$\begin{array}{*{20}{c}}{{P_I} = \mathop {\max }\limits_{m \in M} \left\{ {\frac{{\left| {\left\{ {{e_R} \in {E_R}\left| {{e_R} \subset m} \right.} \right\}} \right|}}{{\left| {{E_R}} \right|}}} \right\} = \frac{{2{\varphi ^3}\left( {q - 1} \right)}}{{\mathit{\Theta }\varphi \left( {q - 1} \right)n!\prod\limits_{i = 1}^m {\frac{{{q^{{s_i}\left( {{s_i} - 1} \right)/2}}\prod\limits_{j = 1}^{{s_i}} {\left( {{q^j} - 1} \right)} }}{{\left( {q - 1} \right){s_i}!}}} }} = }\\{\frac{{2{\varphi ^2}\left( {q - 1} \right)}}{{n!\frac{{{q^{n\left( {n - 1} \right)/2}}\prod\limits_{j = 1}^n {\left( {{q^j} - 1} \right)} }}{{{q^{v\left( {v + \delta - 1} \right)}}\prod\limits_{i = 1}^v {\left( {{q^i} - 1} \right)} \prod\limits_{i = 0}^{v + \delta - 1} {\left( {{q^i} + 1} \right)} }}\prod\limits_{i = 1}^m {\frac{{{q^{{s_i}\left( {{s_i} - 1} \right)/2}}\prod\limits_{j = 1}^{{s_i}} {\left( {{q^j} - 1} \right)} }}{{\left( {q - 1} \right){s_i}!}}} }}}\end{array}$

By Lemma 3.3.5 and Lemma 3.3.6, we get

${P_S} = \mathop {\max }\limits_{m \in M} \left\{ {\frac{{\mathop {\max }\limits_{m \ne m' \in M} \left| {\left\{ {{e_R} \in {E_R}\left| {{e_R} \subset m,m'} \right.} \right\}} \right|}}{{\left| {\left\{ {{e_R} \in {E_R}\left| {{e_R} \subset m} \right.} \right\}} \right|}}} \right\} = \frac{{2{\varphi ^2}\left( {q - 1} \right)}}{{2{\varphi ^3}\left( {q - 1} \right)}} = \frac{1}{{\varphi \left( {q - 1} \right)}}$

By Lemma 3.3.7 and Lemma 3.3.8, we get

$\begin{array}{l}{P_U}\left( L \right) = \mathop {\max }\limits_{{e_L} \in {E_{L,}}} \mathop {\max }\limits_{{e_L} \in {e_u}} \left\{ {\frac{{\mathop {\max }\limits_{m \in M} \left| {\left\{ {{e_R} \in {E_R}\left| {{e_R} \subset m,} \right.{\rm{and}}\;p\left( {{e_R},{e_U}} \right) \ne 0} \right\}} \right|}}{{\left| {\left\{ {{e_R} \in {E_R}\left| {p\left( {{e_R},{e_U}} \right) \ne 0} \right.} \right\}} \right|}}} \right\} = \frac{{2{\varphi ^2}\left( {q - 1} \right)}}{{\mathit{\Theta }\varphi \left( {q - 1} \right)n!\prod\limits_{i = 1}^m {\frac{{{q^{{s_i}\left( {{s_i} - 1} \right)/2}}\prod\limits_{j = 1}^{{s_i}} {\left( {{q^j} - 1} \right)} }}{{\left( {q - 1} \right){s_i}!}}} }} = \\\frac{{2\varphi \left( {q - 1} \right)}}{{n!\frac{{{q^{n\left( {n - 1} \right)/2}}\prod\limits_{j = 1}^n {\left( {{q^j} - 1} \right)} }}{{{q^{v\left( {v + \delta - 1} \right)}}\prod\limits_{i = 1}^v {\left( {{q^i} - 1} \right)} \prod\limits_{i = 0}^{v + \delta - 1} {\left( {{q^i} + 1} \right)} }}\prod\limits_{i = 1}^m {\frac{{{q^{{s_i}\left( {{s_i} - 1} \right)/2}}\prod\limits_{j = 1}^{{s_i}} {\left( {{q^j} - 1} \right)} }}{{\left( {q - 1} \right){s_i}!}}} }}\end{array}$


References
[1] Gilbert E N, Macwiliams F J, Sloan N J. Codes which detect deception. Bell Labs Technical Journal, 1974, 53(3): 405-424. DOI:10.1002/j.1538-7305.1974.tb02751.x (0)


[2] Desmedt Y, Frankel Y, Yung M. Multer-receiver/Multi-sender network security:Efficient authenticated multicast/feedback. INFOCOM '92. Eleventh Annual Joint Conference of the IEEE Computer and Communications Societies. Piscataway: IEEE, 1992: 2045-2054. DOI:10.1109/INFCOM.1992.263476 (0)


[3] Pei Dingyi. Message Authentication Codes. AnHui: China University of Science and Technology Press, 2009. (0)


[4] Chen Shangdi, Chang Lizhen. Two constructions of Multi-sender authentication codes with arbitration based linear codes. Wseas Transactions on Mathematics, 2012, 11(12): 1103-1113. (0)


[5] Safavi-Naini R, Wang H. New results on multi-receiver authentication codes. Advances in Cryptology-EUROCRYPT'98, International Conference on the Theory and Application of Cryptographic Techniques. 1998, 1403: 527-541. DOI: 10.1007/BFb0054151. (0)


[6] Gao You, Yu Huafeng. Constructions of authenticationn codes with arbitration from alternate matrix over finite fields. Journal of Nature Science of Heilongjiang University, 2015, 29(1): 42-50. (0)


[7] Liu Yanqin, Gao You, Zhang Dake. The construction of A3-code from singular pseudo-symple ctic geometry over finite fields. Wseas Transactions on Mathematics, 2015, 14: 77-86. (0)


[8] Gao You, Wang Gang, He Yifan. A new construction of multisender authentication codes with simultaneous model from singular symplectic geometry over finite fields. Ars Combinatoria, 2015, 118: 95-107. (0)


[9] Chen Shangdi, Zhang Xiaolian, Ma Hao. Two constructions of A3-codes from projective geometry in finite fields. Journal of China Universities of Posts and Telecommunications, 2015, 22(2): 52-59. DOI:10.1016/S1005-8885(15)60639-2 (0)


[10] Chen Shangdi, Zhang Xiaolian. Three constructions of perfect authentication codes from projective geometry over finite fields. Applied Mathematics and Computation, 2015, 253: 308-317. DOI:10.1016/j.amc.2014.12.088 (0)


[11] Chen Shangdi, Chang Lizhen. A construction of multi-receiver authentication codes with dynamic sender from linear codes. Applied Mathematics and Computation, 2016, 129: 227-236. (0)


[12] Chen Shangdi, Song Minjuan. Two new authentication schemes from singular symplectic geometry over finite fields. J. Comb. Math. Comb. Comp., 2014, 88: 169-190. (0)


[13] Chen Shangdi, Zhang Xiaolian, Ma Hao. Construction of authentication codes with double arbiters over symplectic geometry. Acta Mathematics Applicate Sinica (English Series), 2015, 31(4): 1141-1152. DOI:10.1007/s10255-015-0511-3 (0)


[14] Liang Miao, Li Mingchao, Du Beiliang. A construction for t-fold perfect authentication codes with arbitration. Designs, Codes and Cryptography, 2014, 73(3): 781-790. DOI:10.1007/s10623-013-9826-3 (0)


[15] Li Mingchao, Liang Miao, Du Beiliang. A construction of t-fold perfect splitting authentication codes with equal deception probabilities. Cryptography and Communications, 2015, 7(2): 207-215. DOI:10.1007/s12095-014-0107-4 (0)


[16] Liang Miao, Ji Lijun, Zhang Jingcai. Some new classes of 2-fold optimal or perfect splitting authentication codes. Cryptography and Communications, 2017, 9(3): 407-430. DOI:10.1007/s12095-015-0179-9 (0)


[17] Shen Shiyi, Chen Lushen. Theory of Information and Coding. Beijing: Science Press, 2002. (0)


[18] Wang E F, Shi S M. Advanced Algebra. Beijing: Higher Education Press, 2003. (0)


[19] Wan Zhexian. Geometry of Classical Group over Finite Field. Beijing: Science Press, 2002. (0)


[20] Zhang Herui. Modern Algebra Foundation. Beijing: High Education Press, 1978. (0)



相关话题/A Construction Multi-Sender Authentication Codes from Eigenvalues