Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Characterizing positive-rate key-cast (and multicast network coding) with eavesdropping nodes

Michael Langberg, Michelle Effros

TL;DR

The paper addresses positive-rate secure dissemination of a secret key across a network under node-eavesdropping, introducing combinatorial characterizations based on protected cut-vertices and alternating paths. It proposes padding-based scalar-linear schemes and proves closures: secure multicast is possible iff every separating cut-vertex is protected, and secure key-cast is possible iff a source subset can be combined via Protocol 2 to form a key $K$ that remains secret from non-terminals. These results provide structural criteria and constructive protocols for secure key distribution over network codes, with implications for cryptographic key dissemination and distributed security. The work also identifies open problems in rate optimization and generalizing to broader eavesdropping models.

Abstract

In multi-source multi-terminal key-dissemination, here called ``key-cast,'' introduced by the authors in [ITW2022], network nodes hold independent random bits, and one seeks a communication scheme that allows all terminal nodes to share a secret key K. The work at hand addresses positive (albeit, arbitrarily small) rate key-cast under the security requirement that no single non-terminal network node can gain information about the shared key K; this scenario is useful in cryptographic settings. Specifically, key-dissemination protocols based on secure multicast network coding are designed. The analysis presented yields two combinatorial characterizations. In each, we assume a network in which an eavesdropper may access any individual network node. The first characterization captures all networks that support positive-rate secure multicast; computing the secure-multicast capacity in the setting studied is a known open problem. The second characterizes all networks that support positive-rate secure key-cast.

Characterizing positive-rate key-cast (and multicast network coding) with eavesdropping nodes

TL;DR

The paper addresses positive-rate secure dissemination of a secret key across a network under node-eavesdropping, introducing combinatorial characterizations based on protected cut-vertices and alternating paths. It proposes padding-based scalar-linear schemes and proves closures: secure multicast is possible iff every separating cut-vertex is protected, and secure key-cast is possible iff a source subset can be combined via Protocol 2 to form a key that remains secret from non-terminals. These results provide structural criteria and constructive protocols for secure key distribution over network codes, with implications for cryptographic key dissemination and distributed security. The work also identifies open problems in rate optimization and generalizing to broader eavesdropping models.

Abstract

In multi-source multi-terminal key-dissemination, here called ``key-cast,'' introduced by the authors in [ITW2022], network nodes hold independent random bits, and one seeks a communication scheme that allows all terminal nodes to share a secret key K. The work at hand addresses positive (albeit, arbitrarily small) rate key-cast under the security requirement that no single non-terminal network node can gain information about the shared key K; this scenario is useful in cryptographic settings. Specifically, key-dissemination protocols based on secure multicast network coding are designed. The analysis presented yields two combinatorial characterizations. In each, we assume a network in which an eavesdropper may access any individual network node. The first characterization captures all networks that support positive-rate secure multicast; computing the secure-multicast capacity in the setting studied is a known open problem. The second characterizes all networks that support positive-rate secure key-cast.
Paper Structure (16 sections, 6 theorems, 9 equations, 8 figures)

This paper contains 16 sections, 6 theorems, 9 equations, 8 figures.

Table of Contents

  1. Introduction
  2. Model
  3. Answering Question \ref{['q:intro']}
  4. Preliminary notation and definitions ($D=\{d\}$)
  5. Statement of main theorem for Section \ref{['sec:key']}
  6. The "padding" protocol
  7. Proof of Theorem \ref{['the:q1']}
  8. Multiple terminals
  9. Answering Question \ref{['q:intro2']}
  10. Modified protocol for unprotected $(s,d)$ pairs
  11. Statement of main theorem for Section \ref{['sec:key']}
  12. Preliminary definitions and claims
  13. Proof of Theorem \ref{['the:q1c']}
  14. Conclusions and open problems
  15. Multiple terminal setting ($|D|>1$)
  16. ...and 1 more sections

Key Result

Theorem 3.1

Let ${{\cal I}}=(G,(S_m=\{s\},S_r=V),D=\{d\},\hbox{$\cal{B}$})$ with $\hbox{$\cal{B}$}=\{\beta_v \mid v \in V \setminus (D \cup \{s\}), \beta_v=\text{In-edges}(v)\}$. Then ${{\cal I}}$ has secure-multicast rate $R_{\tt sec}>0$ according to Definition def:secure_mul if and only if every cut vertex $u

Figures (8)

  • Figure 1: A number of examples corresponding to Questions \ref{['q:intro']} and \ref{['q:intro2']} highlighting the major ideas used in our combinatorial characterization of networks that allow positive-rate secure multicast (Section \ref{['sec:main1']}) and those allowing positive-rate secure key-cast (Section \ref{['sec:key']}).
  • Figure 2: A depiction of an alternating path $P^{({\tt alt})}(s,d)$ (Definition \ref{['def:alternating']}) and a protected cut vertex $u$ separating $s$ and $d$ (Definition \ref{['def:protected2']}). The path $P^{({\tt alt})}(s,d)$ is given in bold and collider vertices $y_1,\dots,y_4$ on $P^{({\tt alt})}(s,d)$ are colored in green. Notice that all colliders are in $\text{In-nodes}(u)$. The two large ovals represent the graph vertices that are reachable from $s$.
  • Figure 3: Depiction of Protocol \ref{['def:protocol']} and Claim \ref{['claim:padding']} for the case $\ell=4$. The alternating path $P^{({\tt alt})}(s,d)$ is in bold. Vertices $x_1,\dots,x_4$ generate independent random bits $a_1,\dots,a_4$ (in red) respectively. The colliders $y_1,\dots,y_4$ (in green) along $P^{({\tt alt})}(s,d)$ mask the information traversing $u$. Node $u$ is able to compute the linear combination $m+\alpha+a_\ell$ and does not gain any information about $m$. The two large ovals represent the graph vertices that are reachable from $s$.
  • Figure 4: Depiction of the paths $P_{i,1}, P_{i,2}$ (in black), $R_{i,1}, R_{i,2}$ (in green) and $S_i$ (in red) from the proof of Theorem \ref{['the:q1']}. In case (a), $P_{i,1}$ includes the vertex $y_{i,1}\in \text{In-nodes}(u_i)$. In case (b), $S_i$ intersects the paths $P_{i,1}$ or $P_{i,2}$ (or both). In case (c), $S_i$ does not intersect the paths $P_{i,1}$ or $P_{i,2}$.
  • Figure 5: An example for the achievability of Theorem \ref{['the:q1']} in which $c=1$. The two large ovals represent the graph vertices that are reachable from $s$.
  • ...and 3 more figures

Theorems & Definitions (25)

  • Definition 2.1: Secure key-cast feasibility
  • Definition 2.2: Secure-multicast feasibility
  • Definition 3.1: Cut vertex
  • Definition 3.2: Alternating path
  • Definition 3.3: Protected cut vertices
  • Theorem 3.1
  • Claim 3.1
  • proof
  • proof
  • Lemma 3.1
  • ...and 15 more