Hindawi Publishing Corporation
Journal of Applied Mathematics
Volume 2013, Article ID 602539, 10 pages
http://dx.doi.org/10.1155/2013/602539
Research Article
A New Construction of Multisender Authentication Codes from
Pseudosymplectic Geometry over Finite Fields
Xiuli Wang
College of Science, Civil Aviation University of China, Tianjin 300300, China
Correspondence should be addressed to Xiuli Wang; xlwang@cauc.edu.cn
Received 7 December 2012; Accepted 20 February 2013
Academic Editor: Song Cen
Copyright © 2013 Xiuli Wang. This is an open access article distributed under the Creative Commons Attribution License, which
permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Multisender authentication codes allow a group of senders to construct an authenticated message for one receiver such that the
receiver can verify authenticity of the received message. In this paper, we construct one multisender authentication code from
pseudosymplectic geometry over finite fields. The parameters and the probabilities of deceptions of this code are also computed.
1. Introduction
Multisender authentication code was firstly constructed by
Gilbert et al. in [1] in 1974. Multisender authentication system
refers to a group of senders that cooperatively send a message
to the receiver, and then the receiver should be able to
ascertain that the message is authentic. About this case,
many scholars had also much researches and had made great
contributions to multisender authentication codes [2–6].
In the actual computer network communications, multisender authentication codes include sequential model and
simultaneous model. Sequential model is that each sender
uses its own encoding message to the receiver, and the
receiver receives the message and verifies whether the message is legal or not. Simultaneous model is that all senders
use their own encoding rules to encode a source state, and
each sender sends the encoded message to the synthesizer,
respectively, and then the synthesizer forms an authenticated
message and verifies whether the message is legal or not. In
this paper, we will adopt the second model.
In a simultaneous model, there are four participants: a
group of senders 𝑃 = {𝑃1 , 𝑃2 , . . . , 𝑃𝑛 }, the keys distribution
center, he is responsible for the key distribution to senders
and receiver, including solving the disputes between them,
a receiver 𝑅, a synthesizer, he only runs the trusted synthesis algorithm. The code works as follows: each sender
and receiver has their own cartesian authentication code,
respectively. Let (𝑆, 𝐸𝑖 , 𝑇𝑖 ; 𝑓𝑖 ) (𝑖 = 1, 2, . . . , 𝑛) be the senders’
cartesian authentication code, (𝑆, 𝐸𝑅 , 𝑇; 𝑔) be the receiver’s
cartesian authentication code, ℎ : 𝑇1 × 𝑇2 × ⋅ ⋅ ⋅ × 𝑇𝑛 → 𝑇
the synthesis algorithm. 𝜋𝑖 : 𝐸 → 𝐸𝑖 is a subkey generation
algorithm, where 𝐸 is the key set of the key distribution center.
When authenticating a message, the senders and the receiver
should comply with the protocol. The key distribution center
randomly selects an encoding rule 𝑒 ∈ 𝐸 and sends 𝑒𝑖 = 𝜋𝑖 (𝑒)
to the 𝑖th sender 𝑃𝑖 (𝑖 = 1, 2, . . . , 𝑛) secretly, and then he
calculates 𝑒𝑅 by 𝑒 according to an effective algorithm and
secretly sends 𝑒𝑅 to the receiver 𝑅; if the senders would
like to send a source state 𝑠 to the receiver 𝑅, 𝑃𝑖 computes
𝑡𝑖 = 𝑓𝑖 (𝑠, 𝑒𝑖 ) (𝑖 = 1, 2, . . . , 𝑛) and sends 𝑚𝑖 = (𝑠, 𝑡𝑖 ) (𝑖 =
1, 2, . . . , 𝑛) to the synthesizer through an open channel; the
synthesizer receives the message 𝑚𝑖 = (𝑠, 𝑡𝑖 ) (𝑖 = 1, 2, . . . , 𝑛)
and calculates 𝑡 = ℎ(𝑡1 , 𝑡2 , . . . , 𝑡𝑛 ) by the synthesis algorithm ℎ
and then sends message 𝑚 = (𝑠, 𝑡) to the receiver 𝑅, he checks
the authenticity by verifying whether 𝑡 = 𝑔(𝑠, 𝑒𝑅 ) or not. If
the equality holds, the message is authentic and is accepted.
Otherwise, the message is rejected.
We assume that the key distribution center is credible,
though he know the senders’ and receiver’s encoding rules,
he will not participate in any communication activities. When
transmitters and receiver are disputing, the key distribution
center settles it. At the same time, we assume that the system
follows Kerckhoff ’s principle in which except for the actual
2
Journal of Applied Mathematics
used keys, the other information of the whole system is
public.
In a multisender authentication system, we assume that
the whole senders are cooperating to form a valid message;
that is, all senders as a whole and receiver are reliable.
But there are some malicious senders which they together
cheat the receiver, the part of senders and receiver are not
credible, they can take impersonation attack and substitution
attack. In the whole system, we assume that {𝑃1 , 𝑃2 , . . . , 𝑃𝑛 }
are senders, 𝑅 is a receiver, 𝐸𝑖 is the encoding rules set of
the sender 𝑃𝑖 , and 𝐸𝑅 is the decoding rules set of receiver
𝑅. If the source state space 𝑆 and the key space 𝐸𝑅 of
receiver 𝑅 are according to a uniform distribution, then the
probability distribution of message space 𝑀 and tag space
𝑇 is determined by the probability distribution of 𝑆 and 𝐸𝑅 .
Consider 𝐿 = {𝑖1 , 𝑖2 , . . . , 𝑖𝑙 } ⊂ {1, 2, . . . , 𝑛}, 𝑙 < 𝑛, 𝑃𝐿 =
{𝑝1 , 𝑝2 , . . . , 𝑝𝑙 }, and 𝐸𝐿 = {𝐸𝑝1 , 𝐸𝑝2 , . . . , 𝐸𝑝𝑙 }. Now, let us
consider the attacks from malicious groups of senders. Here,
there still are two kinds of attacks.
(i) The Opponent’s Impersonation Attack. 𝑃𝐿 sends a
message 𝑚 to receiver. 𝑃𝐿 is successful if the receiver accepts it
as legitimate message. Denote 𝑃𝐼 (𝐿) as the largest probability
of some opponent’s successful impersonation attack, and it
can be expressed as
𝑃𝐼 (𝐿) = max max 𝑃 (𝑚 is accepted by
𝑒𝐿 ∈𝐸𝐿 𝑚∈𝑀
𝑅
).
𝑒𝐿
(1)
(ii) The Opponent’s Substitution Attack. It is the largest
probability of some opponent’s successful substitution attack,
and it can be expressed as
𝑅
).
𝑃𝑆 (𝐿) = max max 󸀠max 𝑃 (𝑚 is accepted by
𝑒𝐿 ∈𝐸𝐿 𝑚∈𝑀 𝑚 ≠ 𝑚∈𝑀
𝑚, 𝑒𝐿
(2)
󸀠
In this paper, we give a construction about multisender
authentication code from pseudosymplectic geometry over
finite fields.
2. Pseudosymplectic Geometry
Let 𝐹𝑞 be the finite field with 𝑞 elements, where 𝑞 is a power
of 2, 𝑛 = 2] + 𝛿, and 𝛿 = 1, 2. Let
0 𝐼(])
𝐾 = ( (])
),
𝐼
0
𝐾
𝑆1 = (
𝐾
𝑆2 = ( 0 1) ,
1 1
),
1
(3)
and 𝑆𝛿 is a (2] + 𝛿) × (2] + 𝛿) nonalternate symmetric matrix.
The pseudosymplectic group of degree (2] + 𝛿) over 𝐹𝑞 is
defined to be the set of matrices 𝑃𝑠2]+𝛿 (𝐹𝑞 ) = {𝑇 | 𝑇𝑆𝛿 𝑡 𝑇 =
𝑆𝛿 } denoted by 𝑃𝑠2]+𝛿 (𝐹𝑞 ).
Let 𝐹𝑞(2]+𝛿) be the (2] + 𝛿)-dimensional row vector space
over 𝐹𝑞 . 𝑃𝑠2]+𝛿 (𝐹𝑞 ) has an action on 𝐹𝑞(2]+𝛿) defined as follows:
𝐹𝑞(2]+𝛿) × 𝑃𝑠2]+𝛿 (𝐹𝑞 ) 󳨀→ 𝐹𝑞(2]+𝛿) ,
((𝑥1 , 𝑥2 , . . . , 𝑥2]+𝛿 ) , 𝑇) 󳨀→ (𝑥1 , 𝑥2 , . . . , 𝑥2]+𝛿 ) 𝑇.
(4)
The vector space 𝐹𝑞(2]+𝛿) together with this group action is
called the pseudosymplectic space over the finite field 𝐹𝑞 of
characteristic 2.
Let 𝑃 be an 𝑚-dimensional subspace of 𝐹𝑞(2]+𝛿) ; then,
𝑃𝑆𝛿 𝑡 𝑃 is cogredient to one of the following three normal
forms:
0 𝐼(𝑠)
𝑀 (𝑚, 2𝑠, 𝑠) = (𝐼(𝑠) 0
𝑀 (𝑚, 2𝑠 + 1, 𝑠) = (
𝑀 (𝑚, 2𝑠 + 2, 𝑠) = (
0 𝐼(𝑠)
𝐼(𝑠) 0
0 𝐼(𝑠)
𝐼(𝑠) 0
0(𝑚−2𝑠)
1
0 1
1 1
),
),
(𝑚−2𝑠−1)
0
(5)
),
0(𝑚−2𝑠−2)
for some 𝑠 such that 0 ≤ 𝑠 ≤ [𝑚/2]. We say that 𝑃 is a subspace
of type (𝑚, 2𝑠 + 𝜏, 𝑠, 𝜖), where 𝜏 = 0, 1, or 2 and 𝜖 = 0 or 1, if
(i) 𝑃𝑆𝛿 𝑡 𝑃 is cogredient to 𝑀(𝑚, 2𝑠 + 𝜏, 𝑠);
(ii) 𝑒2]+1 ∉ 𝑃 or 𝑒2]+1 ∈ 𝑃 according to 𝜖 = 0 or 𝜖 = 1,
respectively.
Let 𝑃 be an 𝑚-dimensional subspace of 𝐹𝑞(2]+𝛿) . Denote by
𝑃⊥ the set of vectors which are orthogonal to every vector of
𝑃; that is,
𝑃⊥ = {𝑦 ∈ 𝐹𝑞(2]+𝛿) | 𝑦𝑆𝛿 𝑡 𝑥 = 0 ∀𝑥 ∈ 𝑃} .
(6)
Obviously, 𝑃⊥ is a (2] + 𝛿 − 𝑚)-dimensional subspace of
𝐹𝑞(2]+𝛿) .
More properties of pseudosymplectic geometry over
finite fields can be found in [7].
In [2], Desmedt et al. gave two constructions for MRAcodes based on polynomials and finite geometries, respectively. There are other constructions of multisender authentication codes which are given in [3–6]. The construction
of authentication codes is of combinational design in its
nature. We know that the geometry of classical groups over
finite fields, including symplectic geometry, pseudosymplectic geometry, unitary geometry, and orthogonal geometry,
can provide a better combination of structure and can be easy
to count. In this paper, we construct one multisender authentication code from pseudosymplectic geometry over finite
fields. The parameters and the probabilities of deceptions of
Journal of Applied Mathematics
3
this code are also computed. We realize the generalization
and application of the similar idea and method of article
[8] from symplectic geometry to pseudosymplectic geometry
over finite fields.
3. Construction
Let F𝑞 be a finite field with 𝑞 elements and 𝑒𝑖 (1 ≤ 𝑖 ≤
2] + 2) the row vector in F𝑞(2]+2) whose 𝑖th coordinate is
1 and all other coordinates are 0. Assume that 2 < 𝑛 +
1 < 𝑟 < ]. Let 𝑈 = ⟨𝑒1 , 𝑒2 , . . . , 𝑒𝑛 ⟩; that is, 𝑈 is an
𝑛-dimensional subspace of F𝑞(2]+2) generated by 𝑒1 , 𝑒2 , . . . , 𝑒𝑛 ,
and then 𝑈⊥ = ⟨𝑒1 , . . . , 𝑒] , 𝑒]+𝑛+1 , . . . , 𝑒2]+2 ⟩. Consider 𝑊𝑖 =
⟨𝑒1 , . . . , 𝑒𝑖−1 , 𝑒𝑖+1 , . . . , 𝑒𝑛 ⟩, 1 ≤ 𝑖 ≤ 𝑛; then, 𝑊𝑖 ⊥ =
⟨𝑒1 , . . . , 𝑒] , 𝑒]+𝑖 , 𝑒]+𝑛+1 , . . . , 𝑒2]+2 ⟩. The set of source states 𝑆 =
{𝑠 | 𝑠 is a subspace of type (2𝑟 − 𝑛 + 1, 2(𝑟 − 𝑛), 𝑟 − 𝑛, 1)
and 𝑈 ⊂ 𝑠 ⊂ 𝑈⊥ }; the set of 𝑖th sender’s encoding rules
𝐸𝑃𝑖 = {𝑒𝑃𝑖 | 𝑒𝑃𝑖 is a subspace of type (𝑛 + 1, 0, 0, 0) and 𝑈 ⊂
𝑒𝑃𝑖 , 𝑒𝑃𝑖 ⊥ 𝑊𝑖 }, 1 ≤ 𝑖 ≤ 𝑛; the set of receiver’s decoding
rules 𝐸𝑅 ={𝑒𝑅 | 𝑒𝑅 is a subspace of type (2𝑛, 2𝑛, 𝑛, 0)
and 𝑈 ⊂ 𝑒𝑅 }; the set of 𝑖th sender’s tags 𝑇𝑖 = {𝑡𝑖 |
𝑡𝑖 is a subspace of type (2𝑟−𝑛+2, 2(𝑟−𝑛+1), 𝑟−𝑛+1, 1)
and 𝑈 ⊂ 𝑡𝑖 ⊂ 𝑊𝑖 ⊥ , 𝑡𝑖 ⊄ 𝑈⊥ }; the set of receiver’s tags
𝑇 = {𝑡 | 𝑡 is a subspace of type (2𝑟 + 1, 2𝑟, 𝑟, 1) and
𝑈 ⊂ 𝑡}.
𝑈=
(
𝐼(𝑙)
0
𝑙
Define the encoding map 𝑓𝑖 : 𝑆 × 𝐸𝑃𝑖 → 𝑇𝑖 , 𝑓𝑖 (𝑠, 𝑒𝑃𝑖 ) =
𝑠 + 𝑒𝑃𝑖 , 1 ≤ 𝑖 ≤ 𝑛.
The decoding map 𝑓 : 𝑆 × 𝐸𝑅 → 𝑇, 𝑓(𝑠, 𝑒𝑅 ) = 𝑠 + 𝑒𝑅 .
The synthesizing map ℎ : 𝑇1 × 𝑇2 × ⋅ ⋅ ⋅ × 𝑇𝑛 →
𝑇, ℎ(𝑡1 , 𝑡2 , . . . , 𝑡𝑛 ) = 𝐴(𝑡1 + 𝑡2 + ⋅ ⋅ ⋅ + 𝑡𝑛 ), where 𝐴 is a
nonsingular matrix and 𝐴(𝑡1 + 𝑡2 + ⋅ ⋅ ⋅ + 𝑡𝑛 ) is a subspace of
type (2𝑟 + 1, 2𝑟, 𝑟, 1).
The code works as follows.
(1) Key Distribution. The key distribution center randomly
chooses an 𝑒𝑅 ∈ 𝐸𝑅 and selects a (2𝑛, 𝑛) subspace 𝑒 such that
𝑈 ⊂ 𝑒, and it selects 𝑒𝑃𝑖 ∈ 𝐸𝑃𝑖 so that 𝑒𝑃1 + 𝑒𝑃2 + ⋅ ⋅ ⋅ + 𝑒𝑃𝑛 = 𝑒,
and 𝐴 is a nonsingular matrix satisfying 𝑒𝑅 = ⟨𝑒, 𝐴⟩. The
key distribution center randomly secretly sends 𝑒𝑅 , 𝑒𝑃𝑖 to the
receiver and the senders, respectively, and sends 𝐴 to the
synthesizer.
(2) Broadcast. If the senders want to send a source state 𝑠 ∈ 𝑆
to the receiver 𝑅, the sender 𝑃𝑖 calculates 𝑡𝑖 = 𝑓𝑖 (𝑠, 𝑒𝑃𝑖 ) = 𝑠+𝑒𝑃𝑖
then sends 𝑡𝑖 (1 ≤ 𝑖 ≤ 𝑛) to the synthesizer.
(3) Synthesis. After the synthesizer receives 𝑡1 , 𝑡2 , . . . , 𝑡𝑛 , he
calculates ℎ = (𝑡1 , 𝑡2 , . . . , 𝑡𝑛 ) = 𝐴(𝑡1 + 𝑡2 + ⋅ ⋅ ⋅ + 𝑡𝑛 ) and then
sends 𝑚 = (𝑠, 𝑡) to the receiver 𝑅.
(4) Verification. When the receiver 𝑅 receives 𝑚 = (𝑠, 𝑡), he
calculates 𝑡󸀠 = 𝑔(𝑠, 𝑒𝑅 ) = 𝑠 + 𝑒𝑅 . If 𝑡 = 𝑡󸀠 , he accepts 𝑡;
otherwise, he rejects it.
Let
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
𝐼(𝑛−𝑙)
𝑛−𝑙 ]−𝑛 𝑙 𝑖−𝑙−1 1 𝑛−𝑖 ]−𝑛 1
0
)
0 ;
1
(7)
then,
𝐼(𝑙)
0
( 0
𝑈⊥ =
0
0
( 0
𝑙
(
(
⊥
𝑊𝑖 = (
(
𝐼(𝑙)
0
0
0
0
0
0
𝑙
0
0
0
𝐼(𝑛−𝑙)
0
0
0
0
𝑛−𝑙
𝐼
0
(𝑛−𝑙)
0
0
0
0
0
𝑛−𝑙
0
0
0
0
0
0
𝑙
𝐼(]−𝑛)
0
0
0
]−𝑛
0
0
𝐼(]−𝑛)
0
0
0
0
]−𝑛
0
0
0
0
0
0
0
𝑙
0
0
0
0
0
0
𝑖−𝑙−1
0
0
0
0
0
0
0
𝑖−𝑙−1
Lemma 1. Let 𝐶𝑖 = (𝑆, 𝐸𝑃𝑖 , 𝑇𝑖 ; 𝑓𝑖 ); the code is a cartesian
authentication code, 1 ≤ 𝑖 ≤ 𝑛.
0
0
0
0
0
0
1
0
0
0
1
0
0
0
1
0
0
0
0
0
0
0
0
0
𝑛−𝑖
0
0
0
0
0
0
0
𝑛−𝑖
0
0
0
0
1
0
1
𝐼(]−𝑛)
0
0
]−𝑛
0
0
0
0
𝐼(]−𝑛)
0
0
]−𝑛
0
0
0
0
0
1
0
1
0
0
0)
0
,
0
1)
1
0
0
0
0
0
0
1
1
(8)
)
)
).
)
Proof. For any 𝑒𝑝𝑖 ∈ 𝐸𝑝𝑖 , 𝑠 ∈ 𝑆. Because 𝑒𝑝𝑖 is a subspace of
type (𝑛 + 1, 0, 0, 0) and 𝑈 ⊂ 𝑒𝑝𝑖 ⊂ 𝑈⊥ , we can assume that
4
Journal of Applied Mathematics
𝐼(𝑙)
( 0
𝑒𝑝𝑖 =
0
𝑙
𝐼
0
(𝑛−𝑙)
0
𝑛−𝑙
0
0
0
]−𝑛
0
0
0
𝑙
0
0
0
𝑖−𝑙−1
Obviously, 𝑒𝑝𝑖 ∩ 𝑈⊥ = 𝑈. Let 𝑠 ∈ 𝑆; since 𝑈 ⊂ 𝑠 ⊂ 𝑈⊥ , 𝑠 has
the form as follows:
𝐼(𝑛) 0 0 0 0 0
𝑠 = ( 0 𝐵2 0 𝐵4 0 0) ,
(10)
0
0
0
1
1
0
0
0
0
0
𝑅8
𝑛−𝑖 ]−𝑛
0
0
𝑅9
1
0
0 )
.
0
1
(9)
where 𝐵2 , 𝐵4 is a subspace of type (2(𝑟 − 𝑛), 2(𝑟 − 𝑛), 𝑟 − 𝑛, 0)
in the pseudosymplectic space 𝐹𝑞 (2]+2) . Let 𝑡𝑖 = 𝑠 + 𝑒𝑝𝑖 ;
then,
0 0 0 1 0
𝐼(𝑙)
0
( 0
𝑡𝑖 =
0
0
𝑙
𝐼
0
(𝑛−𝑙)
0
0
0
𝑛−𝑙
0
0
𝐵2
0
0
]−𝑛
0
0
0
0
0
𝑙
0
0
0
0
0
𝑖−𝑙−1
𝐼(𝑟−𝑛)
𝑡𝑖 𝑆2 𝑡 𝑡𝑖 ∼ ( 0
0
0
Obviously, 𝑡𝑖 ⊄ 𝑈⊥ . So, 𝑡𝑖 is a subspace of type (2𝑟−𝑛+2, 2(𝑟−
𝑛 + 1), 𝑟 − 𝑛 + 1, 1) satisfying 𝑈 ⊂ 𝑡𝑖 ⊂ 𝑊𝑖 ⊥ ; that is, 𝑡𝑖 ∈ 𝑇𝑖 .
𝐼(𝑙)
0
( 0
𝑡𝑖 =
0
0
𝑙
0
𝐼(𝑛−𝑙)
0
0
0
𝑛−𝑙
0
0
𝐵2
0
0
]−𝑛
0
0
0
0
0
𝑙
𝐼
0
0
0
0
0
1
0
1
0
(𝑟−𝑛)
0
0
0
0
0
𝐵4
𝑅8
0
0
0
𝑛−𝑖 ]−𝑛
0
0
1
0
0
0
0
0
1
1
0
0
0)
,
0
0
1
(11)
0
0) .
0
1
Furthermore, we know that 𝑡𝑖 ∩ 𝑈⊥ = (𝑠 + 𝑒𝑝𝑖 ) ∩ 𝑈⊥ = 𝑠 +
(𝑒𝑝𝑖 ∩ 𝑈⊥ ) = 𝑠 + 𝑈 = 𝑠.
Conversely, for any 𝑡𝑖 ∈ 𝑇𝑖 , let 𝑠 = 𝑡𝑖 ∩𝑈⊥ , 𝐿 ⊂ 𝑡𝑖 , satisfying
𝑡𝑖 = 𝑠 ⊕ 𝐿. Obviously, 𝑈 ⊂ 𝑠 ⊂ 𝑈⊥ . For 𝑈 ⊂ 𝑡𝑖 ⊂ 𝑊𝑖 ⊥ , let
0
0
0
0
0
𝑖−𝑙−1
0
0
0
1
0
1
0
0
0
0
0
𝐵4
𝑅8
0
0
0
𝑛−𝑖 ]−𝑛
0
0
0
0
1
1
0
0
0)
.
0
0
1
(12)
Obviously,
𝐼(𝑙)
0
(
𝑡𝑖 ∩ 𝑈⊥ =
0
0
𝑙
0
𝐼(𝑛−𝑙)
0
0
𝑛−𝑙
0
0
𝐶2
0
]−𝑛
0
0
0
0
𝑙
For 𝑡𝑖 being a subspace of type (2𝑟−𝑛+2, 2(𝑟−𝑛+1), 𝑟−𝑛+1, 1),
then 𝑡𝑖 ∩ 𝑈⊥ is a subspace of type (2𝑟 − 𝑛 + 1, 2(𝑟 − 𝑛), 𝑟 − 𝑛, 1);
that is, 𝑠 ∈ 𝑆. Choose
𝐿 = (0 0 𝐵2 0 0 1 0 𝐵4 0 0) .
(14)
0
0
0
0
𝑖−𝑙−1
0
0
0
0
1
0
0
0
0
0
𝐶4
0
0
𝑛−𝑖 ]−𝑛
0
0
0
1
1
0
0
)
0
.
0
1
(13)
Let 𝑒𝑃𝑖 = 𝑈+𝐿; then, 𝑒𝑃𝑖 ∈ 𝐸𝑃𝑖 , and 𝑠⊕𝐿 = 𝑠⊕𝑒𝑃𝑖 . Therefore, 𝑓𝑖
is a surjection. For any 𝑡𝑖 ∈ 𝑇𝑖 , 𝑒𝑃𝑖 ∈ 𝐸𝑃𝑖 , if there exist 𝑠 ∈ 𝑆 so
that 𝑡𝑖 = 𝑠+𝑒𝑃𝑖 ; then, 𝑠 ∈ 𝑡𝑖 ∩𝑈⊥ . However, dim 𝑠 = 2𝑟−𝑛+1 =
dim (𝑡𝑖 ∩ 𝑈⊥ ), and so 𝑠 = 𝑡𝑖 ∩ 𝑈⊥ ; that is, 𝑠 is determined by 𝑡𝑖
and 𝑒𝑃𝑖 .
Journal of Applied Mathematics
5
Lemma 2. Let 𝐶 = (𝑆, 𝐸𝑅 , 𝑇; 𝑔); the code is a cartesian
authentication code.
satisfying
𝑡
Proof. (1) For any 𝑠 ∈ 𝑆, 𝑒𝑅 ∈ 𝐸𝑅 . From the definition of 𝑠
and 𝑒𝑅 , we assume that
𝑈
𝑈
𝑉
𝑉
) 𝑆2 (
)
(
𝑄
𝑄
𝑒2]+1
𝑒2]+1
𝑈
𝑛
𝑠 = ( 𝑄 ) 2 (𝑟 − 𝑛) ,
1
𝑒2]+1
0
(𝑛)
0(𝑛) 0
0
𝑡
𝑈
𝑈
(𝑟−𝑛)
0
0 𝐼
( 𝑄 ) 𝑆2 ( 𝑄 ) = (
(𝑟−𝑛)
0
0
𝐼
𝑒2]+1
𝑒2]+1
0
0
0
0
0
),
0
0
(15)
𝑈
𝑠 = ( 𝑄 ),
𝑒2]+1
𝑡
𝑈
𝑈
0 𝐼(𝑛)
𝑈
).
( ) 𝑆2 ( ) 𝑆2 ( ) = ( (𝑛)
𝑉
𝑉
𝑉
𝐼
0
Obviously, for any V ∈ 𝑉 and V ≠ 0, V ∉ 𝑠; therefore,
𝑈
𝑉
),
𝑡 = 𝑠 + 𝑒𝑅 = (
𝑄
𝑒2]+1
(16)
𝑡
𝑈
𝑈
𝑉
𝑉
(
) 𝑆2 (
)
𝑄
𝑄
𝑒2]+1
𝑒2]+1
0
𝐼(𝑛)
=( 0
0
0
0
𝐼(𝑛) 0
0
0
0
0
0 𝐼(𝑟−𝑛)
(𝑟−𝑛)
0
0 𝐼
0
0
0
0
0
0) .
0
0
(20)
Let
𝑈
𝑛
𝑒𝑅 = ( )
,
𝑉
𝑛
𝑡
𝐼
=( 0
0
0
0
𝐼(𝑛) 0
0
0
0
0
0 𝐼(𝑟−𝑛)
0 𝐼(𝑟−𝑛) 0
0
0
0
0
0
0) .
0
0
(17)
for 𝑠 is a subspace of type (2𝑟 − 𝑛 + 1, 2(𝑟 − 𝑛), 𝑟 − 𝑛, 1) and
𝑈 ⊂ 𝑠 ⊂ 𝑈⊥ ; that is, 𝑠 ∈ 𝑆 is a source state. For any V ∈ 𝑉
and V ≠ 0, V ∉ 𝑠 is obvious; that is, 𝑉 ∩ 𝑈⊥ = {0}. Therefore,
𝑈
𝑡 ∩ 𝑈⊥ = ( 𝑄 ) = 𝑠. Let 𝑒𝑅 = ( 𝑈
𝑉 ); then, 𝑒𝑅 is receiver’s
𝑒2]+1
decoding rule satisfying 𝑡 = 𝑠 + 𝑒𝑅 .
If 𝑠󸀠 is another source state contained in 𝑡, then 𝑈 ⊂ 𝑠󸀠 ⊂
⊥
𝑈 . Therefore, 𝑠󸀠 ⊂ 𝑡 ∩ 𝑈⊥ = 𝑠, while dim 𝑠󸀠 = dim 𝑠, and so
𝑠󸀠 = 𝑠; that is, 𝑠 is the uniquely source state contained in 𝑡.
From Lemmas 1 and 2, we know that such construction of
multisender authentication codes is reasonable, and there are
𝑛 senders in this system. Next, we compute the parameters
of this code and the maximum probability of success in
impersonation attack and substitution attack by group of
senders.
Lemma 3. Some parameters of this code are
|𝑆| = 𝑁 (2 (𝑟 − 𝑛) , 2 (𝑟 − 𝑛) , 𝑟 − 𝑛, 0; 2] + 2) ;
From the above mentioned, 𝑡 is a subspace of type (2𝑟 +
1, 2𝑟, 𝑟, 1) and 𝑈 ⊂ 𝑡; that is, 𝑡 ∈ 𝑇.
(2) For 𝑡 ∈ 𝑇, 𝑡 is a subspace of type (2𝑟 + 1, 2𝑟, 𝑟, 1) and
𝑈 ⊂ 𝑡; so, there is a subspace 𝑉 ⊂ 𝑡, satisfying
𝑡
𝑈
0 𝐼(𝑛)
𝑈
).
( ) 𝑆2 ( ) = ( (𝑛)
𝑉
𝑉
𝐼
0
(21)
(18)
󵄨󵄨 󵄨󵄨
󵄨󵄨𝐸𝑃𝑖 󵄨󵄨 = 𝑞]−𝑛+1
󵄨 󵄨
(1 ≤ 𝑖 ≤ 𝑛) .
(22)
Proof. Since 𝑈 ⊂ 𝑠 ⊂ 𝑈⊥ , 𝑠 has the following form:
𝐼(𝑛) 0 0 0 0 0
𝑠 = ( 0 𝐵2 0 𝐵4 0 0) ,
0 0 0 0 1 0
(23)
Then, we can assume that
𝑈
𝑉
)
𝑡=(
𝑄
𝑒2]+1
(19)
where 𝐵2 , 𝐵4 is a subspace of type (2(𝑟 − 𝑛), 2(𝑟 − 𝑛), 𝑟 − 𝑛, 0) in
the pseudosymplectic space 𝐹𝑞 (2]+2) . So, |𝑆| = 𝑁(2(𝑟−𝑛), 2(𝑟−
𝑛), 𝑟 − 𝑛, 0; 2] + 2).
For any 𝑒𝑝𝑖 ∈ 𝐸𝑝𝑖 , we can assume that 𝑒𝑃𝑖 has the following
form:
6
Journal of Applied Mathematics
𝐼(𝑙)
( 0
𝑒𝑃𝑖 =
0
𝑙
0
𝐼(𝑛−𝑙)
0
𝑛−𝑙
0
0
𝑅3
]−𝑛
0
0
0
𝑙
0
0
0
𝑖−𝑙−1
0
0
1
1
0
0
0
0
0
𝑅8
𝑛−𝑖 ]−𝑛
0
0
𝑅9
1
0
0 )
.
𝑅10
1
(24)
Since 𝑒𝑝𝑖 is a subspace of type (𝑛 + 1, 0, 0, 0), so 𝑅3 = 0 and
𝑅10 = 0, 𝑅8 , 𝑅9 arbitrarily. Therefore, |𝐸𝑃𝑖 | = 𝑞]−𝑛+1 .
(2) The number of the 𝑖th sender’s tag is |𝑇𝑖 | = 𝑞]−𝑟 𝑁(2(𝑟 −
𝑛), 2(𝑟 − 𝑛), 𝑟 − 𝑛, 0; 2] + 2) (1 ≤ 𝑖 ≤ 𝑛).
Lemma 4. (1) For any 𝑡𝑖 ∈ 𝑇𝑖 , the number of 𝑡𝑖 containing 𝑒𝑃𝑖
is 𝑞𝑟−𝑛+1 (1 ≤ 𝑖 ≤ 𝑛);
Proof. (1) Considering the transitivity properties of the same
subspaces under the pseudosymplectic groups, we may take
𝑡𝑖 as follows:
𝐼(𝑙)
0
( 0
𝑡𝑖 =
0
0
( 0
𝑙
0
0
0
𝐼(𝑛−𝑙)
0
0
0
0
𝑛−𝑙
𝐼(𝑟−𝑛)
0
0
0
𝑟−𝑛
0
0
0
0
0
0
]−𝑟
0
0
0
0
0
0
𝑙
0
0
0
0
0
0
𝑖−𝑙−1
0
0
0
1
0
0
1
0
0
0
0
0
0
0
0
0
0
𝑛−𝑖
𝐼(𝑟−𝑛)
0
𝑟−𝑛
0
0
0
0
0
0
]−𝑟
0
0
0
0
0
1
1
0
0
0 )
0
.
0
0 )
1
(25)
twocolumngrid If 𝑒𝑃𝑖 ⊂ 𝑡𝑖 , then we assume that
𝐼(𝑙)
( 0
𝑒𝑃𝑖 =
0
𝑙
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
𝑅9
𝑅11
0
0
0
𝑅7
0
𝑛−𝑙 𝑟−𝑛 ]−𝑟 𝑙 𝑖−𝑙−1 1 𝑛−𝑖 𝑟−𝑛 ]−𝑟 1
𝐼
(𝑛−𝑙)
Proof. (1) Let 𝑒𝑅 ∈ 𝐸𝑅 ; 𝑒𝑅 has the following form:
𝑒𝑅 =
Lemma 5. (1) The number of the receiver’s decoding rules is
|𝐸𝑅 | = 𝑞𝑛(]−𝑛+1) .
(2) For any 𝑡 ∈ 𝑇, the number of 𝑒𝑅 which contained 𝑡 is
𝑞𝑛(𝑟−𝑛+1) (1 ≤ 𝑖 ≤ 𝑛).
0
0
0
𝐼(𝑟−𝑛)
0
0
0
0
0
0
𝑟−𝑛 ]−𝑟
(26)
(3) The number of the receiver’s tag is |𝑇| = 𝑞𝑛(]−𝑟) 𝑁(2(𝑟 −
𝑛), 2(𝑟 − 𝑛), 𝑟 − 𝑛, 0; 2] + 2).
from 𝑒𝑃𝑖 ⊥ 𝑊𝑖 , we know that 𝑅7 = 1, where 𝑅9 , 𝑅11 arbitrarily,
and therefore the number of 𝑡𝑖 containing 𝑒𝑃𝑖 is 𝑞𝑟−𝑛+1 (1 ≤ 𝑖 ≤
𝑛).
(2) We know that every 𝑡𝑖 contains only one source state
𝑡𝑖 ∩𝑈⊥ and the number of 𝑡𝑖 containing 𝑒𝑃𝑖 . Therefore, we have
|𝑡𝑖 | = |𝑆||𝐸𝑃𝑖 |/𝑞𝑟−𝑛+1 = |𝑆|𝑞]−𝑛+1 /𝑞𝑟−𝑛+1 = 𝑞]−𝑟 𝑁(2(𝑟−𝑛), 2(𝑟−
𝑛), 𝑟 − 𝑛, 0; 2] + 2).
𝐼(𝑛)
0
( 0
𝑡=
0
0
𝑛
0
0)
;
0
1
(
𝐼(𝑛)
0
𝑛
0
0
0
0
𝑅2 𝐼(𝑛) 𝑅4 𝑅5
]−𝑛 𝑛 ]−𝑛 1
0
)
𝑅6 .
1
(27)
For 𝑒𝑅 being a subspace of type (2𝑛, 2𝑛, 𝑛, 0), so 𝑅2 and 𝑅6 =
0; 𝑅4 , 𝑅5 arbitrarily. Therefore, |𝐸𝑅 | = 𝑞𝑛(]−𝑛+1) .
(2) Considering the transitivity properties of the same
subspaces under the pseudosymplectic groups, we may
choose 𝑡 as follows:
0
0
𝐼(𝑛)
0
0
𝑛
0
0
0
𝐼(𝑟−𝑛)
0
𝑟−𝑛
0
0
0
0
0
]−𝑟
0
0
0
0
1
1
0
0
0)
.
0
0
1
(28)
Journal of Applied Mathematics
7
If 𝑒𝑅 ⊂ 𝑡, then
𝑒𝑅 =
(
𝐼(𝑛)
0
𝑛
0
0
0
0
0
0
0
𝑅7
0
0
𝐼(𝑛) 𝑅5
𝑟−𝑛 ]−𝑟 𝑛 𝑟−𝑛 ]−𝑟 1
where 𝑅5 and 𝑅7 arbitrarily. Therefore, the number of 𝑒𝑅
which contained 𝑡 is 𝑞𝑛(𝑟−𝑛+1) .
(3) Similar to Lemma 4(2), |𝑇| = |𝑆||𝐸𝑅 |/𝑞𝑟−𝑛+1 =
|𝑆|𝑞𝑛(]−𝑛+1) /𝑞𝑟−𝑛+1 = 𝑞𝑛(]−𝑟) 𝑁(2(𝑟−𝑛), 2(𝑟−𝑛), 𝑟−𝑛, 0; 2]+2).
Without loss of generality, we assume that 𝐿 = {𝑖1 , 𝑖2 , . . . ,
𝑖𝑙 } ⊂ {1, 2, . . . , 𝑛}, 𝑙 < 𝑛, 𝑃𝐿 = {𝑝1 , 𝑝2 , . . . , 𝑝𝑙 }, and 𝐸𝐿 =
𝐼(𝑙)
( 0
𝑒𝐿 =
0
𝑙
0
0
0
𝐼
0
0
𝑛−𝑙 ]−𝑛
(𝑛−𝑙)
0
)
0 ,
1
(29)
{𝐸𝑝1 , 𝐸𝑝2 , . . . , 𝐸𝑝𝑙 }. Now, let us consider the attacks on 𝑅 from
malicious groups of senders.
Lemma 6. For any 𝑒𝐿 = {𝐸𝑝1 , 𝐸𝑝2 , . . . , 𝐸𝑝𝑙 } ∈ 𝐸𝐿 , the number
of 𝑒𝑅 containing 𝑒𝐿 is 𝑞(]−𝑛+1)(𝑛−𝑙) .
Proof. For any 𝑒𝐿 = {𝐸𝑝1 , 𝐸𝑝2 , . . . , 𝐸𝑝𝑙 } ∈ 𝐸𝐿 , we assume 𝑒𝐿 to
be as follows:
0
0
𝐼(𝑙)
𝑙
0
0
0
0
0
𝑅6
𝑛−𝑙 ]−𝑛
0
0
𝑅7
1
0
0)
.
0
1
(30)
If 𝑒𝑅 ⊃ 𝑒𝐿 , then 𝑒𝑅 has the following form:
𝐼(𝑙)
0
(
𝑒𝑅 =
0
0
𝑙
0
0
0
0
0
𝐼(𝑛−𝑙)
0
0
𝐼(𝑙)
0
0
0
𝑛−𝑙 ]−𝑛 𝑙
where 𝑅6󸀠 , 𝑅7󸀠 arbitrarily. Therefore, the number of 𝑒𝑅 containing 𝑒𝐿 is 𝑞(]−𝑛+1)(𝑛−𝑙) .
0
0
0
𝐼(𝑛−𝑙)
𝑛−𝑙
0
0
𝑅6
𝑅6󸀠
]−𝑛
0
0
𝑅7
𝑅7󸀠
1
0
0
)
0
,
0
1
(31)
Lemma 7. For any 𝑡 ∈ 𝑇 and 𝑒𝐿 = {𝐸𝑝1 , 𝐸𝑝2 , . . . , 𝐸𝑝𝑙 } ∈ 𝐸𝐿 ,
the number of 𝑒𝑅 which contained in 𝑡 and containing 𝑒𝐿 is
𝑞(𝑟−𝑛+1)(𝑛−𝑙) .
Proof. For any 𝑡 ∈ 𝑇, we assume 𝑡 to be as follows:
(
(
𝑡= (
(
𝐼(𝑙)
0
0
0
0
0
0
𝑙
0
𝐼(𝑛−𝑙)
0
0
0
0
0
𝑛−𝑙
0
0
𝐼(𝑟−𝑛)
0
0
0
0
𝑟−𝑛
0
0
0
0
0
0
0
]−𝑟
0
0
0
𝐼(𝑙)
0
0
0
𝑙
0
0
0
0
𝐼(𝑛−𝑙)
0
0
𝑛−𝑙
𝐼
0
0
0
0
0
(𝑟−𝑛)
0
𝑟−𝑛
0
0
0
0
0
0
0
]−𝑟
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
1
)
)
).
(32)
)
If 𝑒𝐿 ⊂ 𝑡, then 𝑒𝐿 has the following form:
𝐼(𝑙)
( 0
𝑒𝐿 =
0
𝑙
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
𝐼(𝑛−𝑙)
0
0
0
0
𝑅7
𝑅9
0
𝐼(𝑙)
𝑛−𝑙 𝑟−𝑛 ]−𝑟 𝑙 𝑛−𝑙 𝑟−𝑛 ]−𝑟 1
0
0)
.
0
1
(33)
8
Journal of Applied Mathematics
Since 𝑒𝐿 ⊂ 𝑒𝑅 ⊂ 𝑡, then we assume 𝑒𝑅 to be as follows:
𝐼(𝑙)
0
( 0
𝑒𝑅 =
0
0
𝑙
0
0
0
𝐼(𝑙)
0
𝑙
0
0
0
0
0
𝐼
0
0
0
0
0
0
0
0
0
𝑛−𝑙 𝑟−𝑛 ]−𝑟
(𝑛−𝑙)
where 𝐻7 and 𝐻9 arbitrarily. Therefore, the number of
𝑒𝑅 which contained in 𝑡 and containing 𝑒𝐿 is 𝑞(𝑟−𝑛+1)(𝑛−𝑙) .
Lemma 8. Assume that 𝑡1 and 𝑡2 are two distinct tags (𝑡1 , 𝑡2 ∈
𝑇) decoded by receiver’s key 𝑒𝑅 , and 𝑠1 and 𝑠2 contained in
𝑡1 and 𝑡2 are two source states, respectively. Let 𝑠0 = 𝑠1 ∩ 𝑠2 ,
dim𝑠0 = 𝑘; then, 𝑛 ≤ 𝑘 ≤ 2𝑟 − 𝑛, and the number of 𝑒𝑅 which
contained in 𝑡1 ∩ 𝑡2 and containing 𝑒𝐿 is 𝑞(𝑘−𝑟)(𝑛−1) .
Proof. Since 𝑡1 = 𝑠1 + 𝑒𝑅 , 𝑡2 = 𝑠2 + 𝑒𝑅 , and 𝑡1 ≠ 𝑡2 , then 𝑠1 ≠ 𝑠2 .
For any 𝑠 ∈ 𝑆, 𝑈 ∈ 𝑠, obviously 𝑛 ≤ 𝑘 ≤ 2𝑟 − 𝑛. Assume
(
(
(
𝑡𝑖 = (
(
(
𝐼(𝑙)
0
0
0
0
0
0
𝑙
0
𝐼
(𝑛−𝑙)
0
0
0
0
0
𝑛−𝑙
0
0
𝐼(𝑟−𝑛)
0
0
0
0
𝑟−𝑛
0
0
0
0
0
0
0
]−𝑟
0
0
0
𝐼(𝑙)
0
0
0
𝑙
0
0
0
0
𝐼(𝑛−𝑙)
𝑛−𝑙
0
0
0
0
0
0
𝑅7
0
0
𝐻7
𝑟−𝑛 ]−𝑟
0
0
0
𝑅9
𝐻9
1
0
0
0)
,
0
0
1
(34)
that 𝑠𝑖󸀠 is the complementary subspace of 𝑠0 in the 𝑠𝑖 ; then,
𝑠𝑖 = 𝑠0 + 𝑠𝑖󸀠 (𝑖 = 1, 2). From 𝑡𝑖 = 𝑠𝑖 + 𝑒𝑅 = 𝑠0 + 𝑠𝑖󸀠 + 𝑒𝑅 and
𝑠𝑖 = 𝑡𝑖 ∩ 𝑈⊥ , we know that 𝑠0 = (𝑡1 ∩ 𝑈⊥ ) ∩ (𝑡2 ∩ 𝑈⊥ ) =
𝑡1 ∩ 𝑡2 ∩ 𝑈⊥ = 𝑠1 ∩ 𝑡2 = 𝑠2 ∩ 𝑡1 , and 𝑡1 ∩ 𝑡2 = (𝑠1 + 𝑒𝑅 ) ∩ 𝑡2 =
(𝑠0 + 𝑠1󸀠 + 𝑒𝑅 ) ∩ 𝑡2 = ((𝑠0 + 𝑒𝑅 ) + 𝑠1󸀠 ) ∩ 𝑡2 , since 𝑠0 + 𝑒𝑅 ⊆ 𝑡2 ;
then, 𝑡1 ∩ 𝑡2 = (𝑠0 + 𝑒𝑅 ) + (𝑠1󸀠 ∩ 𝑡2 ), while 𝑠1󸀠 ∩ 𝑡2 ⊆ 𝑠1 ∩ 𝑡2 = 𝑠0 ,
and so we have 𝑡1 ∩ 𝑡2 = 𝑠0 + 𝑒𝑅 .
From the definition of 𝑡, we may take 𝑡𝑖 , 𝑖 = 1, 2, as
follows:
0
0
0
0
0
0
0
0
0
𝑃𝑖7
0
𝑟−𝑛
𝐼(𝑛−𝑙)
0
0
𝑛−𝑙
0
0
0
0
0
0
0
]−𝑟
0
0
0)
)
0)
)
0)
0
0
0
0
0
0
1
1
0
0)
1
𝑙
𝑛−𝑙
𝑟−𝑛
𝑙
𝑛−𝑙
𝑟−𝑛
1
.
(35)
Let
(
(
(
𝑡1 ∩ 𝑡2 = (
(
(
𝐼(𝑙)
0
0
0
0
0
0
𝑙
0
𝐼
(𝑛−𝑙)
0
0
0
0
0
𝑛−𝑙
0
0
𝐼(𝑟−𝑛)
0
0
0
0
𝑟−𝑛
0
0
0
0
0
0
0
]−𝑟
0
0
0
𝐼(𝑙)
0
0
0
𝑙
From the above mentioned, we know that 𝑡1 ∩ 𝑡2 = 𝑠0 + 𝑒𝑅 ,
and then dim (𝑡1 ∩ 𝑡2 ) = 𝑘 + 2𝑛 − 𝑛 = 𝑘 + 𝑛; therefore,
0
0
0
0
𝐼(𝑛−𝑙)
0
0
𝑛−𝑙
0
0
0
0
0
𝑃7
0
𝑟−𝑛
0
0
0
0
0
0
0
]−𝑟
0
0
0
0
0
0
1
1
0
0
0)
)
0)
)
0)
0
0)
1
𝑙
𝑛−𝑙
𝑟−𝑛
𝑙
𝑛−𝑙
𝑟−𝑛
1
.
(36)
0 𝑃7 0 0 0
dim (
) = 𝑘 + 𝑛 − (2𝑛 + 𝑟 − 𝑛) = 𝑘 − 𝑟. (37)
0 0 0 1 0
Journal of Applied Mathematics
9
For any 𝑒𝐿 , 𝑒𝑅 ⊂ 𝑡1 ∩ 𝑡2 , we can assume that
𝐼(𝑙)
( 0
𝑒𝐿 =
0
𝑙
𝐼(𝑙)
0
(
𝑒𝑅 =
0
0
𝑙
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
𝐼(𝑛−𝑙)
(𝑙)
0
0
0
𝑅
0
𝑅
𝐼
0
7
9
𝑛−𝑙 𝑟−𝑛 ]−𝑟 𝑙 𝑛−𝑙 𝑟−𝑛 ]−𝑟 1
0
0
0
(𝑛−𝑙)
0
0
𝐼
0
0
0
0
0
0
𝑛−𝑙 𝑟−𝑛 ]−𝑟
0
0
𝐼(𝑙)
0
𝑙
where every row of
0
0
0
𝐼(𝑛−𝑙)
𝑛−𝑙
0
0
0
0
𝑅7
0
0
𝐻7
𝑟−𝑛 ]−𝑟
0
𝑙
0 ) 𝑛−𝑙
,
0
𝑙
1
0
0
𝑅9
𝐻9
1
0
0
)
0
0
1
𝑙
𝑛−𝑙
,
𝑙
𝑛−𝑙
(38)
receiver accepts it as legitimate message. So,
𝑃𝑆 (𝐿)
(0 𝐻7 0 𝐻9 0)
(39)
is the linear combination of the base of
󵄨󵄨
󵄨
󵄨󵄨{𝑒𝑅 ∈ 𝐸𝑅 | 𝑒𝑅 ⊂ 𝑡, 𝑡󸀠 and 𝑒𝐿 ⊂ 𝑒𝑅 }󵄨󵄨󵄨
󵄨
󵄨
= max max 󸀠max { 󵄨󵄨
󵄨 }
𝑒𝐿 ∈𝐸𝐿 𝑚∈𝑀 𝑚 ≠ 𝑚∈𝑀
󵄨󵄨{𝑒𝑅 ∈ 𝐸𝑅 | 𝑒𝑅 ⊂ 𝑡 and 𝑒𝐿 ⊂ 𝑒𝑅 }󵄨󵄨󵄨
𝑞(𝑛−𝑙)(𝑘−𝑟)
𝑛≤𝑘≤2𝑟−𝑛 𝑞(𝑛−𝑙)(𝑟−𝑛+1)
1
= max (2𝑟−𝑛+1−𝑘)(𝑛−𝑙)
𝑛≤𝑘≤2𝑟−𝑛 𝑞
1
= (𝑛−𝑙) .
𝑞
= max
0 𝑃7 0 0 0
(
).
0 0 0 1 0
(40)
Therefore, the number of 𝑒𝑅 ⊂ 𝑡1 ∩ 𝑡2 and containing 𝑒𝐿 is
𝑞(𝑘−𝑟)(𝑛−𝑙) .
Theorem 9. In the constructed multisender authentication
codes, the largest probabilities of success for impersonation
attack and substitution attack from 𝑃𝐿 on a receiver 𝑅 are
𝑃𝐼 (𝐿) =
1
𝑞(]−𝑟)(𝑛−𝑙)
,
𝑃𝑆 (𝐿) =
1
𝑞2(𝑛−𝑙)
,
(41)
Acknowledgments
This work is supported by the NSF of China (61179026) and
Fundamental Research of the Central Universities of China
Civil Aviation University of Science special (ZXH2012k003).
References
respectively.
Proof. Impersonation Attack. 𝑃𝐿 , after receiving his secret
keys, encodes a message and sends it to receiver. 𝑃𝐿 is
successful if the receiver accepts it as legitimate message. So,
𝑃𝐼 (𝐿)
󵄨
󵄨󵄨
󵄨{𝑒 ∈ 𝐸 | 𝑒 ⊂ 𝑒𝑅 and 𝑒𝑅 ⊂ 𝑡}󵄨󵄨󵄨
}
= max max { 󵄨 𝑅 󵄨󵄨 𝑅 𝐿
󵄨
𝑒𝐿 ∈𝐸𝐿 𝑚∈𝑀
󵄨󵄨{𝑒𝑅 ∈ 𝐸𝑅 | 𝑒𝐿 ⊂ 𝑒𝑅 }󵄨󵄨󵄨
𝑞(𝑛−𝑙)(𝑟−𝑛+1)
1
= (𝑛−𝑙)(]−𝑛+1) = (]−𝑟)(𝑛−𝑙) .
𝑞
𝑞
(43)
(42)
Substitution Attack. 𝑃𝐿 replaces 𝑡 with another message 𝑡󸀠 ,
after it observes a legitimate message 𝑡. 𝑃𝐿 is successful if the
[1] E. N. Gilbert, F. J. MacWilliams, and N. J. A. Sloane, “Codes
which detect deception,” The Bell System Technical Journal, vol.
53, pp. 405–424, 1974.
[2] Y. Desmedt, Y. Frankel, and M. Yung, “Multi-receiver/multisender network security: efficient authenticated multicast/feedback,” in Proceedings of the the 11th Annual Conference
of the IEEE Computer and Communications Societies (Infocom
’92), pp. 2045–2054, May 1992.
[3] K. Martin and R. Safavi-Naini, “Multi-sender authentication
schemes with unconditional security,” in Information and Communications Security, vol. 1334 of Lecture Notes in Computer
Science, pp. 130–143, Springer, Berlin, Germany, 1997.
[4] W. Ma and X. Wang, “Several new constructions of multitrasmitters authentication codes,” Acta Electronica Sinica, vol.
28, no. 4, pp. 117–119, 2000.
[5] G. J. Simmons, “Message authentication with arbitration of
transmitter/receiver disputes,” in Proceedings of the 6th Annual
10
International Conference on Theory and Application of Cryptographic Techniques (Eurcrypt ’87), vol. 304 of Lecture Notes in
Computer Science, pp. 151–165, 1987.
[6] C. Shangdi and C. Lizhen, “Two constructions of multi-sender
authentication codes with arbitration based linear codes,”
WSEAS Transactions on Mathematics, vol. 11, no. 12, 2012.
[7] Z. Wan, Geometry of Classical Groups over Finite Fields, Science
Press, Beijing, China, 2nd edition, 2002.
[8] C. Shangdi and Z. Dawei, “Two constructions of multireceiver
authentication codes from symplectic geometry over finite
fields,” Ars Combinatoria, vol. 99, pp. 193–203, 2011.
Journal of Applied Mathematics
Advances in
Operations Research
Hindawi Publishing Corporation
http://www.hindawi.com
Volume 2014
Advances in
Decision Sciences
Hindawi Publishing Corporation
http://www.hindawi.com
Volume 2014
Mathematical Problems
in Engineering
Hindawi Publishing Corporation
http://www.hindawi.com
Volume 2014
Journal of
Algebra
Hindawi Publishing Corporation
http://www.hindawi.com
Probability and Statistics
Volume 2014
The Scientific
World Journal
Hindawi Publishing Corporation
http://www.hindawi.com
Hindawi Publishing Corporation
http://www.hindawi.com
Volume 2014
International Journal of
Differential Equations
Hindawi Publishing Corporation
http://www.hindawi.com
Volume 2014
Volume 2014
Submit your manuscripts at
http://www.hindawi.com
International Journal of
Advances in
Combinatorics
Hindawi Publishing Corporation
http://www.hindawi.com
Mathematical Physics
Hindawi Publishing Corporation
http://www.hindawi.com
Volume 2014
Journal of
Complex Analysis
Hindawi Publishing Corporation
http://www.hindawi.com
Volume 2014
International
Journal of
Mathematics and
Mathematical
Sciences
Journal of
Hindawi Publishing Corporation
http://www.hindawi.com
Stochastic Analysis
Abstract and
Applied Analysis
Hindawi Publishing Corporation
http://www.hindawi.com
Hindawi Publishing Corporation
http://www.hindawi.com
International Journal of
Mathematics
Volume 2014
Volume 2014
Discrete Dynamics in
Nature and Society
Volume 2014
Volume 2014
Journal of
Journal of
Discrete Mathematics
Journal of
Volume 2014
Hindawi Publishing Corporation
http://www.hindawi.com
Applied Mathematics
Journal of
Function Spaces
Hindawi Publishing Corporation
http://www.hindawi.com
Volume 2014
Hindawi Publishing Corporation
http://www.hindawi.com
Volume 2014
Hindawi Publishing Corporation
http://www.hindawi.com
Volume 2014
Optimization
Hindawi Publishing Corporation
http://www.hindawi.com
Volume 2014
Hindawi Publishing Corporation
http://www.hindawi.com
Volume 2014