Authenticated error-correcting codes with applications to multicast authentication

We consider the problem of authenticating a stream of packets transmitted over a network controlled by an adversary who may perform arbitrary attacks on the stream: He may drop or modify chosen packets, rearrange the order of the packets in any way, and inject new, random, or specially crafted packets into the stream. In contrast, prior work on the multicast authentication problem has focused on a less powerful adversarial network model or has examined a considerably more restrictive setting with specific timing or structural assumptions about the network. We model the ability of the network to modify a stream of n packets with two parameters: the survival rate α (0 <α≤ 1) denoting the fraction of the packets that are guaranteed to reach any particular receiver unmodified and the flood rate β (β ≥ 1) indicating the factor by which the size of the received stream at any particular receiver may exceed the size of the transmitted stream. Combining error-correcting codes with standard cryptographic primitives, our approach gives almost the same security guarantees as if each packet were individually signed, but requires only one signature operation for the entire stream and adds to each transmitted packet only a small amount of authentication information, proportional to β/α2. We prove the security and correctness of our scheme and analyze its performance in terms of communication overhead and computational effort at the sender and the receiver. Our results demonstrate how list decoding can be transformed into unambiguous decoding in the public-key model and the bounded computational model for the underlying communication channel. Overall, our technique provides an authenticated error-correcting code of independent interest that may be useful in other settings.