Hindawi Publishing CorporationJournal of Applied MathematicsVolume 2013, Article ID 320392, 7 pageshttp://dx.doi.org/10.1155/2013/320392
Research ArticleA New Construction of Multisender Authentication Codes fromPolynomials over Finite Fields
Xiuli Wang
College of Science, Civil Aviation University of China, Tianjin 300300, China
Correspondence should be addressed to Xiuli Wang; [email protected]
Received 3 February 2013; Accepted 7 April 2013
Academic Editor: Yang Zhang
Copyright © 2013 Xiuli Wang. This is an open access article distributed under the Creative Commons Attribution License, whichpermits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Multisender authentication codes allow a group of senders to construct an authenticated message for a receiver such that thereceiver can verify the authenticity of the received message. In this paper, we construct one multisender authentication code frompolynomials over finite fields. Some parameters and the probabilities of deceptions of this code are also computed.
1. Introduction
Multisender authentication code was firstly constructed byGilbert et al. [1] in 1974. Multisender authentication systemrefers towho a groupof senders, cooperatively send amessageto a receiver; then the receiver should be able to ascertainthat the message is authentic. About this case, many scholarsand researchers had made great contributions to multisenderauthentication codes, such as [2–6].
In the actual computer network communications, mul-tisender authentication codes include sequential model andsimultaneous model. Sequential model is that each senderuses his own encoding rules to encode a source state orderly,the last sender sends the encoded message to the receiver,and the receiver receives themessage and verifies whether themessage is legal or not. Simultaneousmodel is that all sendersuse their own encoding rules to encode a source state, andeach sender sends the encoded message to the synthesizer,respectively; then the synthesizer forms an authenticatedmessage and verifies whether the message is legal or not. Inthis paper, we will adopt the second model.
In a simultaneous model, there are four participants: agroup of senders 𝑈 = {𝑈
1, 𝑈2, . . . , 𝑈
𝑛}, the key distribution
center, he is responsible for the key distribution to sendersand receiver, including solving the disputes between them, areceiver 𝑅, and a synthesizer, where he only runs the trustedsynthesis algorithm. The code works as follows: each senderand receiver has their own Cartesian authentication code,
respectively. Let (𝑆, 𝐸𝑖, 𝑇𝑖; 𝑓𝑖) (𝑖 = 1, 2, . . . , 𝑛) be the senders’
Cartesian authentication code, (𝑆, 𝐸𝑅, 𝑇; 𝑔) be the receiver’s
Cartesian authentication code, ℎ : 𝑇1× 𝑇2× ⋅ ⋅ ⋅ × 𝑇
𝑛→
𝑇 be the synthesis algorithm, and 𝜋𝑖
: 𝐸 → 𝐸𝑖be a
subkey generation algorithm, where 𝐸 is the key set of thekey distribution center. When authenticating a message, thesenders and the receiver should comply with the protocol.The key distribution center randomly selects an encodingrule 𝑒 ∈ 𝐸 and sends 𝑒
𝑖= 𝜋𝑖(𝑒) to the 𝑖th sender 𝑈
𝑖(𝑖 =
1, 2, . . . , 𝑛), secretly; then he calculates 𝑒𝑅by 𝑒 according to
an effective algorithm and secretly sends 𝑒𝑅to the receiver
𝑅. If the senders would like to send a source state 𝑠 to thereceiver 𝑅, 𝑈
𝑖computes 𝑡
𝑖= 𝑓𝑖(𝑠, 𝑒𝑖) (𝑖 = 1, 2, . . . , 𝑛) and
sends 𝑚𝑖= (𝑠, 𝑡
𝑖) (𝑖 = 1, 2, . . . , 𝑛) to the synthesizer through
an open channel. The synthesizer receives the message 𝑚𝑖=
(𝑠, 𝑡𝑖) (𝑖 = 1, 2, . . . , 𝑛) and calculates 𝑡 = ℎ(𝑡
1, 𝑡2, . . . , 𝑡
𝑛) by the
synthesis algorithm ℎ and then sends message 𝑚 = (𝑠, 𝑡) tothe receiver; he checks the authenticity by verifying whether𝑡 = 𝑔(𝑠, 𝑒
𝑅) or not. If the equality holds, the message is
authentic and is accepted. Otherwise, the message is rejected.We assume that the key distribution center is credible, and
though he know the senders’ and receiver’s encoding rules, hewill not participate in any communication activities. Whentransmitters and receiver are disputing, the key distributioncenter settles it. At the same time, we assume that the systemfollows the Kerckhoff principle in which, except the actualused keys, the other information of the whole system ispublic.
2 Journal of Applied Mathematics
In a multisender authentication system, we assume thatthe whole senders are cooperative to form a valid message;that is, all senders as a whole and receiver are reliable. Butthere are some malicious senders who together cheat thereceiver; the part of senders and receiver are not credible, andthey can take impersonation attack and substitution attack.In the whole system, we assume that {𝑈
1, 𝑈2, . . . , 𝑈
𝑛} are
senders, 𝑅 is a receiver, 𝐸𝑖is the encoding rules set of the
sender 𝑈𝑖, and 𝐸
𝑅is the decoding rules set of the receiver
𝑅. If the source state space 𝑆 and the key space 𝐸𝑅of receiver
𝑅 are according to a uniform distribution, then the messagespace𝑀 and the tag space𝑇 are determined by the probabilitydistribution of 𝑆 and 𝐸
𝑅. 𝐿 = {𝑖
1, 𝑖2, . . . , 𝑖
𝑙} ⊂ {1, 2, . . . , 𝑛},
𝑙 < 𝑛, 𝑈𝐿
= {𝑈𝑖1
, 𝑈𝑖2
, . . . , 𝑈𝑖𝑙
}, 𝐸𝐿
= {𝐸𝑈𝑖1
, 𝐸𝑈𝑖2
, . . . , 𝐸𝑈𝑖𝑙
}.Now consider that let us consider the attacks from maliciousgroups of senders. Here, there are two kinds of attack.
The opponent’s impersonation attack to receiver:𝑈𝐿, after
receiving their secret keys, encode a message and send it tothe receiver. 𝑈
𝐿are successful if the receiver accepts it as
legitimate message. Denote by 𝑃𝐼the largest probability of
some opponent’s successful impersonation attack to receiver;it can be expressed as
𝑃𝐼= max𝑚∈𝑀
{
{𝑒𝑅 ∈ 𝐸𝑅 | 𝑒𝑅 ⊂ 𝑚}
𝐸𝑅
} . (1)
The opponent’s substitution attack to the receiver: 𝑈𝐿
replace 𝑚 with another message 𝑚, after they observe alegitimatemessage𝑚.𝑈
𝐿are successful if the receiver accepts
it as legitimate message; it can be expressed as
𝑃𝑆= max𝑚∈𝑀
{
max𝑚̸= 𝑚∈𝑀
{𝑒𝑅∈ 𝐸𝑅| 𝑒𝑅⊂ 𝑚,𝑚
}
{𝑒𝑅 ∈ 𝐸𝑅 | 𝑒𝑅 ⊂ 𝑚}
} . (2)
There might be 𝑙 malicious senders who together cheatthe receiver; that is, the part of senders and the receiverare not credible, and they can take impersonation attack.Let 𝐿 = {𝑖
1, 𝑖2, . . . , 𝑖
𝑙} ⊂ {1, 2, . . . , 𝑛}, 𝑙 < 𝑛 and 𝐸
𝐿=
{𝐸𝑈𝑖1
, 𝐸𝑈𝑖2
, . . . , 𝐸𝑈𝑖𝑙
}. Assume that 𝑈𝐿
= {𝑈𝑖1
, 𝑈𝑖2
, . . . , 𝑈𝑖𝑙
},after receiving their secret keys, send a message 𝑚 to thereceiver 𝑅;𝑈
𝐿are successful if the receiver accepts it as legiti-
mate message. Denote by 𝑃𝑈(𝐿) the maximum probability of
success of the impersonation attack to the receiver. It can beexpressed as
𝑃𝑈(𝐿)
=max𝑒𝐿∈𝐸𝐿
max𝑒𝐿∈𝑒𝑈
{max𝑚∈𝑀
{𝑒𝑅∈𝐸𝑅 | 𝑒𝑅⊂𝑚, 𝑝 (𝑒𝑅, 𝑒𝑃) ̸=0}
{𝑒𝑅 ∈ 𝐸𝑅 | 𝑝 (𝑒𝑅, 𝑒𝑃) ̸=0}
} .
(3)
Notes.𝑝(𝑒𝑅, 𝑒𝑃) ̸= 0 implies that any information 𝑠 encoded by
𝑒𝑇can be authenticated by 𝑒
𝑅.
In [2], Desmedt et al. gave two constructions for MRA-codes based on polynomials and finite geometries, respec-tively. To construct multisender or multireceiver authenti-cation by polynomials over finite fields, many researchershave done much work, for example, [7–9]. There are other
constructions of multisender authentication codes that aregiven in [3–6]. The construction of authentication codesis combinational design in its nature. We know that thepolynomial over finite fields can provide a better algebrastructure and is easy to count. In this paper, we constructone multisender authentication code from the polynomialover finite fields. Some parameters and the probabilities ofdeceptions of this code are also computed. We realize thegeneralization and the application of the similar idea andmethod of the paper [7–9].
2. Some Results about Finite Field
Let 𝐹𝑞be the finite field with 𝑞 elements, where 𝑞 is a power
of a prime 𝑝 and 𝐹 is a field containing 𝐹𝑞; denote by 𝐹∗
𝑞be
the nonzero elements set of 𝐹𝑞. In this paper, we will use the
following conclusions over finite fields.
Conclusion 1. A generator 𝛼 of 𝐹∗𝑞
is called a primitiveelement of 𝐹
𝑞.
Conclusion 2. Let 𝛼 ∈ 𝐹𝑞; if some polynomials contain 𝛼 as
their root and their leading coefficient are 1 over 𝐹𝑞, then the
polynomial having least degree among all such polynomialsis called a minimal polynomial over 𝐹
𝑞.
Conclusion 3. Let |𝐹| = 𝑞𝑛, then 𝐹 is an 𝑛-dimensionalvector space over 𝐹
𝑞. Let 𝛼 be a primitive element of 𝐹
𝑞
and 𝑔(𝑥) the minimal polynomial about 𝛼 over 𝐹𝑞; then
dim𝑔(𝑥) = 𝑛 and 1, 𝛼, 𝛼2, . . . , 𝛼𝑛−1 is a basis of 𝐹. Further-more, 1, 𝛼, 𝛼2, . . . , 𝛼𝑛−1 is linear independent, and it is equalto 𝛼, 𝛼2, . . . , 𝛼𝑛−1, 𝛼𝑛 (𝛼 is a primitive element, 𝛼 ̸= 0) is alsolinear independent; moreover, 𝛼𝑝, 𝛼𝑝
2
, . . . , 𝛼𝑝𝑛−1
, 𝛼𝑝𝑛
is alsolinear independent.
Conclusion 4. Consider (𝑥1+ 𝑥2+ ⋅ ⋅ ⋅ + 𝑥
𝑛)𝑚
= (𝑥1)𝑚
+
(𝑥2)𝑚
+ ⋅ ⋅ ⋅ + (𝑥𝑛)𝑚, where 𝑥
𝑖∈ 𝐹𝑞, (1 ≤ 𝑖 ≤ 𝑛) and 𝑚 is a
nonnegative power of character 𝑝 of 𝐹𝑞.
Conclusion 5. Let𝑚 ≤ 𝑛. Then, the number of𝑚×𝑛matricesof rank𝑚 over 𝐹
𝑞is 𝑞𝑚(𝑚−1)/2∏𝑛
𝑖=𝑛−𝑚+1(𝑞𝑖− 1).
More results about finite fields can be found in [10–12].
3. Construction
Let the polynomial 𝑝𝑗(𝑥) = 𝑎
𝑗1𝑥𝑝𝑛
+ 𝑎𝑗2𝑥𝑝(𝑛−1)
+ ⋅ ⋅ ⋅ +
𝑎𝑗𝑛𝑥𝑝(1 ≤ 𝑗 ≤ 𝑘), where the coefficient 𝑎
𝑖𝑙∈ 𝐹𝑞,
(1 ≤ 𝑙 ≤ 𝑛), and these vectors by the composition of theircoefficient are linearly independent. The set of source states𝑆 = 𝐹
𝑞; the set of 𝑖th transmitter’s encoding rules 𝐸
𝑈𝑖
=
{𝑝1(𝑥𝑖), 𝑝2(𝑥𝑖), . . . , 𝑝
𝑘(𝑥𝑖), 𝑥𝑖
∈ 𝐹∗
𝑞} (1 ≤ 𝑖 ≤ 𝑛); the set
of receiver’s encoding rules 𝐸𝑅
= {𝑝1(𝛼), 𝑝2(𝛼), . . . , 𝑝
𝑘(𝛼),
where 𝛼 is a primitive element of 𝐹𝑞}; the set of 𝑖th transmit-
ter’s tags 𝑇𝑖= {𝑡𝑖| 𝑡𝑖∈ 𝐹𝑞} (1 ≤ 𝑖 ≤ 𝑛); the set of receiver’s
tags 𝑇 = {𝑡 | 𝑡 ∈ 𝐹𝑞}.
Journal of Applied Mathematics 3
Define the encoding map 𝑓𝑖: 𝑆 × 𝐸
𝑈𝑖
→ 𝑇𝑖, 𝑓𝑖(𝑠, 𝑒𝑈𝑖
) =
𝑠𝑝1(𝑥𝑖) + 𝑠2𝑝2(𝑥𝑖) + ⋅ ⋅ ⋅ + 𝑠
𝑘𝑝𝑘(𝑥𝑖), 1 ≤ 𝑖 ≤ 𝑛.
The decoding map 𝑓 : 𝑆 × 𝐸𝑅
→ 𝑇, 𝑓(𝑠, 𝑒𝑅) = 𝑠𝑝
1(𝛼) +
𝑠2𝑝2(𝛼) + ⋅ ⋅ ⋅ + 𝑠
𝑘𝑝𝑘(𝛼).
The synthesizing map ℎ : 𝑇1× 𝑇2× ⋅ ⋅ ⋅ × 𝑇
𝑛→ 𝑇,
ℎ(𝑡1, 𝑡2, . . . , 𝑡
𝑛) = 𝑡1+ 𝑡2+ ⋅ ⋅ ⋅ + 𝑡
𝑛.
The code works as follows.Assume that 𝑞 is larger than, or equal to, the number of
the possible message and 𝑛 ≤ 𝑞.
3.1. Key Distribution. The key distribution center randomlygenerates 𝑘 (𝑘 ≤ 𝑛) polynomials 𝑝
1(𝑥), 𝑝2(𝑥), . . . , 𝑝
𝑘(𝑥),
where 𝑝𝑗(𝑥) = 𝑎
𝑗1𝑥𝑝𝑛
+ 𝑎𝑗2𝑥𝑝(𝑛−1)
+ ⋅ ⋅ ⋅ + 𝑎𝑗𝑛𝑥𝑝(1 ≤ 𝑗 ≤ 𝑘),
and make these vectors by composed of their coefficient islinearly independent, it is equivalent to the column vectors
of the matrix (
𝑎11𝑎21⋅⋅⋅ 𝑎𝑘1
𝑎12𝑎22⋅⋅⋅ 𝑎𝑘2
............
𝑎1𝑛𝑎2𝑛⋅⋅⋅ 𝑎𝑘𝑛
) is linearly independent. He
selects 𝑛 distinct nonzero elements 𝑥1, 𝑥2, . . . , 𝑥
𝑛∈ 𝐹𝑞again
and makes 𝑥𝑖(1 ≤ 𝑖 ≤ 𝑛) secret; then he sends privately
𝑝1(𝑥𝑖), 𝑝2(𝑥𝑖), . . . , 𝑝
𝑘(𝑥𝑖) to the sender 𝑈
𝑖(1 ≤ 𝑖 ≤ 𝑛). The
key distribution center also randomly chooses a primitiveelement 𝛼 of 𝐹
𝑞satisfying 𝑥
1+ 𝑥2+ ⋅ ⋅ ⋅ + 𝑥
𝑛= 𝛼 and sends
𝑝1(𝛼), 𝑝2(𝛼), . . . , 𝑝
𝑘(𝛼) to the receiver 𝑅.
3.2. Broadcast. If the senderswant to send a source state 𝑠 ∈ 𝑆to the receiver 𝑅, the sender 𝑈
𝑖calculates 𝑡
𝑖= 𝑓𝑖(𝑠, 𝑒𝑈𝑖
) =
𝐴𝑠(𝑥𝑖) = 𝑠𝑝
1(𝑥𝑖)+𝑠2𝑝2(𝑥𝑖)+ ⋅ ⋅ ⋅+𝑠
𝑘𝑝𝑘(𝑥𝑖), 1 ≤ 𝑖 ≤ 𝑛 and then
sends 𝐴𝑠(𝑥𝑖) = 𝑡𝑖to the synthesizer.
3.3. Synthesis. After the synthesizer receives 𝑡1, 𝑡2, . . . , 𝑡
𝑛, he
calculates ℎ(𝑡1, 𝑡2, . . . , 𝑡
𝑛) = 𝑡1+ 𝑡2+ ⋅ ⋅ ⋅ + 𝑡
𝑛and then sends
𝑚 = (𝑠, 𝑡) to the receiver 𝑅.
3.4. Verification. When the receiver 𝑅 receives 𝑚 = (𝑠, 𝑡), hecalculates 𝑡 = 𝑔(𝑠, 𝑒
𝑅) = 𝐴
𝑠(𝛼) = 𝑠𝑝
1(𝛼) + 𝑠
2𝑝2(𝛼) + ⋅ ⋅ ⋅ +
𝑠𝑘𝑝𝑘(𝛼). If 𝑡 = 𝑡, he accepts 𝑡; otherwise, he rejects it.Next, we will show that the above construction is a well
defined multisender authentication code with arbitration.
Lemma 1. Let 𝐶𝑖= (𝑆, 𝐸
𝑃𝑖
, 𝑇𝑖, 𝑓𝑖); then the code is an A-code,
1 ≤ 𝑖 ≤ 𝑛.
Proof. (1) For any 𝑒𝑈𝑖
∈ 𝐸𝑈𝑖
, 𝑠 ∈ 𝑆, because 𝐸𝑈𝑖
= {𝑝1(𝑥𝑖),
𝑝2(𝑥𝑖), . . . , 𝑝
𝑘(𝑥𝑖), 𝑥𝑖∈ 𝐹∗
𝑞}, so 𝑡
𝑖= 𝑠𝑝1(𝑥𝑖) + 𝑠2𝑝2(𝑥𝑖) + ⋅ ⋅ ⋅ +
𝑠𝑘𝑝𝑘(𝑥𝑖) ∈ 𝑇𝑖= 𝐹𝑞. Conversely, for any 𝑡
𝑖∈ 𝑇𝑖, choose 𝑒
𝑈𝑖
=
{𝑝1(𝑥𝑖), 𝑝2(𝑥𝑖), . . . , 𝑝
𝑘(𝑥𝑖), 𝑥𝑖∈ 𝐹∗
𝑞}, where 𝑝
𝑗(𝑥) = 𝑎
𝑗1𝑥𝑝𝑛
+
𝑎𝑗2𝑥𝑝(𝑛−1)
+ ⋅ ⋅ ⋅ + 𝑎𝑗𝑛𝑥𝑝(1 ≤ 𝑗 ≤ 𝑘), and let 𝑡
𝑖= 𝑓𝑖(𝑠, 𝑒𝑈𝑖
) =
𝑠𝑝1(𝑥𝑖) + 𝑠2𝑝2(𝑥𝑖) + ⋅ ⋅ ⋅ + 𝑠
𝑘𝑝𝑘(𝑥𝑖); it is equivalent to
(𝑥𝑝𝑛
𝑖, 𝑥𝑝𝑛−1
𝑖, . . . , 𝑥
𝑝
𝑖)(
𝑎11
𝑎21
⋅ ⋅ ⋅ 𝑎𝑘1
𝑎12
𝑎22
⋅ ⋅ ⋅ 𝑎𝑘2
......
......
𝑎1𝑛
𝑎2𝑛
⋅ ⋅ ⋅ 𝑎𝑘𝑛
)(
𝑠
𝑠2
...𝑠𝑘
) = 𝑡𝑖.
(4)
It follows that
(
(
𝑥𝑝𝑛
1𝑥𝑝𝑛−1
1⋅ ⋅ ⋅ 𝑥𝑝
1
𝑥𝑝n
2𝑥𝑝𝑛−1
2⋅ ⋅ ⋅ 𝑥𝑝
2
......
......
𝑥𝑝𝑛
𝑛𝑥𝑝𝑛−1
𝑛⋅ ⋅ ⋅ 𝑥𝑝
𝑛
)
)
× (
𝑎11
𝑎21
⋅ ⋅ ⋅ 𝑎𝑘1
𝑎12
𝑎22
⋅ ⋅ ⋅ 𝑎𝑘2
......
......
𝑎1𝑛
𝑎2𝑛
⋅ ⋅ ⋅ 𝑎𝑘𝑛
)(
𝑠
𝑠2
...𝑠𝑘
) = (
𝑡1
𝑡2
...𝑡𝑛
).
(5)
Denote
𝐴 = (
𝑎11
𝑎21
⋅ ⋅ ⋅ 𝑎𝑘1
𝑎12
𝑎22
⋅ ⋅ ⋅ 𝑎𝑘2
......
......
𝑎1𝑛
𝑎2𝑛
⋅ ⋅ ⋅ 𝑎𝑘𝑛
),
𝑋 = (
𝑥𝑝𝑛
1𝑥𝑝𝑛−1
1⋅ ⋅ ⋅ 𝑥𝑝
1
𝑥𝑝𝑛
2𝑥𝑝𝑛−1
2⋅ ⋅ ⋅ 𝑥𝑝
2
......
......
𝑥𝑝𝑛
𝑛𝑥𝑝𝑛−1
𝑛⋅ ⋅ ⋅ 𝑥𝑝
𝑛
),
𝑆 = (
𝑠
𝑠2
...𝑠𝑘
), 𝑡 = (
𝑡1
𝑡2
...𝑡𝑛
).
(6)
The above linear equation is equivalent to 𝑋𝐴𝑆 = 𝑡,because the column vectors of 𝐴 are linearly independent,𝑋 is equivalent to a Vandermonde matrix, and 𝑋 is inverse;therefore, the above linear equation has a unique solution, so𝑠 is only defined; that is, 𝑓
𝑖(1 ≤ 𝑖 ≤ 𝑛) is a surjection.
(2) If 𝑠 ∈ 𝑆 is another source state satisfying 𝑠𝑝1(𝑥𝑖) +
𝑠2𝑝2(𝑥𝑖)+⋅ ⋅ ⋅+𝑠
𝑘𝑝𝑘(𝑥𝑖) = 𝑠𝑝1(𝑥𝑖)+𝑠2𝑝2(𝑥𝑖)+⋅ ⋅ ⋅+𝑠
𝑘𝑝𝑘(𝑥𝑖) =
𝑡𝑖, and it is equivalent to (𝑠 − 𝑠)𝑝
1(𝑥𝑖) + (𝑠2− 𝑠2)𝑝2(𝑥𝑖) + ⋅ ⋅ ⋅ +
(𝑠𝑘− 𝑠𝑘)𝑝𝑘(𝑥𝑖) = 0, then
(𝑥𝑝𝑛
𝑖, 𝑥𝑝𝑛−1
𝑖, . . . , 𝑥
𝑝
𝑖)
× (
𝑎11
𝑎21
⋅ ⋅ ⋅ 𝑎𝑘1
𝑎12
𝑎22
⋅ ⋅ ⋅ 𝑎𝑘2
......
......
𝑎1𝑛
𝑎2𝑛
⋅ ⋅ ⋅ 𝑎𝑘𝑛
)(
𝑠 − 𝑠
𝑠2− 𝑠2
...𝑠𝑘− 𝑠𝑘
) = 0.
(7)
4 Journal of Applied Mathematics
Thus
(
(
𝑥𝑝𝑛
1𝑥𝑝𝑛−1
1⋅ ⋅ ⋅ 𝑥𝑝
1
𝑥𝑝n
2𝑥𝑝𝑛−1
2⋅ ⋅ ⋅ 𝑥𝑝
2
......
......
𝑥𝑝𝑛
𝑛𝑥𝑝𝑛−1
𝑛⋅ ⋅ ⋅ 𝑥𝑝
𝑛
)
)
× (
𝑎11
𝑎21
⋅ ⋅ ⋅ 𝑎𝑘1
𝑎12
𝑎22
⋅ ⋅ ⋅ 𝑎𝑘2
......
......
𝑎1𝑛
𝑎2𝑛
⋅ ⋅ ⋅ 𝑎𝑘𝑛
)(
𝑠 − 𝑠
𝑠2− 𝑠2
...𝑠𝑘− 𝑠𝑘
) = (
0
0
...0
).
(8)
Similar to (1), we know that the homogeneous linear equation𝑋𝐴𝑆 = 0 has a unique solution; that is, there is only zerosolution, so 𝑠 = 𝑠. So, 𝑠 is the unique source state determinedby 𝑒𝑈𝑖
and 𝑡𝑖; thus, 𝐶
𝑖(1 ≤ 𝑖 ≤ 𝑛) is an A-code.
Lemma 2. Let 𝐶 = (𝑆, 𝐸𝑅, 𝑇, 𝑔); then the code is an A-code.
Proof. (1) For any 𝑠 ∈ 𝑆, 𝑒𝑅∈ 𝐸𝑅, from the definition of 𝑒
𝑅,
we assume that 𝐸𝑅
= {𝑝1(𝛼), 𝑝2(𝛼), . . . , 𝑝
𝑘(𝛼), where 𝛼 is a
primitive element of 𝐹𝑞}, 𝑔(𝑠, 𝑒
𝑅) = 𝑠𝑝
1(𝛼) + 𝑠
2𝑝2(𝛼) + ⋅ ⋅ ⋅ +
𝑠𝑘𝑝𝑘(𝛼) ∈ 𝑇 = 𝐹
𝑞; on the other hand, for any 𝑡 ∈ 𝑇, choose
𝑒𝑅= {𝑝1(𝛼), 𝑝2(𝛼), . . . , 𝑝
𝑘(𝛼), where 𝛼 is a primitive element
of 𝐹𝑞}, 𝑔(𝑠, 𝑒
𝑅) = 𝑠𝑝
1(𝛼) + 𝑠
2𝑝2(𝛼) + ⋅ ⋅ ⋅ + 𝑠
𝑘𝑝𝑘(𝛼) = 𝑡; it is
equivalent to
(𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, ⋅ ⋅ ⋅ , 𝛼𝑝)
× (
𝑎11
𝑎21
⋅ ⋅ ⋅ 𝑎𝑘1
𝑎12
𝑎22
⋅ ⋅ ⋅ 𝑎𝑘2
......
......
𝑎1𝑛
𝑎2𝑛
⋅ ⋅ ⋅ 𝑎𝑘𝑛
)(
𝑠
𝑠2
...𝑠𝑘
) = 𝑡,
𝐴 = (
𝑎11
𝑎21
⋅ ⋅ ⋅ 𝑎𝑘1
𝑎12
𝑎22
⋅ ⋅ ⋅ 𝑎𝑘2
......
......
𝑎1𝑛
𝑎2𝑛
⋅ ⋅ ⋅ 𝑎𝑘𝑛
);
(9)
that is, (𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)𝐴(
𝑠
𝑠2
...𝑠𝑘
) = 𝑡. From Conclusion
3, we know that (𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝) is linearly independent
and the column vectors of 𝐴 are also linearly independent;therefore, the above linear equation has unique solution, so 𝑠is only defined; that is, 𝑔 is a surjection.
(2) If 𝑠 is another source state satisfying 𝑡 = 𝑔(𝑠, 𝑒𝑅), then
(𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)𝐴(
𝑠
𝑠2
...𝑠𝑘
)
= (𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)𝐴(
𝑠
𝑠2
...𝑠𝑘
);
(10)
that is, (𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)𝐴(
[[
[
𝑠
𝑠2
...𝑠𝑘
]]
]
− [
[
𝑠
𝑠2
...𝑠𝑘
]
]
) = 0. Sim-
ilar to (1), we get that the homogeneous linear equation(𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)𝐴(𝑆− 𝑆) = 0 has a unique solution; that
is, there is only zero solution, so 𝑆 = 𝑆; that is, 𝑠 = 𝑠. So,𝑠 is the unique source state determined by 𝑒
𝑅and 𝑡; thus,
𝐶 = (𝑆, 𝐸𝑅, 𝑇, 𝑔) is an A-code.
At the same time, for any valid𝑚 = (𝑠, 𝑡), we have knownthat 𝛼 = 𝑥
1+ 𝑥2+ ⋅ ⋅ ⋅ + 𝑥
𝑛, and it follows that 𝑡 = 𝑠𝑝
1(𝛼) +
𝑠2𝑝2(𝛼)+⋅ ⋅ ⋅+𝑠
𝑘𝑝𝑘(𝛼) = 𝑠𝑝
1(𝑥1+𝑥2+⋅ ⋅ ⋅+𝑥
𝑛)+𝑠2𝑝2(𝑥1+𝑥2+
⋅ ⋅ ⋅ + 𝑥𝑛) + ⋅ ⋅ ⋅ + 𝑠
𝑘𝑝𝑘(𝑥1+ 𝑥2+ ⋅ ⋅ ⋅ + 𝑥
𝑛). We also have known
that 𝑝𝑗(𝑥) = 𝑎
𝑗1𝑥𝑝𝑛
+𝑎𝑗2𝑥𝑝(𝑛−1)
+ ⋅ ⋅ ⋅ + 𝑎𝑗𝑛𝑥𝑝(1 ≤ 𝑗 ≤ 𝑘); from
Conclusion 4, (𝑥1+ 𝑥2+ ⋅ ⋅ ⋅ + 𝑥
𝑛)𝑝𝑚
= (𝑥1)𝑝𝑚
+ (𝑥2)𝑝𝑚
+ ⋅ ⋅ ⋅ +
(𝑥𝑛)𝑝𝑚
, where𝑚 is a nonnegative power of character 𝑝 of 𝐹𝑞,
andwe get𝑝𝑗(𝑥1+𝑥2+⋅ ⋅ ⋅+𝑥
𝑛) = 𝑝𝑗(𝑥1)+𝑝𝑗(𝑥2)+⋅ ⋅ ⋅+𝑝
𝑗(𝑥𝑛);
therefore, 𝑡 = 𝑠𝑝1(𝛼) + 𝑠
2𝑝2(𝛼) + ⋅ ⋅ ⋅ + 𝑠
𝑘𝑝𝑘(𝛼) = (𝑠𝑝
1(𝑥1) +
𝑠2𝑝2(𝑥1)+⋅ ⋅ ⋅+𝑠
𝑘𝑝𝑘(𝑥1))+(𝑠𝑝
1(𝑥2)+𝑠2𝑝2(𝑥2)+⋅ ⋅ ⋅+𝑠
𝑘𝑝𝑘(𝑥2))+
⋅ ⋅ ⋅+(𝑠𝑝1(𝑥𝑛)+𝑠2𝑝2(𝑥𝑛)+ ⋅ ⋅ ⋅+𝑠
𝑘𝑝𝑘(𝑥𝑛)) = 𝑡1+𝑡2+⋅ ⋅ ⋅+𝑡
𝑛= 𝑡,
and the receiver 𝑅 accepts𝑚.
From Lemmas 1 and 2, we know that such construction ofmultisender authentication codes is reasonable and there are𝑛 senders in this system. Next, we compute the parametersof this code and the maximum probability of success inimpersonation attack and substitution attack by the group ofsenders.
Theorem 3. Some parameters of this construction are|𝑆| = 𝑞, |𝐸
𝑈𝑖
| = [𝑞𝑘(𝑘−1)/2
∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖− 1)] (
𝑞−1
1) =
[𝑞𝑘(𝑘−1)/2
∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖− 1)](𝑞 − 1) (1 ≤ 𝑖 ≤ 𝑛), |𝑇
𝑖| = 𝑞 (1 ≤
𝑖 ≤ 𝑛), |𝐸𝑅| = [𝑞
𝑘(𝑘−1)/2∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖− 1)]𝜑(𝑞 − 1), |𝑇| = 𝑞.
Where 𝜑(𝑞 − 1) is the 𝐸𝑢𝑙𝑒𝑟 𝑓𝑢𝑛𝑐𝑡𝑖𝑜𝑛 of 𝑞 − 1, it representsthe number of primitive element of 𝐹
𝑞here.
Proof. For |𝑆| = 𝑞, |𝑇𝑖| = 𝑞, and |𝑇| = 𝑞, the results
are straightforward. For𝐸𝑈𝑖
, because𝐸𝑈𝑖
={𝑝1(𝑥𝑖), 𝑝2(𝑥𝑖), . . . ,
𝑝𝑘(𝑥𝑖), 𝑥𝑖∈ 𝐹∗
𝑞}, where 𝑝
𝑗(𝑥) = 𝑎
𝑗1𝑥𝑝𝑛
+ 𝑎𝑗2𝑥𝑝(𝑛−1)
+ ⋅ ⋅ ⋅ +
𝑎𝑗𝑛𝑥𝑝(1 ≤ 𝑗 ≤ 𝑘), and these vectors by the composition of
their coefficient are linearly independent, it is equivalent to
the columns of 𝐴 = (
𝑎11𝑎21⋅⋅⋅ 𝑎𝑘1
𝑎12𝑎22⋅⋅⋅ 𝑎𝑘2
............
𝑎1𝑛𝑎2𝑛⋅⋅⋅ 𝑎𝑘𝑛
) is linear independent.
Journal of Applied Mathematics 5
From Conclusion 5, we can conclude that the number of 𝐴satisfying the condition is 𝑞𝑘(𝑘−1)/2∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖− 1). On the
other hand, the number of distinct nonzero elements 𝑥𝑖(1 ≤
𝑖 ≤ 𝑛) in 𝐹𝑞is ( 𝑞−11
) = 𝑞 − 1, so |𝐸𝑈𝑖
| = [𝑞𝑘(𝑘−1)/2
∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖−
1)](𝑞 − 1). For 𝐸𝑅, 𝐸𝑅
= {𝑝1(𝛼), 𝑝2(𝛼), . . . , 𝑝
𝑘(𝛼), where 𝛼
is a primitive element of 𝐹𝑞}. For 𝛼, from Conclusion 1, a
generator of𝐹∗𝑞is called a primitive element of𝐹
𝑞, |𝐹∗𝑞| = 𝑞−1;
by the theory of the group, we know that the number ofgenerator of 𝐹∗
𝑞is 𝜑(𝑞−1); that is, the number of 𝛼 is 𝜑(𝑞−1).
For 𝑝1(𝑥), 𝑝2(𝑥), . . . , 𝑝
𝑘(𝑥). From above, we have confirmed
that the number of these polynomials is 𝑞𝑘(𝑘−1)/2∏𝑛𝑖=𝑛−𝑘+1
(𝑞𝑖−
1); therefore, |𝐸𝑅| = [𝑞
𝑘(𝑘−1)/2∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖− 1)]𝜑(𝑞 − 1).
Lemma 4. For any 𝑚 ∈ 𝑀, the number of 𝑒𝑅contained 𝑚 is
𝜑(𝑞 − 1).
Proof. Let 𝑚 = (𝑠, 𝑡) ∈ 𝑀, 𝑒𝑅
= {𝑝1(𝛼), 𝑝2(𝛼), . . . , 𝑝
𝑘(𝛼),
where 𝛼 is a primitive element of 𝐹𝑞} ∈ 𝐸
𝑅. If 𝑒𝑅
⊂ 𝑚,then 𝑠𝑝
1(𝛼) + 𝑠
2𝑝2(𝛼) + ⋅ ⋅ ⋅ + 𝑠
𝑘𝑝𝑘(𝛼) = 𝑡 ⇔ (𝛼
𝑝𝑛
, 𝛼𝑝𝑛−1
,
. . . , 𝛼𝑝)𝐴(
𝑠
𝑠2
...𝑠𝑘
) = 𝑡. For any 𝛼, suppose that there is
another 𝐴 such that (𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)𝐴(
𝑠
𝑠2
...𝑠𝑘
) = 𝑡,
then (𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)(𝐴 − 𝐴
)(
𝑠
𝑠2
...𝑠𝑘
) = 0, because
𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝 is linearly independent, so (𝐴−𝐴)(
𝑠
𝑠2
...𝑠𝑘
) =
0, but (
𝑠
𝑠2
...𝑠𝑘
) is arbitrarily; therefore, 𝐴 − 𝐴 = 0; that is,
𝐴 = 𝐴, and it follows that 𝐴 is only determined by 𝛼.
Therefore, as 𝛼 ∈ 𝐸𝑅, for any given 𝑠 and 𝑡, the number of
𝑒𝑅contained in𝑚 is 𝜑(𝑞 − 1).
Lemma 5. For any𝑚 = (𝑠, 𝑡) ∈ 𝑀 and𝑚 = (𝑠, 𝑡) ∈ 𝑀 with𝑠 ̸= 𝑠, the number of 𝑒
𝑅contained𝑚 and𝑚 is 1.
Proof. Assume that 𝑒𝑅
= {𝑝1(𝛼), 𝑝2(𝛼), . . . , 𝑝
𝑘(𝛼), where
𝛼 is a primitive element of 𝐹𝑞} ∈ 𝐸
𝑅. If 𝑒𝑅
⊂ 𝑚 and𝑒𝑅
⊂ 𝑚, then 𝑠𝑝
1(𝛼) + 𝑠
2𝑝2(𝛼) + ⋅ ⋅ ⋅ + 𝑠
𝑘𝑝𝑘(𝛼) = 𝑡 ⇔
(𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)𝐴(
𝑠
𝑠2
...𝑠𝑘
) = 𝑡, 𝑠𝑝1(𝛼) + 𝑠
2𝑝2(𝛼) + ⋅ ⋅ ⋅ +
𝑠𝑘𝑝𝑘(𝛼) = 𝑡 ⇔ (𝛼
𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)𝐴(
𝑠
𝑠2
...𝑠𝑘
) = 𝑡. It is
equivalent to (𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)𝐴(
𝑠−𝑠
𝑠2−𝑠2
...𝑠𝑘−𝑠𝑘
) = 𝑡 − 𝑡 because
𝑠 ̸= 𝑠, so 𝑡 ̸= 𝑡; otherwise, we assume that 𝑡 = 𝑡 and
since 𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝 and the column vectors of 𝐴 both
are linearly independent, it forces that 𝑠 = 𝑠; this is acontradiction. Therefore, we get
(𝑡 − 𝑡)−1
[[[[
[
(𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)𝐴 (
𝑠 − 𝑠
𝑠2− 𝑠2
...𝑠𝑘− 𝑠𝑘
)
]]]]
]
= 1,
(∗)
since 𝑡, 𝑡 is given, (𝑡 − 𝑡)−1 is unique, by equation (∗), forany given 𝑠, 𝑠 and 𝑡, 𝑡, we obtain that (𝛼𝑝
𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)𝐴 is
only determined; thus, the number of 𝑒𝑅contained𝑚 and𝑚
is 1.
Lemma6. For any fixed 𝑒𝑈= {𝑝1(𝑥𝑖), 𝑝2(𝑥𝑖), . . . , 𝑝
𝑘(𝑥𝑖), 𝑥𝑖∈
𝐹∗
𝑞} (1 ≤ 𝑖 ≤ 𝑛) containing a given 𝑒
𝐿, then the number of 𝑒
𝑅
which is incidence with 𝑒𝑈is 𝜑(𝑞 − 1).
Proof. For any fixed 𝑒𝑈
= {𝑝1(𝑥𝑖), 𝑝2(𝑥𝑖), . . . , 𝑝
𝑘(𝑥𝑖), 𝑥𝑖∈
𝐹∗
𝑞} (1 ≤ 𝑖 ≤ 𝑛) containing a given 𝑒
𝐿, we assume that
𝑝𝑗(𝑥𝑖) = 𝑎𝑗1𝑥𝑝𝑛
𝑖+𝑎𝑗2𝑥𝑝(𝑛−1)
𝑖+⋅ ⋅ ⋅+𝑎
𝑗𝑛𝑥𝑝
𝑖(1 ≤ 𝑗 ≤ 𝑘, 1 ≤ 𝑖 ≤ 𝑛),
𝑒𝑅= {𝑝1(𝛼), 𝑝2(𝛼), . . . , 𝑝
𝑘(𝛼), where 𝛼 is a primitive element
of 𝐹𝑞}. From the definitions of 𝑒
𝑅and 𝑒𝑈and Conclusion 4,
we can conclude that 𝑒𝑅is incidence with 𝑒
𝑈if and only if
𝑥1+ 𝑥2+ ⋅ ⋅ ⋅ + 𝑥
𝑛= 𝛼. For any 𝛼, since Rank(1, 1, . . . , 1) =
Rank(1, 1, . . . , 1, 𝛼) = 1 < 𝑛, so the equation𝑥1+𝑥2+⋅ ⋅ ⋅+𝑥
𝑛=
𝛼 always has a solution. From the proof of Theorem 3, weknow the number of 𝑒
𝑅which is incident with 𝑒
𝑈(i.e., the
number of all 𝐸𝑅) is [𝑞𝑘(𝑘−1)/2∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖− 1)] 𝜑(𝑞 − 1).
Lemma 7. For any fixed 𝑒𝑈= {𝑝1(𝑥𝑖), 𝑝2(𝑥𝑖), . . . , 𝑝
𝑘(𝑥𝑖), 𝑥𝑖∈
𝐹∗
𝑞} (1 ≤ 𝑖 ≤ 𝑛) containing a given 𝑒
𝐿and𝑚 = (𝑠, 𝑡), the num-
ber of 𝑒𝑅which is incidence with 𝑒
𝑈and contained in𝑚 is 1.
Proof. For any 𝑠 ∈ 𝑆, 𝑒𝑅
∈ 𝐸𝑅, we assume that 𝑒
𝑅=
{𝑝1(𝛼), 𝑝2(𝛼), . . . , 𝑝
𝑘(𝛼), where 𝛼 is a primitive element
of 𝐹𝑞}. Similar to Lemma 6, for any fixed 𝑒
𝑈=
{𝑝1(𝑥𝑖), 𝑝2(𝑥𝑖), . . . , 𝑝
𝑘(𝑥𝑖), 𝑥𝑖∈ 𝐹∗
𝑞}, (1 ≤ 𝑖 ≤ 𝑛) containing
a given 𝑒𝐿, we have known that 𝑒
𝑅is incident with 𝑒
𝑈if and
only if
𝑥1+ 𝑥2+ ⋅ ⋅ ⋅ + 𝑥
𝑛= 𝛼. (11)
Again, with 𝑒𝑅⊂ 𝑚, we can get
𝑠𝑝1(𝛼) + 𝑠
2𝑝2(𝛼) + ⋅ ⋅ ⋅ + 𝑠
𝑘𝑝𝑘(𝛼) = 𝑡. (12)
By (11) and (12) and the property of 𝑝𝑗(𝑥) (1 ≤ 𝑗 ≤ 𝑘), we
have the following conclusion:
𝑠𝑝1(
𝑛
∑
𝑖=1
𝑥𝑖) + 𝑠2𝑝2(
𝑛
∑
𝑖=1
𝑥𝑖) + ⋅ ⋅ ⋅ + 𝑠
𝑘𝑝𝑘(
𝑛
∑
𝑖=1
𝑥𝑖)
= 𝑡 ⇐⇒ (𝑝1(
𝑛
∑
𝑖=1
𝑥𝑖) , 𝑝2(
𝑛
∑
𝑖=1
𝑥𝑖) , . . . , 𝑝
𝑘(
𝑛
∑
𝑖=1
𝑥𝑖))
6 Journal of Applied Mathematics
× (
𝑠
𝑠2
...𝑠𝑘
)
= 𝑡 ⇐⇒ (
𝑛
∑
𝑖=1
𝑝1(𝑥𝑖) ,
𝑛
∑
𝑖=1
𝑝2(𝑥𝑖) , . . . ,
𝑛
∑
𝑖=1
𝑝𝑘(𝑥𝑖))(
𝑠
s2...𝑠𝑘
)
=𝑡⇐⇒( (
𝑛
∑
𝑖=1
𝑥𝑖)
𝑛
, (
𝑛
∑
𝑖=1
𝑥𝑖)
𝑛−1
, . . . , (
𝑛
∑
𝑖=1
𝑥𝑖))𝐴(
𝑠
𝑠2
...𝑠𝑘
)
= 𝑡 ⇐⇒ [(
𝑛
∑
𝑖=1
𝑝1(𝑥𝑖) ,
𝑛
∑
𝑖=1
𝑝2(𝑥𝑖) , . . . ,
𝑛
∑
𝑖=1
𝑝𝑘(𝑥𝑖))
−((
𝑛
∑
𝑖=1
𝑥𝑖)
𝑛
, (
𝑛
∑
𝑖=1
𝑥𝑖)
𝑛−1
, . . . , (
𝑛
∑
𝑖=1
𝑥𝑖))𝐴]
× (
𝑠
𝑠2
...𝑠𝑘
) = 0,
(13)
because 𝑠 is any given. Similar to the proof of Lemma 4,we can get (∑𝑛
𝑖=1𝑝1(𝑥𝑖), ∑𝑛
𝑖=1𝑝2(𝑥𝑖), . . . , ∑
𝑛
𝑖=1𝑝𝑘(𝑥𝑖)) −
((∑𝑛
𝑖=1𝑥𝑖)𝑛,(∑𝑛𝑖=1
𝑥𝑖)𝑛−1
, . . . ,(∑𝑛
𝑖=1𝑥𝑖))𝐴=0; that is, ((∑𝑛
𝑖=1𝑥𝑖)𝑛
,
(∑𝑛
𝑖=1𝑥𝑖)𝑛−1
, . . . , (∑𝑛
𝑖=1𝑥𝑖))𝐴 = (∑
𝑛
𝑖=1𝑝1(𝑥𝑖), ∑𝑛
𝑖=1𝑝2(𝑥𝑖), . . . ,
∑𝑛
𝑖=1𝑝𝑘(𝑥𝑖)), but 𝑝
1(𝑥𝑖), 𝑝2(𝑥𝑖), . . . , 𝑝
𝑘(𝑥𝑖) and 𝑥
𝑖(1 ≤ 𝑖 ≤ 𝑛)
also are fixed; thus, 𝛼 and 𝐴are only determined, so thenumber of 𝑒
𝑅which is incident with 𝑒
𝑈and contained in 𝑚
is 1.
Theorem 8. In the constructed multisender authenticationcodes, if the senders’ encoding rules and the receiver’s decodingrules are chosen according to a uniform probability distribu-tion, then the largest probabilities of success for different typesof deceptions, respectively, are
𝑃𝐼=
1
𝑞𝑘(𝑘−1)/2∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖 − 1)
,
𝑃𝑆=
1
𝜑 (𝑞 − 1),
𝑃𝑈(𝐿) =
1
[𝑞𝑘(𝑘−1)/2∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖 − 1)] 𝜑 (𝑞 − 1)
.
(14)
Proof. By Theorem 3 and Lemma 4, we get
𝑃𝐼= max𝑚∈𝑀
{
{𝑒𝑅 ∈ 𝐸𝑅 | 𝑒𝑅 ⊂ 𝑚}
𝐸𝑅
}
=𝜑 (𝑞 − 1)
[𝑞𝑘(𝑘−1)/2∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖 − 1)] 𝜑 (𝑞 − 1)
=1
𝑞𝑘(𝑘−1)/2∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖 − 1)
.
(15)
By Lemmas 4 and 5, we get
𝑃𝑆= max𝑚∈𝑀
{
max𝑚̸= 𝑚∈𝑀
{𝑒𝑅∈ 𝐸𝑅| 𝑒𝑅⊂ 𝑚,𝑚
}
{𝑒𝑅 ∈ 𝐸𝑅 | 𝑒𝑅 ⊂ 𝑚}
}
=1
𝜑 (𝑞 − 1).
(16)
By Lemmas 6 and 7, we get
𝑃𝑈(𝐿)
=max𝑒𝐿∈𝐸𝐿
max𝑒𝐿∈𝑒𝑈
{max𝑚∈𝑀
{𝑒𝑅 ∈ 𝐸𝑅 | 𝑒𝑅⊂𝑚, 𝑝 (𝑒𝑅, 𝑒𝑃) ̸=0}
{𝑒𝑅 ∈ 𝐸𝑅 | 𝑝 (𝑒𝑅, 𝑒𝑃) ̸=0}
}
=1
[𝑞𝑘(𝑘−1)/2∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖 − 1)] 𝜑 (𝑞 − 1)
.
(17)
Acknowledgments
This paper is supported by the NSF of China (61179026)and the Fundamental Research of the Central Universi-ties of China Civil Aviation University of Science special(ZXH2012k003).
References
[1] E. N. Gilbert, F. J. MacWilliams, and N. J. A. Sloane, “Codeswhich detect deception,”The Bell System Technical Journal, vol.53, pp. 405–424, 1974.
[2] Y. Desmedt, Y. Frankel, and M. Yung, “Multi-receiver/multi-sender network security: efficient authenticated multicast/feedback,” in Proceedings of the the 11th Annual Conference of theIEEEComputer andCommunications Societies (Infocom ’92), pp.2045–2054, May 1992.
[3] K. Martin and R. Safavi-Naini, “Multisender authenticationschemes with unconditional security,” in Information and Com-munications Security, vol. 1334 of Lecture Notes in ComputerScience, pp. 130–143, Springer, Berlin, Germany, 1997.
[4] W. Ma and X. Wang, “Several new constructions of multitrasmitters authentication codes,” Acta Electronica Sinica, vol.28, no. 4, pp. 117–119, 2000.
[5] G. J. Simmons, “Message authentication with arbitration oftransmitter/receiver disputes,” in Advances in Cryptology—EUROCRYPT ’87, Workshop on theTheory and Application of ofCryptographic Techniques, vol. 304 of Lecture Notes in ComputerScience, pp. 151–165, Springer, 1988.
[6] S. Cheng and L. Chang, “Two constructions of multi-senderauthentication codes with arbitration based linear codes to bepublished in ,”WSEAS Transactions on Mathematics, vol. 11, no.12, 2012.
Journal of Applied Mathematics 7
[7] R. Safavi-Naini and H. Wang, “New results on multi-receiver authentication codes,” in Advances in Cryptology—EUROCRYPT ’98 (Espoo), vol. 1403 of Lecture Notes in Comput.Sci., pp. 527–541, Springer, Berlin, Germany, 1998.
[8] R. Aparna and B. B. Amberker, “Multi-sender multi-receiverauthentication for dynamic secure group communication,”International Journal of Computer Science andNetwork Security,vol. 7, no. 10, pp. 47–63, 2007.
[9] R. Safavi-Naini and H. Wang, “Bounds and constructions formultireceiver authentication codes,” inAdvances in cryptology—ASIACRYPT’98 (Beijing), vol. 1514 of Lecture Notes in Comput.Sci., pp. 242–256, Springer, Berlin, Germany, 1998.
[10] S. Shen and L. Chen, Information and Coding Theory, Sciencepress in China, 2002.
[11] J. J. Rotman, Advanced Modern Algebra, High Education Pressin China, 2004.
[12] Z. Wan, Geometry of Classical Group over Finite Field, SciencePress in Beijing, New York, NY, USA, 2002.
Submit your manuscripts athttp://www.hindawi.com
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttp://www.hindawi.com
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Journal of
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
CombinatoricsHindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
International Journal of
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
The Scientific World JournalHindawi Publishing Corporation http://www.hindawi.com Volume 2014
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttp://www.hindawi.com
Volume 2014
Hindawi Publishing Corporationhttp://www.hindawi.com Volume 2014
Stochastic AnalysisInternational Journal of