-
Hindawi Publishing CorporationJournal of Applied
MathematicsVolume 2013, Article ID 320392, 7
pageshttp://dx.doi.org/10.1155/2013/320392
Research ArticleA New Construction of Multisender Authentication
Codes fromPolynomials over Finite Fields
Xiuli Wang
College of Science, Civil Aviation University of China, Tianjin
300300, China
Correspondence should be addressed to Xiuli Wang;
[email protected]
Received 3 February 2013; Accepted 7 April 2013
Academic Editor: Yang Zhang
Copyright © 2013 Xiuli Wang. This is an open access article
distributed under the Creative Commons Attribution License,
whichpermits unrestricted use, distribution, and reproduction in
any medium, provided the original work is properly cited.
Multisender authentication codes allow a group of senders to
construct an authenticated message for a receiver such that
thereceiver can verify the authenticity of the received message. In
this paper, we construct one multisender authentication code
frompolynomials over finite fields. Some parameters and the
probabilities of deceptions of this code are also computed.
1. Introduction
Multisender authentication code was firstly constructed
byGilbert et al. [1] in 1974. Multisender authentication
systemrefers towho a groupof senders, cooperatively send amessageto
a receiver; then the receiver should be able to ascertainthat the
message is authentic. About this case, many scholarsand researchers
had made great contributions to multisenderauthentication codes,
such as [2–6].
In the actual computer network communications, mul-tisender
authentication codes include sequential model andsimultaneous
model. Sequential model is that each senderuses his own encoding
rules to encode a source state orderly,the last sender sends the
encoded message to the receiver,and the receiver receives
themessage and verifies whether themessage is legal or not.
Simultaneousmodel is that all sendersuse their own encoding rules
to encode a source state, andeach sender sends the encoded message
to the synthesizer,respectively; then the synthesizer forms an
authenticatedmessage and verifies whether the message is legal or
not. Inthis paper, we will adopt the second model.
In a simultaneous model, there are four participants: agroup of
senders 𝑈 = {𝑈
1, 𝑈2, . . . , 𝑈
𝑛}, the key distribution
center, he is responsible for the key distribution to sendersand
receiver, including solving the disputes between them, areceiver 𝑅,
and a synthesizer, where he only runs the trustedsynthesis
algorithm. The code works as follows: each senderand receiver has
their own Cartesian authentication code,
respectively. Let (𝑆, 𝐸𝑖, 𝑇𝑖; 𝑓𝑖) (𝑖 = 1, 2, . . . , 𝑛) be the
senders’
Cartesian authentication code, (𝑆, 𝐸𝑅, 𝑇; 𝑔) be the
receiver’s
Cartesian authentication code, ℎ : 𝑇1× 𝑇2× ⋅ ⋅ ⋅ × 𝑇
𝑛→
𝑇 be the synthesis algorithm, and 𝜋𝑖
: 𝐸 → 𝐸𝑖be a
subkey generation algorithm, where 𝐸 is the key set of thekey
distribution center. When authenticating a message, thesenders and
the receiver should comply with the protocol.The key distribution
center randomly selects an encodingrule 𝑒 ∈ 𝐸 and sends 𝑒
𝑖= 𝜋𝑖(𝑒) to the 𝑖th sender 𝑈
𝑖(𝑖 =
1, 2, . . . , 𝑛), secretly; then he calculates 𝑒𝑅by 𝑒 according
to
an effective algorithm and secretly sends 𝑒𝑅to the receiver
𝑅. If the senders would like to send a source state 𝑠 to
thereceiver 𝑅, 𝑈
𝑖computes 𝑡
𝑖= 𝑓𝑖(𝑠, 𝑒𝑖) (𝑖 = 1, 2, . . . , 𝑛) and
sends 𝑚𝑖= (𝑠, 𝑡
𝑖) (𝑖 = 1, 2, . . . , 𝑛) to the synthesizer through
an open channel. The synthesizer receives the message 𝑚𝑖=
(𝑠, 𝑡𝑖) (𝑖 = 1, 2, . . . , 𝑛) and calculates 𝑡 = ℎ(𝑡
1, 𝑡2, . . . , 𝑡
𝑛) by the
synthesis algorithm ℎ and then sends message 𝑚 = (𝑠, 𝑡) tothe
receiver; he checks the authenticity by verifying whether𝑡 = 𝑔(𝑠,
𝑒
𝑅) or not. If the equality holds, the message is
authentic and is accepted. Otherwise, the message is rejected.We
assume that the key distribution center is credible, and
though he know the senders’ and receiver’s encoding rules,
hewill not participate in any communication activities.
Whentransmitters and receiver are disputing, the key
distributioncenter settles it. At the same time, we assume that the
systemfollows the Kerckhoff principle in which, except the
actualused keys, the other information of the whole system
ispublic.
-
2 Journal of Applied Mathematics
In a multisender authentication system, we assume thatthe whole
senders are cooperative to form a valid message;that is, all
senders as a whole and receiver are reliable. Butthere are some
malicious senders who together cheat thereceiver; the part of
senders and receiver are not credible, andthey can take
impersonation attack and substitution attack.In the whole system,
we assume that {𝑈
1, 𝑈2, . . . , 𝑈
𝑛} are
senders, 𝑅 is a receiver, 𝐸𝑖is the encoding rules set of the
sender 𝑈𝑖, and 𝐸
𝑅is the decoding rules set of the receiver
𝑅. If the source state space 𝑆 and the key space 𝐸𝑅of
receiver
𝑅 are according to a uniform distribution, then the
messagespace𝑀 and the tag space𝑇 are determined by the
probabilitydistribution of 𝑆 and 𝐸
𝑅. 𝐿 = {𝑖
1, 𝑖2, . . . , 𝑖
𝑙} ⊂ {1, 2, . . . , 𝑛},
𝑙 < 𝑛, 𝑈𝐿
= {𝑈𝑖1
, 𝑈𝑖2
, . . . , 𝑈𝑖𝑙
}, 𝐸𝐿
= {𝐸𝑈𝑖1
, 𝐸𝑈𝑖2
, . . . , 𝐸𝑈𝑖𝑙
}.Now consider that let us consider the attacks from
maliciousgroups of senders. Here, there are two kinds of
attack.
The opponent’s impersonation attack to receiver:𝑈𝐿, after
receiving their secret keys, encode a message and send it tothe
receiver. 𝑈
𝐿are successful if the receiver accepts it as
legitimate message. Denote by 𝑃𝐼the largest probability of
some opponent’s successful impersonation attack to receiver;it
can be expressed as
𝑃𝐼= max𝑚∈𝑀
{
{𝑒𝑅 ∈ 𝐸𝑅 | 𝑒𝑅 ⊂ 𝑚}
𝐸𝑅
} . (1)
The opponent’s substitution attack to the receiver: 𝑈𝐿
replace 𝑚 with another message 𝑚, after they observe
alegitimatemessage𝑚.𝑈
𝐿are successful if the receiver accepts
it as legitimate message; it can be expressed as
𝑃𝑆= max𝑚∈𝑀
{
max𝑚̸= 𝑚∈𝑀
{𝑒𝑅∈ 𝐸𝑅| 𝑒𝑅⊂ 𝑚,𝑚
}
{𝑒𝑅 ∈ 𝐸𝑅 | 𝑒𝑅 ⊂ 𝑚}
} . (2)
There might be 𝑙 malicious senders who together cheatthe
receiver; that is, the part of senders and the receiverare not
credible, and they can take impersonation attack.Let 𝐿 = {𝑖
1, 𝑖2, . . . , 𝑖
𝑙} ⊂ {1, 2, . . . , 𝑛}, 𝑙 < 𝑛 and 𝐸
𝐿=
{𝐸𝑈𝑖1
, 𝐸𝑈𝑖2
, . . . , 𝐸𝑈𝑖𝑙
}. Assume that 𝑈𝐿
= {𝑈𝑖1
, 𝑈𝑖2
, . . . , 𝑈𝑖𝑙
},after receiving their secret keys, send a message 𝑚 to
thereceiver 𝑅;𝑈
𝐿are successful if the receiver accepts it as legiti-
mate message. Denote by 𝑃𝑈(𝐿) the maximum probability of
success of the impersonation attack to the receiver. It can
beexpressed as
𝑃𝑈(𝐿)
=max𝑒𝐿∈𝐸𝐿
max𝑒𝐿∈𝑒𝑈
{max𝑚∈𝑀
{𝑒𝑅∈𝐸𝑅 | 𝑒𝑅⊂𝑚, 𝑝 (𝑒𝑅, 𝑒𝑃) ̸=0}
{𝑒𝑅 ∈ 𝐸𝑅 | 𝑝 (𝑒𝑅, 𝑒𝑃) ̸=0}
} .
(3)
Notes.𝑝(𝑒𝑅, 𝑒𝑃) ̸= 0 implies that any information 𝑠 encoded
by
𝑒𝑇can be authenticated by 𝑒
𝑅.
In [2], Desmedt et al. gave two constructions for MRA-codes
based on polynomials and finite geometries, respec-tively. To
construct multisender or multireceiver authenti-cation by
polynomials over finite fields, many researchershave done much
work, for example, [7–9]. There are other
constructions of multisender authentication codes that aregiven
in [3–6]. The construction of authentication codesis combinational
design in its nature. We know that thepolynomial over finite fields
can provide a better algebrastructure and is easy to count. In this
paper, we constructone multisender authentication code from the
polynomialover finite fields. Some parameters and the probabilities
ofdeceptions of this code are also computed. We realize
thegeneralization and the application of the similar idea andmethod
of the paper [7–9].
2. Some Results about Finite Field
Let 𝐹𝑞be the finite field with 𝑞 elements, where 𝑞 is a
power
of a prime 𝑝 and 𝐹 is a field containing 𝐹𝑞; denote by 𝐹∗
𝑞be
the nonzero elements set of 𝐹𝑞. In this paper, we will use
the
following conclusions over finite fields.
Conclusion 1. A generator 𝛼 of 𝐹∗𝑞
is called a primitiveelement of 𝐹
𝑞.
Conclusion 2. Let 𝛼 ∈ 𝐹𝑞; if some polynomials contain 𝛼 as
their root and their leading coefficient are 1 over 𝐹𝑞, then
the
polynomial having least degree among all such polynomialsis
called a minimal polynomial over 𝐹
𝑞.
Conclusion 3. Let |𝐹| = 𝑞𝑛, then 𝐹 is an 𝑛-dimensionalvector
space over 𝐹
𝑞. Let 𝛼 be a primitive element of 𝐹
𝑞
and 𝑔(𝑥) the minimal polynomial about 𝛼 over 𝐹𝑞; then
dim𝑔(𝑥) = 𝑛 and 1, 𝛼, 𝛼2, . . . , 𝛼𝑛−1 is a basis of 𝐹.
Further-more, 1, 𝛼, 𝛼2, . . . , 𝛼𝑛−1 is linear independent, and it
is equalto 𝛼, 𝛼2, . . . , 𝛼𝑛−1, 𝛼𝑛 (𝛼 is a primitive element, 𝛼 ̸=
0) is alsolinear independent; moreover, 𝛼𝑝, 𝛼𝑝
2
, . . . , 𝛼𝑝𝑛−1
, 𝛼𝑝𝑛
is alsolinear independent.
Conclusion 4. Consider (𝑥1+ 𝑥2+ ⋅ ⋅ ⋅ + 𝑥
𝑛)𝑚
= (𝑥1)𝑚
+
(𝑥2)𝑚
+ ⋅ ⋅ ⋅ + (𝑥𝑛)𝑚, where 𝑥
𝑖∈ 𝐹𝑞, (1 ≤ 𝑖 ≤ 𝑛) and 𝑚 is a
nonnegative power of character 𝑝 of 𝐹𝑞.
Conclusion 5. Let𝑚 ≤ 𝑛. Then, the number of𝑚×𝑛matricesof rank𝑚
over 𝐹
𝑞is 𝑞𝑚(𝑚−1)/2∏𝑛
𝑖=𝑛−𝑚+1(𝑞𝑖− 1).
More results about finite fields can be found in [10–12].
3. Construction
Let the polynomial 𝑝𝑗(𝑥) = 𝑎
𝑗1𝑥𝑝𝑛
+ 𝑎𝑗2𝑥𝑝(𝑛−1)
+ ⋅ ⋅ ⋅ +
𝑎𝑗𝑛𝑥𝑝(1 ≤ 𝑗 ≤ 𝑘), where the coefficient 𝑎
𝑖𝑙∈ 𝐹𝑞,
(1 ≤ 𝑙 ≤ 𝑛), and these vectors by the composition of
theircoefficient are linearly independent. The set of source
states𝑆 = 𝐹
𝑞; the set of 𝑖th transmitter’s encoding rules 𝐸
𝑈𝑖
=
{𝑝1(𝑥𝑖), 𝑝2(𝑥𝑖), . . . , 𝑝
𝑘(𝑥𝑖), 𝑥𝑖
∈ 𝐹∗
𝑞} (1 ≤ 𝑖 ≤ 𝑛); the set
of receiver’s encoding rules 𝐸𝑅
= {𝑝1(𝛼), 𝑝2(𝛼), . . . , 𝑝
𝑘(𝛼),
where 𝛼 is a primitive element of 𝐹𝑞}; the set of 𝑖th
transmit-
ter’s tags 𝑇𝑖= {𝑡𝑖| 𝑡𝑖∈ 𝐹𝑞} (1 ≤ 𝑖 ≤ 𝑛); the set of
receiver’s
tags 𝑇 = {𝑡 | 𝑡 ∈ 𝐹𝑞}.
-
Journal of Applied Mathematics 3
Define the encoding map 𝑓𝑖: 𝑆 × 𝐸
𝑈𝑖
→ 𝑇𝑖, 𝑓𝑖(𝑠, 𝑒𝑈𝑖
) =
𝑠𝑝1(𝑥𝑖) + 𝑠2𝑝2(𝑥𝑖) + ⋅ ⋅ ⋅ + 𝑠
𝑘𝑝𝑘(𝑥𝑖), 1 ≤ 𝑖 ≤ 𝑛.
The decoding map 𝑓 : 𝑆 × 𝐸𝑅
→ 𝑇, 𝑓(𝑠, 𝑒𝑅) = 𝑠𝑝
1(𝛼) +
𝑠2𝑝2(𝛼) + ⋅ ⋅ ⋅ + 𝑠
𝑘𝑝𝑘(𝛼).
The synthesizing map ℎ : 𝑇1× 𝑇2× ⋅ ⋅ ⋅ × 𝑇
𝑛→ 𝑇,
ℎ(𝑡1, 𝑡2, . . . , 𝑡
𝑛) = 𝑡1+ 𝑡2+ ⋅ ⋅ ⋅ + 𝑡
𝑛.
The code works as follows.Assume that 𝑞 is larger than, or equal
to, the number of
the possible message and 𝑛 ≤ 𝑞.
3.1. Key Distribution. The key distribution center
randomlygenerates 𝑘 (𝑘 ≤ 𝑛) polynomials 𝑝
1(𝑥), 𝑝2(𝑥), . . . , 𝑝
𝑘(𝑥),
where 𝑝𝑗(𝑥) = 𝑎
𝑗1𝑥𝑝𝑛
+ 𝑎𝑗2𝑥𝑝(𝑛−1)
+ ⋅ ⋅ ⋅ + 𝑎𝑗𝑛𝑥𝑝(1 ≤ 𝑗 ≤ 𝑘),
and make these vectors by composed of their coefficient
islinearly independent, it is equivalent to the column vectors
of the matrix (
𝑎11𝑎21⋅⋅⋅ 𝑎𝑘1
𝑎12𝑎22⋅⋅⋅ 𝑎𝑘2
............
𝑎1𝑛𝑎2𝑛⋅⋅⋅ 𝑎𝑘𝑛
) is linearly independent. He
selects 𝑛 distinct nonzero elements 𝑥1, 𝑥2, . . . , 𝑥
𝑛∈ 𝐹𝑞again
and makes 𝑥𝑖(1 ≤ 𝑖 ≤ 𝑛) secret; then he sends privately
𝑝1(𝑥𝑖), 𝑝2(𝑥𝑖), . . . , 𝑝
𝑘(𝑥𝑖) to the sender 𝑈
𝑖(1 ≤ 𝑖 ≤ 𝑛). The
key distribution center also randomly chooses a primitiveelement
𝛼 of 𝐹
𝑞satisfying 𝑥
1+ 𝑥2+ ⋅ ⋅ ⋅ + 𝑥
𝑛= 𝛼 and sends
𝑝1(𝛼), 𝑝2(𝛼), . . . , 𝑝
𝑘(𝛼) to the receiver 𝑅.
3.2. Broadcast. If the senderswant to send a source state 𝑠 ∈
𝑆to the receiver 𝑅, the sender 𝑈
𝑖calculates 𝑡
𝑖= 𝑓𝑖(𝑠, 𝑒𝑈𝑖
) =
𝐴𝑠(𝑥𝑖) = 𝑠𝑝
1(𝑥𝑖)+𝑠2𝑝2(𝑥𝑖)+ ⋅ ⋅ ⋅+𝑠
𝑘𝑝𝑘(𝑥𝑖), 1 ≤ 𝑖 ≤ 𝑛 and then
sends 𝐴𝑠(𝑥𝑖) = 𝑡𝑖to the synthesizer.
3.3. Synthesis. After the synthesizer receives 𝑡1, 𝑡2, . . . ,
𝑡
𝑛, he
calculates ℎ(𝑡1, 𝑡2, . . . , 𝑡
𝑛) = 𝑡1+ 𝑡2+ ⋅ ⋅ ⋅ + 𝑡
𝑛and then sends
𝑚 = (𝑠, 𝑡) to the receiver 𝑅.
3.4. Verification. When the receiver 𝑅 receives 𝑚 = (𝑠, 𝑡),
hecalculates 𝑡 = 𝑔(𝑠, 𝑒
𝑅) = 𝐴
𝑠(𝛼) = 𝑠𝑝
1(𝛼) + 𝑠
2𝑝2(𝛼) + ⋅ ⋅ ⋅ +
𝑠𝑘𝑝𝑘(𝛼). If 𝑡 = 𝑡, he accepts 𝑡; otherwise, he rejects it.Next,
we will show that the above construction is a well
defined multisender authentication code with arbitration.
Lemma 1. Let 𝐶𝑖= (𝑆, 𝐸
𝑃𝑖
, 𝑇𝑖, 𝑓𝑖); then the code is an A-code,
1 ≤ 𝑖 ≤ 𝑛.
Proof. (1) For any 𝑒𝑈𝑖
∈ 𝐸𝑈𝑖
, 𝑠 ∈ 𝑆, because 𝐸𝑈𝑖
= {𝑝1(𝑥𝑖),
𝑝2(𝑥𝑖), . . . , 𝑝
𝑘(𝑥𝑖), 𝑥𝑖∈ 𝐹∗
𝑞}, so 𝑡
𝑖= 𝑠𝑝1(𝑥𝑖) + 𝑠2𝑝2(𝑥𝑖) + ⋅ ⋅ ⋅ +
𝑠𝑘𝑝𝑘(𝑥𝑖) ∈ 𝑇𝑖= 𝐹𝑞. Conversely, for any 𝑡
𝑖∈ 𝑇𝑖, choose 𝑒
𝑈𝑖
=
{𝑝1(𝑥𝑖), 𝑝2(𝑥𝑖), . . . , 𝑝
𝑘(𝑥𝑖), 𝑥𝑖∈ 𝐹∗
𝑞}, where 𝑝
𝑗(𝑥) = 𝑎
𝑗1𝑥𝑝𝑛
+
𝑎𝑗2𝑥𝑝(𝑛−1)
+ ⋅ ⋅ ⋅ + 𝑎𝑗𝑛𝑥𝑝(1 ≤ 𝑗 ≤ 𝑘), and let 𝑡
𝑖= 𝑓𝑖(𝑠, 𝑒𝑈𝑖
) =
𝑠𝑝1(𝑥𝑖) + 𝑠2𝑝2(𝑥𝑖) + ⋅ ⋅ ⋅ + 𝑠
𝑘𝑝𝑘(𝑥𝑖); it is equivalent to
(𝑥𝑝𝑛
𝑖, 𝑥𝑝𝑛−1
𝑖, . . . , 𝑥
𝑝
𝑖)(
𝑎11
𝑎21
⋅ ⋅ ⋅ 𝑎𝑘1
𝑎12
𝑎22
⋅ ⋅ ⋅ 𝑎𝑘2
......
......
𝑎1𝑛
𝑎2𝑛
⋅ ⋅ ⋅ 𝑎𝑘𝑛
)(
𝑠
𝑠2
...𝑠𝑘
) = 𝑡𝑖.
(4)
It follows that
(
(
𝑥𝑝𝑛
1𝑥𝑝𝑛−1
1⋅ ⋅ ⋅ 𝑥𝑝
1
𝑥𝑝n
2𝑥𝑝𝑛−1
2⋅ ⋅ ⋅ 𝑥𝑝
2
......
......
𝑥𝑝𝑛
𝑛𝑥𝑝𝑛−1
𝑛⋅ ⋅ ⋅ 𝑥𝑝
𝑛
)
)
× (
𝑎11
𝑎21
⋅ ⋅ ⋅ 𝑎𝑘1
𝑎12
𝑎22
⋅ ⋅ ⋅ 𝑎𝑘2
......
......
𝑎1𝑛
𝑎2𝑛
⋅ ⋅ ⋅ 𝑎𝑘𝑛
)(
𝑠
𝑠2
...𝑠𝑘
) = (
𝑡1
𝑡2
...𝑡𝑛
).
(5)
Denote
𝐴 = (
𝑎11
𝑎21
⋅ ⋅ ⋅ 𝑎𝑘1
𝑎12
𝑎22
⋅ ⋅ ⋅ 𝑎𝑘2
......
......
𝑎1𝑛
𝑎2𝑛
⋅ ⋅ ⋅ 𝑎𝑘𝑛
),
𝑋 = (
𝑥𝑝𝑛
1𝑥𝑝𝑛−1
1⋅ ⋅ ⋅ 𝑥𝑝
1
𝑥𝑝𝑛
2𝑥𝑝𝑛−1
2⋅ ⋅ ⋅ 𝑥𝑝
2
......
......
𝑥𝑝𝑛
𝑛𝑥𝑝𝑛−1
𝑛⋅ ⋅ ⋅ 𝑥𝑝
𝑛
),
𝑆 = (
𝑠
𝑠2
...𝑠𝑘
), 𝑡 = (
𝑡1
𝑡2
...𝑡𝑛
).
(6)
The above linear equation is equivalent to 𝑋𝐴𝑆 = 𝑡,because the
column vectors of 𝐴 are linearly independent,𝑋 is equivalent to a
Vandermonde matrix, and 𝑋 is inverse;therefore, the above linear
equation has a unique solution, so𝑠 is only defined; that is, 𝑓
𝑖(1 ≤ 𝑖 ≤ 𝑛) is a surjection.
(2) If 𝑠 ∈ 𝑆 is another source state satisfying 𝑠𝑝1(𝑥𝑖) +
𝑠2𝑝2(𝑥𝑖)+⋅ ⋅ ⋅+𝑠
𝑘𝑝𝑘(𝑥𝑖) = 𝑠𝑝1(𝑥𝑖)+𝑠2𝑝2(𝑥𝑖)+⋅ ⋅ ⋅+𝑠
𝑘𝑝𝑘(𝑥𝑖) =
𝑡𝑖, and it is equivalent to (𝑠 − 𝑠)𝑝
1(𝑥𝑖) + (𝑠2− 𝑠2)𝑝2(𝑥𝑖) + ⋅ ⋅ ⋅ +
(𝑠𝑘− 𝑠𝑘)𝑝𝑘(𝑥𝑖) = 0, then
(𝑥𝑝𝑛
𝑖, 𝑥𝑝𝑛−1
𝑖, . . . , 𝑥
𝑝
𝑖)
× (
𝑎11
𝑎21
⋅ ⋅ ⋅ 𝑎𝑘1
𝑎12
𝑎22
⋅ ⋅ ⋅ 𝑎𝑘2
......
......
𝑎1𝑛
𝑎2𝑛
⋅ ⋅ ⋅ 𝑎𝑘𝑛
)(
𝑠 − 𝑠
𝑠2− 𝑠2
...𝑠𝑘− 𝑠𝑘
) = 0.
(7)
-
4 Journal of Applied Mathematics
Thus
(
(
𝑥𝑝𝑛
1𝑥𝑝𝑛−1
1⋅ ⋅ ⋅ 𝑥𝑝
1
𝑥𝑝n
2𝑥𝑝𝑛−1
2⋅ ⋅ ⋅ 𝑥𝑝
2
......
......
𝑥𝑝𝑛
𝑛𝑥𝑝𝑛−1
𝑛⋅ ⋅ ⋅ 𝑥𝑝
𝑛
)
)
× (
𝑎11
𝑎21
⋅ ⋅ ⋅ 𝑎𝑘1
𝑎12
𝑎22
⋅ ⋅ ⋅ 𝑎𝑘2
......
......
𝑎1𝑛
𝑎2𝑛
⋅ ⋅ ⋅ 𝑎𝑘𝑛
)(
𝑠 − 𝑠
𝑠2− 𝑠2
...𝑠𝑘− 𝑠𝑘
) = (
0
0
...0
).
(8)
Similar to (1), we know that the homogeneous linear equation𝑋𝐴𝑆
= 0 has a unique solution; that is, there is only zerosolution, so
𝑠 = 𝑠. So, 𝑠 is the unique source state determinedby 𝑒𝑈𝑖
and 𝑡𝑖; thus, 𝐶
𝑖(1 ≤ 𝑖 ≤ 𝑛) is an A-code.
Lemma 2. Let 𝐶 = (𝑆, 𝐸𝑅, 𝑇, 𝑔); then the code is an A-code.
Proof. (1) For any 𝑠 ∈ 𝑆, 𝑒𝑅∈ 𝐸𝑅, from the definition of 𝑒
𝑅,
we assume that 𝐸𝑅
= {𝑝1(𝛼), 𝑝2(𝛼), . . . , 𝑝
𝑘(𝛼), where 𝛼 is a
primitive element of 𝐹𝑞}, 𝑔(𝑠, 𝑒
𝑅) = 𝑠𝑝
1(𝛼) + 𝑠
2𝑝2(𝛼) + ⋅ ⋅ ⋅ +
𝑠𝑘𝑝𝑘(𝛼) ∈ 𝑇 = 𝐹
𝑞; on the other hand, for any 𝑡 ∈ 𝑇, choose
𝑒𝑅= {𝑝1(𝛼), 𝑝2(𝛼), . . . , 𝑝
𝑘(𝛼), where 𝛼 is a primitive element
of 𝐹𝑞}, 𝑔(𝑠, 𝑒
𝑅) = 𝑠𝑝
1(𝛼) + 𝑠
2𝑝2(𝛼) + ⋅ ⋅ ⋅ + 𝑠
𝑘𝑝𝑘(𝛼) = 𝑡; it is
equivalent to
(𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, ⋅ ⋅ ⋅ , 𝛼𝑝)
× (
𝑎11
𝑎21
⋅ ⋅ ⋅ 𝑎𝑘1
𝑎12
𝑎22
⋅ ⋅ ⋅ 𝑎𝑘2
......
......
𝑎1𝑛
𝑎2𝑛
⋅ ⋅ ⋅ 𝑎𝑘𝑛
)(
𝑠
𝑠2
...𝑠𝑘
) = 𝑡,
𝐴 = (
𝑎11
𝑎21
⋅ ⋅ ⋅ 𝑎𝑘1
𝑎12
𝑎22
⋅ ⋅ ⋅ 𝑎𝑘2
......
......
𝑎1𝑛
𝑎2𝑛
⋅ ⋅ ⋅ 𝑎𝑘𝑛
);
(9)
that is, (𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)𝐴(
𝑠
𝑠2
...𝑠𝑘
) = 𝑡. From Conclusion
3, we know that (𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝) is linearly independent
and the column vectors of 𝐴 are also linearly
independent;therefore, the above linear equation has unique
solution, so 𝑠is only defined; that is, 𝑔 is a surjection.
(2) If 𝑠 is another source state satisfying 𝑡 = 𝑔(𝑠, 𝑒𝑅),
then
(𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)𝐴(
𝑠
𝑠2
...𝑠𝑘
)
= (𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)𝐴(
𝑠
𝑠2
...𝑠𝑘
);
(10)
that is, (𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)𝐴(
[[
[
𝑠
𝑠2
...𝑠𝑘
]]
]
− [
[
𝑠
𝑠2
...𝑠𝑘
]
]
) = 0. Sim-
ilar to (1), we get that the homogeneous linear equation(𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)𝐴(𝑆− 𝑆) = 0 has a unique solution; that
is, there is only zero solution, so 𝑆 = 𝑆; that is, 𝑠 = 𝑠. So,𝑠
is the unique source state determined by 𝑒
𝑅and 𝑡; thus,
𝐶 = (𝑆, 𝐸𝑅, 𝑇, 𝑔) is an A-code.
At the same time, for any valid𝑚 = (𝑠, 𝑡), we have knownthat 𝛼 =
𝑥
1+ 𝑥2+ ⋅ ⋅ ⋅ + 𝑥
𝑛, and it follows that 𝑡 = 𝑠𝑝
1(𝛼) +
𝑠2𝑝2(𝛼)+⋅ ⋅ ⋅+𝑠
𝑘𝑝𝑘(𝛼) = 𝑠𝑝
1(𝑥1+𝑥2+⋅ ⋅ ⋅+𝑥
𝑛)+𝑠2𝑝2(𝑥1+𝑥2+
⋅ ⋅ ⋅ + 𝑥𝑛) + ⋅ ⋅ ⋅ + 𝑠
𝑘𝑝𝑘(𝑥1+ 𝑥2+ ⋅ ⋅ ⋅ + 𝑥
𝑛). We also have known
that 𝑝𝑗(𝑥) = 𝑎
𝑗1𝑥𝑝𝑛
+𝑎𝑗2𝑥𝑝(𝑛−1)
+ ⋅ ⋅ ⋅ + 𝑎𝑗𝑛𝑥𝑝(1 ≤ 𝑗 ≤ 𝑘); from
Conclusion 4, (𝑥1+ 𝑥2+ ⋅ ⋅ ⋅ + 𝑥
𝑛)𝑝𝑚
= (𝑥1)𝑝𝑚
+ (𝑥2)𝑝𝑚
+ ⋅ ⋅ ⋅ +
(𝑥𝑛)𝑝𝑚
, where𝑚 is a nonnegative power of character 𝑝 of 𝐹𝑞,
andwe get𝑝𝑗(𝑥1+𝑥2+⋅ ⋅ ⋅+𝑥
𝑛) = 𝑝𝑗(𝑥1)+𝑝𝑗(𝑥2)+⋅ ⋅ ⋅+𝑝
𝑗(𝑥𝑛);
therefore, 𝑡 = 𝑠𝑝1(𝛼) + 𝑠
2𝑝2(𝛼) + ⋅ ⋅ ⋅ + 𝑠
𝑘𝑝𝑘(𝛼) = (𝑠𝑝
1(𝑥1) +
𝑠2𝑝2(𝑥1)+⋅ ⋅ ⋅+𝑠
𝑘𝑝𝑘(𝑥1))+(𝑠𝑝
1(𝑥2)+𝑠2𝑝2(𝑥2)+⋅ ⋅ ⋅+𝑠
𝑘𝑝𝑘(𝑥2))+
⋅ ⋅ ⋅+(𝑠𝑝1(𝑥𝑛)+𝑠2𝑝2(𝑥𝑛)+ ⋅ ⋅ ⋅+𝑠
𝑘𝑝𝑘(𝑥𝑛)) = 𝑡1+𝑡2+⋅ ⋅ ⋅+𝑡
𝑛= 𝑡,
and the receiver 𝑅 accepts𝑚.
From Lemmas 1 and 2, we know that such construction
ofmultisender authentication codes is reasonable and there are𝑛
senders in this system. Next, we compute the parametersof this code
and the maximum probability of success inimpersonation attack and
substitution attack by the group ofsenders.
Theorem 3. Some parameters of this construction are|𝑆| = 𝑞,
|𝐸
𝑈𝑖
| = [𝑞𝑘(𝑘−1)/2
∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖− 1)] (
𝑞−1
1) =
[𝑞𝑘(𝑘−1)/2
∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖− 1)](𝑞 − 1) (1 ≤ 𝑖 ≤ 𝑛), |𝑇
𝑖| = 𝑞 (1 ≤
𝑖 ≤ 𝑛), |𝐸𝑅| = [𝑞
𝑘(𝑘−1)/2∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖− 1)]𝜑(𝑞 − 1), |𝑇| = 𝑞.
Where 𝜑(𝑞 − 1) is the 𝐸𝑢𝑙𝑒𝑟 𝑓𝑢𝑛𝑐𝑡𝑖𝑜𝑛 of 𝑞 − 1, it representsthe
number of primitive element of 𝐹
𝑞here.
Proof. For |𝑆| = 𝑞, |𝑇𝑖| = 𝑞, and |𝑇| = 𝑞, the results
are straightforward. For𝐸𝑈𝑖
, because𝐸𝑈𝑖
={𝑝1(𝑥𝑖), 𝑝2(𝑥𝑖), . . . ,
𝑝𝑘(𝑥𝑖), 𝑥𝑖∈ 𝐹∗
𝑞}, where 𝑝
𝑗(𝑥) = 𝑎
𝑗1𝑥𝑝𝑛
+ 𝑎𝑗2𝑥𝑝(𝑛−1)
+ ⋅ ⋅ ⋅ +
𝑎𝑗𝑛𝑥𝑝(1 ≤ 𝑗 ≤ 𝑘), and these vectors by the composition of
their coefficient are linearly independent, it is equivalent
to
the columns of 𝐴 = (
𝑎11𝑎21⋅⋅⋅ 𝑎𝑘1
𝑎12𝑎22⋅⋅⋅ 𝑎𝑘2
............
𝑎1𝑛𝑎2𝑛⋅⋅⋅ 𝑎𝑘𝑛
) is linear independent.
-
Journal of Applied Mathematics 5
From Conclusion 5, we can conclude that the number of
𝐴satisfying the condition is 𝑞𝑘(𝑘−1)/2∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖− 1). On the
other hand, the number of distinct nonzero elements 𝑥𝑖(1 ≤
𝑖 ≤ 𝑛) in 𝐹𝑞is ( 𝑞−11
) = 𝑞 − 1, so |𝐸𝑈𝑖
| = [𝑞𝑘(𝑘−1)/2
∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖−
1)](𝑞 − 1). For 𝐸𝑅, 𝐸𝑅
= {𝑝1(𝛼), 𝑝2(𝛼), . . . , 𝑝
𝑘(𝛼), where 𝛼
is a primitive element of 𝐹𝑞}. For 𝛼, from Conclusion 1, a
generator of𝐹∗𝑞is called a primitive element of𝐹
𝑞, |𝐹∗𝑞| = 𝑞−1;
by the theory of the group, we know that the number ofgenerator
of 𝐹∗
𝑞is 𝜑(𝑞−1); that is, the number of 𝛼 is 𝜑(𝑞−1).
For 𝑝1(𝑥), 𝑝2(𝑥), . . . , 𝑝
𝑘(𝑥). From above, we have confirmed
that the number of these polynomials is 𝑞𝑘(𝑘−1)/2∏𝑛𝑖=𝑛−𝑘+1
(𝑞𝑖−
1); therefore, |𝐸𝑅| = [𝑞
𝑘(𝑘−1)/2∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖− 1)]𝜑(𝑞 − 1).
Lemma 4. For any 𝑚 ∈ 𝑀, the number of 𝑒𝑅contained 𝑚 is
𝜑(𝑞 − 1).
Proof. Let 𝑚 = (𝑠, 𝑡) ∈ 𝑀, 𝑒𝑅
= {𝑝1(𝛼), 𝑝2(𝛼), . . . , 𝑝
𝑘(𝛼),
where 𝛼 is a primitive element of 𝐹𝑞} ∈ 𝐸
𝑅. If 𝑒𝑅
⊂ 𝑚,then 𝑠𝑝
1(𝛼) + 𝑠
2𝑝2(𝛼) + ⋅ ⋅ ⋅ + 𝑠
𝑘𝑝𝑘(𝛼) = 𝑡 ⇔ (𝛼
𝑝𝑛
, 𝛼𝑝𝑛−1
,
. . . , 𝛼𝑝)𝐴(
𝑠
𝑠2
...𝑠𝑘
) = 𝑡. For any 𝛼, suppose that there is
another 𝐴 such that (𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)𝐴(
𝑠
𝑠2
...𝑠𝑘
) = 𝑡,
then (𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)(𝐴 − 𝐴
)(
𝑠
𝑠2
...𝑠𝑘
) = 0, because
𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝 is linearly independent, so (𝐴−𝐴)(
𝑠
𝑠2
...𝑠𝑘
) =
0, but (
𝑠
𝑠2
...𝑠𝑘
) is arbitrarily; therefore, 𝐴 − 𝐴 = 0; that is,
𝐴 = 𝐴, and it follows that 𝐴 is only determined by 𝛼.
Therefore, as 𝛼 ∈ 𝐸𝑅, for any given 𝑠 and 𝑡, the number of
𝑒𝑅contained in𝑚 is 𝜑(𝑞 − 1).
Lemma 5. For any𝑚 = (𝑠, 𝑡) ∈ 𝑀 and𝑚 = (𝑠, 𝑡) ∈ 𝑀 with𝑠 ̸= 𝑠, the
number of 𝑒
𝑅contained𝑚 and𝑚 is 1.
Proof. Assume that 𝑒𝑅
= {𝑝1(𝛼), 𝑝2(𝛼), . . . , 𝑝
𝑘(𝛼), where
𝛼 is a primitive element of 𝐹𝑞} ∈ 𝐸
𝑅. If 𝑒𝑅
⊂ 𝑚 and𝑒𝑅
⊂ 𝑚, then 𝑠𝑝
1(𝛼) + 𝑠
2𝑝2(𝛼) + ⋅ ⋅ ⋅ + 𝑠
𝑘𝑝𝑘(𝛼) = 𝑡 ⇔
(𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)𝐴(
𝑠
𝑠2
...𝑠𝑘
) = 𝑡, 𝑠𝑝1(𝛼) + 𝑠
2𝑝2(𝛼) + ⋅ ⋅ ⋅ +
𝑠𝑘𝑝𝑘(𝛼) = 𝑡 ⇔ (𝛼
𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)𝐴(
𝑠
𝑠2
...𝑠𝑘
) = 𝑡. It is
equivalent to (𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)𝐴(
𝑠−𝑠
𝑠2−𝑠2
...𝑠𝑘−𝑠𝑘
) = 𝑡 − 𝑡 because
𝑠 ̸= 𝑠, so 𝑡 ̸= 𝑡; otherwise, we assume that 𝑡 = 𝑡 and
since 𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝 and the column vectors of 𝐴 both
are linearly independent, it forces that 𝑠 = 𝑠; this is
acontradiction. Therefore, we get
(𝑡 − 𝑡)−1
[[[[
[
(𝛼𝑝𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)𝐴 (
𝑠 − 𝑠
𝑠2− 𝑠2
...𝑠𝑘− 𝑠𝑘
)
]]]]
]
= 1,
(∗)
since 𝑡, 𝑡 is given, (𝑡 − 𝑡)−1 is unique, by equation (∗),
forany given 𝑠, 𝑠 and 𝑡, 𝑡, we obtain that (𝛼𝑝
𝑛
, 𝛼𝑝𝑛−1
, . . . , 𝛼𝑝)𝐴 is
only determined; thus, the number of 𝑒𝑅contained𝑚 and𝑚
is 1.
Lemma6. For any fixed 𝑒𝑈= {𝑝1(𝑥𝑖), 𝑝2(𝑥𝑖), . . . , 𝑝
𝑘(𝑥𝑖), 𝑥𝑖∈
𝐹∗
𝑞} (1 ≤ 𝑖 ≤ 𝑛) containing a given 𝑒
𝐿, then the number of 𝑒
𝑅
which is incidence with 𝑒𝑈is 𝜑(𝑞 − 1).
Proof. For any fixed 𝑒𝑈
= {𝑝1(𝑥𝑖), 𝑝2(𝑥𝑖), . . . , 𝑝
𝑘(𝑥𝑖), 𝑥𝑖∈
𝐹∗
𝑞} (1 ≤ 𝑖 ≤ 𝑛) containing a given 𝑒
𝐿, we assume that
𝑝𝑗(𝑥𝑖) = 𝑎𝑗1𝑥𝑝𝑛
𝑖+𝑎𝑗2𝑥𝑝(𝑛−1)
𝑖+⋅ ⋅ ⋅+𝑎
𝑗𝑛𝑥𝑝
𝑖(1 ≤ 𝑗 ≤ 𝑘, 1 ≤ 𝑖 ≤ 𝑛),
𝑒𝑅= {𝑝1(𝛼), 𝑝2(𝛼), . . . , 𝑝
𝑘(𝛼), where 𝛼 is a primitive element
of 𝐹𝑞}. From the definitions of 𝑒
𝑅and 𝑒𝑈and Conclusion 4,
we can conclude that 𝑒𝑅is incidence with 𝑒
𝑈if and only if
𝑥1+ 𝑥2+ ⋅ ⋅ ⋅ + 𝑥
𝑛= 𝛼. For any 𝛼, since Rank(1, 1, . . . , 1) =
Rank(1, 1, . . . , 1, 𝛼) = 1 < 𝑛, so the equation𝑥1+𝑥2+⋅ ⋅
⋅+𝑥
𝑛=
𝛼 always has a solution. From the proof of Theorem 3, weknow the
number of 𝑒
𝑅which is incident with 𝑒
𝑈(i.e., the
number of all 𝐸𝑅) is [𝑞𝑘(𝑘−1)/2∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖− 1)] 𝜑(𝑞 − 1).
Lemma 7. For any fixed 𝑒𝑈= {𝑝1(𝑥𝑖), 𝑝2(𝑥𝑖), . . . , 𝑝
𝑘(𝑥𝑖), 𝑥𝑖∈
𝐹∗
𝑞} (1 ≤ 𝑖 ≤ 𝑛) containing a given 𝑒
𝐿and𝑚 = (𝑠, 𝑡), the num-
ber of 𝑒𝑅which is incidence with 𝑒
𝑈and contained in𝑚 is 1.
Proof. For any 𝑠 ∈ 𝑆, 𝑒𝑅
∈ 𝐸𝑅, we assume that 𝑒
𝑅=
{𝑝1(𝛼), 𝑝2(𝛼), . . . , 𝑝
𝑘(𝛼), where 𝛼 is a primitive element
of 𝐹𝑞}. Similar to Lemma 6, for any fixed 𝑒
𝑈=
{𝑝1(𝑥𝑖), 𝑝2(𝑥𝑖), . . . , 𝑝
𝑘(𝑥𝑖), 𝑥𝑖∈ 𝐹∗
𝑞}, (1 ≤ 𝑖 ≤ 𝑛) containing
a given 𝑒𝐿, we have known that 𝑒
𝑅is incident with 𝑒
𝑈if and
only if
𝑥1+ 𝑥2+ ⋅ ⋅ ⋅ + 𝑥
𝑛= 𝛼. (11)
Again, with 𝑒𝑅⊂ 𝑚, we can get
𝑠𝑝1(𝛼) + 𝑠
2𝑝2(𝛼) + ⋅ ⋅ ⋅ + 𝑠
𝑘𝑝𝑘(𝛼) = 𝑡. (12)
By (11) and (12) and the property of 𝑝𝑗(𝑥) (1 ≤ 𝑗 ≤ 𝑘), we
have the following conclusion:
𝑠𝑝1(
𝑛
∑
𝑖=1
𝑥𝑖) + 𝑠2𝑝2(
𝑛
∑
𝑖=1
𝑥𝑖) + ⋅ ⋅ ⋅ + 𝑠
𝑘𝑝𝑘(
𝑛
∑
𝑖=1
𝑥𝑖)
= 𝑡 ⇐⇒ (𝑝1(
𝑛
∑
𝑖=1
𝑥𝑖) , 𝑝2(
𝑛
∑
𝑖=1
𝑥𝑖) , . . . , 𝑝
𝑘(
𝑛
∑
𝑖=1
𝑥𝑖))
-
6 Journal of Applied Mathematics
× (
𝑠
𝑠2
...𝑠𝑘
)
= 𝑡 ⇐⇒ (
𝑛
∑
𝑖=1
𝑝1(𝑥𝑖) ,
𝑛
∑
𝑖=1
𝑝2(𝑥𝑖) , . . . ,
𝑛
∑
𝑖=1
𝑝𝑘(𝑥𝑖))(
𝑠
s2...𝑠𝑘
)
=𝑡⇐⇒( (
𝑛
∑
𝑖=1
𝑥𝑖)
𝑛
, (
𝑛
∑
𝑖=1
𝑥𝑖)
𝑛−1
, . . . , (
𝑛
∑
𝑖=1
𝑥𝑖))𝐴(
𝑠
𝑠2
...𝑠𝑘
)
= 𝑡 ⇐⇒ [(
𝑛
∑
𝑖=1
𝑝1(𝑥𝑖) ,
𝑛
∑
𝑖=1
𝑝2(𝑥𝑖) , . . . ,
𝑛
∑
𝑖=1
𝑝𝑘(𝑥𝑖))
−((
𝑛
∑
𝑖=1
𝑥𝑖)
𝑛
, (
𝑛
∑
𝑖=1
𝑥𝑖)
𝑛−1
, . . . , (
𝑛
∑
𝑖=1
𝑥𝑖))𝐴]
× (
𝑠
𝑠2
...𝑠𝑘
) = 0,
(13)
because 𝑠 is any given. Similar to the proof of Lemma 4,we can
get (∑𝑛
𝑖=1𝑝1(𝑥𝑖), ∑𝑛
𝑖=1𝑝2(𝑥𝑖), . . . , ∑
𝑛
𝑖=1𝑝𝑘(𝑥𝑖)) −
((∑𝑛
𝑖=1𝑥𝑖)𝑛,(∑𝑛𝑖=1
𝑥𝑖)𝑛−1
, . . . ,(∑𝑛
𝑖=1𝑥𝑖))𝐴=0; that is, ((∑𝑛
𝑖=1𝑥𝑖)𝑛
,
(∑𝑛
𝑖=1𝑥𝑖)𝑛−1
, . . . , (∑𝑛
𝑖=1𝑥𝑖))𝐴 = (∑
𝑛
𝑖=1𝑝1(𝑥𝑖), ∑𝑛
𝑖=1𝑝2(𝑥𝑖), . . . ,
∑𝑛
𝑖=1𝑝𝑘(𝑥𝑖)), but 𝑝
1(𝑥𝑖), 𝑝2(𝑥𝑖), . . . , 𝑝
𝑘(𝑥𝑖) and 𝑥
𝑖(1 ≤ 𝑖 ≤ 𝑛)
also are fixed; thus, 𝛼 and 𝐴are only determined, so thenumber
of 𝑒
𝑅which is incident with 𝑒
𝑈and contained in 𝑚
is 1.
Theorem 8. In the constructed multisender authenticationcodes,
if the senders’ encoding rules and the receiver’s decodingrules are
chosen according to a uniform probability distribu-tion, then the
largest probabilities of success for different typesof deceptions,
respectively, are
𝑃𝐼=
1
𝑞𝑘(𝑘−1)/2∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖 − 1)
,
𝑃𝑆=
1
𝜑 (𝑞 − 1),
𝑃𝑈(𝐿) =
1
[𝑞𝑘(𝑘−1)/2∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖 − 1)] 𝜑 (𝑞 − 1)
.
(14)
Proof. By Theorem 3 and Lemma 4, we get
𝑃𝐼= max𝑚∈𝑀
{
{𝑒𝑅 ∈ 𝐸𝑅 | 𝑒𝑅 ⊂ 𝑚}
𝐸𝑅
}
=𝜑 (𝑞 − 1)
[𝑞𝑘(𝑘−1)/2∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖 − 1)] 𝜑 (𝑞 − 1)
=1
𝑞𝑘(𝑘−1)/2∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖 − 1)
.
(15)
By Lemmas 4 and 5, we get
𝑃𝑆= max𝑚∈𝑀
{
max𝑚̸= 𝑚∈𝑀
{𝑒𝑅∈ 𝐸𝑅| 𝑒𝑅⊂ 𝑚,𝑚
}
{𝑒𝑅 ∈ 𝐸𝑅 | 𝑒𝑅 ⊂ 𝑚}
}
=1
𝜑 (𝑞 − 1).
(16)
By Lemmas 6 and 7, we get
𝑃𝑈(𝐿)
=max𝑒𝐿∈𝐸𝐿
max𝑒𝐿∈𝑒𝑈
{max𝑚∈𝑀
{𝑒𝑅 ∈ 𝐸𝑅 | 𝑒𝑅⊂𝑚, 𝑝 (𝑒𝑅, 𝑒𝑃) ̸=0}
{𝑒𝑅 ∈ 𝐸𝑅 | 𝑝 (𝑒𝑅, 𝑒𝑃) ̸=0}
}
=1
[𝑞𝑘(𝑘−1)/2∏𝑛
𝑖=𝑛−𝑘+1(𝑞𝑖 − 1)] 𝜑 (𝑞 − 1)
.
(17)
Acknowledgments
This paper is supported by the NSF of China (61179026)and the
Fundamental Research of the Central Universi-ties of China Civil
Aviation University of Science special(ZXH2012k003).
References
[1] E. N. Gilbert, F. J. MacWilliams, and N. J. A. Sloane,
“Codeswhich detect deception,”The Bell System Technical Journal,
vol.53, pp. 405–424, 1974.
[2] Y. Desmedt, Y. Frankel, and M. Yung,
“Multi-receiver/multi-sender network security: efficient
authenticated multicast/feedback,” in Proceedings of the the 11th
Annual Conference of theIEEEComputer andCommunications Societies
(Infocom ’92), pp.2045–2054, May 1992.
[3] K. Martin and R. Safavi-Naini, “Multisender
authenticationschemes with unconditional security,” in Information
and Com-munications Security, vol. 1334 of Lecture Notes in
ComputerScience, pp. 130–143, Springer, Berlin, Germany, 1997.
[4] W. Ma and X. Wang, “Several new constructions of
multitrasmitters authentication codes,” Acta Electronica Sinica,
vol.28, no. 4, pp. 117–119, 2000.
[5] G. J. Simmons, “Message authentication with arbitration
oftransmitter/receiver disputes,” in Advances in
Cryptology—EUROCRYPT ’87, Workshop on theTheory and Application of
ofCryptographic Techniques, vol. 304 of Lecture Notes in
ComputerScience, pp. 151–165, Springer, 1988.
[6] S. Cheng and L. Chang, “Two constructions of
multi-senderauthentication codes with arbitration based linear
codes to bepublished in ,”WSEAS Transactions on Mathematics, vol.
11, no.12, 2012.
-
Journal of Applied Mathematics 7
[7] R. Safavi-Naini and H. Wang, “New results on multi-receiver
authentication codes,” in Advances in Cryptology—EUROCRYPT ’98
(Espoo), vol. 1403 of Lecture Notes in Comput.Sci., pp. 527–541,
Springer, Berlin, Germany, 1998.
[8] R. Aparna and B. B. Amberker, “Multi-sender
multi-receiverauthentication for dynamic secure group
communication,”International Journal of Computer Science andNetwork
Security,vol. 7, no. 10, pp. 47–63, 2007.
[9] R. Safavi-Naini and H. Wang, “Bounds and constructions
formultireceiver authentication codes,” inAdvances in
cryptology—ASIACRYPT’98 (Beijing), vol. 1514 of Lecture Notes in
Comput.Sci., pp. 242–256, Springer, Berlin, Germany, 1998.
[10] S. Shen and L. Chen, Information and Coding Theory,
Sciencepress in China, 2002.
[11] J. J. Rotman, Advanced Modern Algebra, High Education
Pressin China, 2004.
[12] Z. Wan, Geometry of Classical Group over Finite Field,
SciencePress in Beijing, New York, NY, USA, 2002.
-
Submit your manuscripts athttp://www.hindawi.com
Hindawi Publishing Corporationhttp://www.hindawi.com Volume
2014
MathematicsJournal of
Hindawi Publishing Corporationhttp://www.hindawi.com Volume
2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttp://www.hindawi.com
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttp://www.hindawi.com Volume
2014
Probability and StatisticsHindawi Publishing
Corporationhttp://www.hindawi.com Volume 2014
Journal of
Hindawi Publishing Corporationhttp://www.hindawi.com Volume
2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttp://www.hindawi.com Volume
2014
OptimizationJournal of
Hindawi Publishing Corporationhttp://www.hindawi.com Volume
2014
CombinatoricsHindawi Publishing
Corporationhttp://www.hindawi.com Volume 2014
International Journal of
Hindawi Publishing Corporationhttp://www.hindawi.com Volume
2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttp://www.hindawi.com Volume
2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing
Corporationhttp://www.hindawi.com Volume 2014
International Journal of Mathematics and Mathematical
Sciences
Hindawi Publishing Corporationhttp://www.hindawi.com Volume
2014
The Scientific World JournalHindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Hindawi Publishing Corporationhttp://www.hindawi.com Volume
2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttp://www.hindawi.com Volume
2014
Hindawi Publishing Corporationhttp://www.hindawi.com Volume
2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttp://www.hindawi.com
Volume 2014
Hindawi Publishing Corporationhttp://www.hindawi.com Volume
2014
Stochastic AnalysisInternational Journal of
