In this paper, we present a new family of fountain codes which overcome adversarial errors. That is, we consider the possibility that some portion of the arriving packets of a rateless erasure code are corrupted in an undetectable fashion. In practice, the corrupted packets may be attributed to a portion of the communication paths which are controlled by an adversary or to a portion of the sources that are malicious. The presented codes resemble and extend LT and Raptor codes. Yet, their benefits over existing coding schemes are manifold. First, to overcome the corrupted packets, our codes use information theoretic techniques, rather than cryptographic primitives. Thus, no secret channel between the senders and the receivers is required. Second, the encoders in the suggested scheme are oblivious to the strength of the adversary, yet perform as if its strength was known in advance. Third, the sparse structure of the codes facilitates efficient decoding. Finally, the codes easily fit a decentralized scenario with several sources, when no communication between the sources is allowed. We present both exhaustive as well as efficient decoding rules. Beyond the obvious use as a rateless codes, our codes have important applications in distributed computing.
Modern erasure codes allow efficient encoding and decoding schemes for use in a wide range of applications. Recent schemes include digital fountain codes [2], Raptor codes [13] and LT codes [7]. These codes are rateless erasure codes, in the sense that the encoder produces a practically infinite stream of packets, such that the original data can be efficiently decoded from any sufficiently large subset. These codes allow linear time encoding and decoding, with high probability.
Nevertheless, to the best of our knowledge, such codes are only resilient to lossy channels, where packets may be lost but not arbitrarily corrupted. As a consequence, such solutions cannot cope with Byzantine channels, where an adversary may arbitrarily change packets; for instance, when communication is done over parallel paths and some paths are under the control of an adversary. Such attacks cannot be attended to using standard error correcting codes. Consider, for example, a Raptor code, where encoded packets are sent in order to transfer a message.
Each packet sent is further encoded by using an error correcting code. Consider an adversary which corrupts a single packet and the packet’s error correction padding, such that the error correcting code does not identify the packet as a corrupted packet. This corrupted packet may well prevent the receiver from correctly decoding the entire original message.
In this work, we design and analyze novel erasure codes which are capable of withstanding malicious packet corruption. Our coding scheme resemble LT codes, yet are information theoretic secure (in a sense to be rigorously defined).
Corruption resilient fountain codes have numerous applications. We present here but a few.
Erasure coding. Consider a Peer-to-Peer system, where a user would like to receive some content. To alleviate the load on any single Peer, the content may be mirrored at several peers. On the other hand, to maximize bandwidth usage, the user should be able to receive parts of the content from several mirrors in parallel. Erasure codes, and in particular digital fountain codes, give rise to a simple solution to this problem; each mirror locally, and independently, generates packets and sends them to the user. Alas, the system described above is very sensitive to Byzantine peers; when even one of the mirrors intentionally corrupts packets, the receiver will never be able to reconstruct the requested content. A more robust solution is to use the corruption resilient fountain codes derived herein, such that a constant fraction of Byzantine mirrors can be tolerated.
Shared value. Consider a group of sensors which receive and record global inputs. The inputs may be from a control and command entity, such as a satellite, or a natural event that the sensors sense. The sensors wish to store such inputs (or some global history) for later retrieval. Assume the initially shared value x includes k bits. We wish to reduce the storage requirements at each sensor, such that each sensor will only need to store a fraction of the k bits. We require that no communication takes place during the initial stage, so that each sensor generates its own encoded (short) share of x independently of other sensors.
The sensors may communicate later to reconstruct x from the stored shares. Moreover, the solution should be robust against a constant fraction of Byzantine sensors, where a Byzantine sensor may introduce arbitrary information into the system.
Corruption resilient fountain codes can be used to solve the shared value problem. We present a randomized scheme in which shared data is efficiently recorded with no communication among the sensors. Note that, in some cases, it is also possible to update the encoded data without decoding (e.g. [6]).
The current literature includes several different strategies for coping with Byzantine adversaries, both in erasure coding and network coding scenarios. A common approach to overcome Byzantine adversaries when implementing erasure codes is to check each received packet against a pre-computed hash value, to verify the integrity of the packet. When using fixed rate codes, the sender can pre-compute the hash value of each possible packet and publish this hash collection in a secure location. The receiver first retrieves this pre-computed hash collection and verifies each packet against the packet’s hash as the packet arrives. The hash is a one way function and, therefore, when the adversary is computationally limited, the adversary cannot introduce another packet with the same hash. However, when using rateless codes, such techniques are not feasible; as there is practically an infinite number of different packets, there is no efficient way to pre-compute the hash value of each possible packet and send these hashes to the receiver. Furthermore, inherent to to hashing technique is secure publication of the hashes. The sender must devise a way to securely transfer hashes to the receiver, say, by
This content is AI-processed based on open access ArXiv data.
