# 计算机科学作业代写：Study On Computation Efficient Multicast Key Distribution

## 2.1 Maximum Distance Separable Codes

Maximum Distance Separable (MDS) codes are a class of error control codes that meet the Singleton bound. Letting GF (q) be a finite field with q elements , an (n; k) (block) error control code is then a mapping from GF (q)k to GF (q)n : E(m) = c, where m = m1m2 … mk is the original message block, c = c1c2 … cn is its code word block, and E(.) is an encoding function, with k &lt;= n. If a decoding function D(.) exists such that D(ci1 ci2 … cik ; i1; i2; . . . ; ik) = m for 1 &lt;= ij &lt;= n and 1 &lt;= j &lt;= k, then this code is called an (n; k) MDS code. For an (n; k) MDS code, the k original message symbols can be recovered from any k symbols of its code word block. The process of recovering the k message symbols is called erasure decoding. All the symbols are defined over GF (q), and usually, q = 2m. The well-known Reed-Solomon (RS) codes are a class of widely used MDS codes. Notably, the RS codes and other MDS codes can be used to construct secret-sharing and threshold schemes .

## 2.2 Description of the Basic Scheme

For a dynamic multicast group, a session key is issued by a GC. Using this session key, the GC can establish a secure multicast channel with the authorized group members. Every time group memberships change because of the join or leave of some group members, the GC reissues a new session key, which is independent of all the old session keys. This rekeying procedure ensures the security of the current session and that of the old sessions, i.e., the newly joined members cannot recover the communications of the old sessions, and those old members who left the group cannot access the current session. Thus, both the backward secrecy and the forward secrecy of group communication are maintained.

The complexity of the rekeying operation is asymmetric between a new member’s join and an old member’s leave. When a new member joins, the GC can easily multicast the new session key encrypted by the current session key to all the current members, followed by a uni-cast to the new member to send the new session key encrypted by a predetermined encryption key shared between the GC and the new member. Thus, join is easy, with low communication and computation cost. However, when an old member leaves, the current session key cannot be used to convey the new session key information securely, since it is also known to the old member. Thus, hereafter, we will focus on the rekeying operation for a single member leave. The same idea can easily be extended to other rekeying operations such as batch rekeying .

## 2.2.1 Group Controller Initialization

Initially, the GC constructs a nonsystematic (L; n) MDS code C over GF (q) and a secure one way hash function H(.) whose codomain is GF (q). (For a nonsystematic code, none of the original message block symbols directly appears in the corresponding code word block.) The domain of H(.) can be an arbitrary space F that is large enough so that H(.) has a secure one-way property: given any arbitrary y E GF (q), it is impossible or computationally hard to derive x E F such that H(x) = y.

## 2.2.2 Member Initial Join

Whenever a new member i is authorized to join the multicast group for the first time, the GC sends it (using a secure unicast) a pair (ji; si), where si is a random element in H(â‚ƒ)’s domain F , and ji is a positive integer satisfying ji not equal to jk for all k’s, where k is a current member of the multicast group. The pair (ji; si) will be used as member i’s seed key (denoted as Si) and is kept in the GC’s local database, as long as member i remains a potential member of the multicast group.