Optimal coding for streaming authentication and interactive communication

Abstract

Error correction and message authentication are well studied in the literature, and various efficient solutions have been suggested and analyzed. This is however not the case for data streams in which the message is very long, possibly infinite, and not known in advance to the sender. Trivial solutions for error-correcting and authenticating data streams either suffer from a long delay at the receiver's end or cannot perform well when the communication channel is noisy. In this work we suggest a constant-rate error-correction scheme and an efficient authentication scheme for data streams over a noisy channel (one-way communication, no feedback) in the shared-randomness model. Our first scheme does not assume shared randomness and (non-efficiently) recovers a (1 - 2c)-fraction prefix of the stream sent so far, assuming the noise level is at most c < 1/2. The length of the recovered prefix is tight. To be able to overcome the c = 1/2 barrier we relax the model and assume the parties pre-share a secret key. Under this assumption we show that for any given noise rate c < 1, there exists a scheme that correctly decodes a (1 - c)-fraction of the stream sent so far with high probability, and moreover, the scheme is efficient. Furthermore, if the noise rate exceeds c, the scheme aborts with high probability. We also show that no constant-rate authentication scheme recovers more than a (1 - c)-fraction of the stream sent so far with non-negligible probability, thus the relation between the noise rate and recoverable fraction of the stream is tight, and our scheme is optimal. Our techniques also apply to the task of interactive communication (two-way communication) over a noisy channel. In a recent paper, Braverman and Rao [STOC 2011] show that any function of two inputs has a constant-rate interactive protocol for two users that withstands a noise rate up to 1/4. By assuming that the parties share a secret random string, we extend this result and construct an interactive protocol that succeeds with overwhelming probability against noise rates up to 1/2. We also show that no constant-rate protocol exists for noise rates above 1/2 for functions that require two-way communication. This is contrasted with our first result in which computing the "function" requires only one-way communication and the noise rate can go up to 1. © 2013 International Association for Cryptologic Research.