status-im
/
codex-research
mirror of https://github.com/status-im/codex-research.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

add initial summary of Falcon Code paper (#78) 

* add initial summary of Falcon Code paper

Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>

* fix formatting

Signed-off-by: Csaba Kiraly <csaba.kiraly@gmail.com>
This commit is contained in:
Csaba Kiraly 2022-06-09 01:34:36 +02:00 committed by GitHub
parent 8e64f85f17
commit 3276360ce9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
papers/Falcon_Codes_Fast_Authenticated_LT_Codes/README.md Normal file
View File

@ -0,0 +1,38 @@
# Falcon Codes
## Authors
- Ari Juels
- James Kelley
- Roberto Tamassia
- Nikos Triandopoulos
## DOI
https://doi.org/10.1145/2810103.2813728.
## Bibliography entry
Juels, Ari, James Kelley, Roberto Tamassia, and Nikos Triandopoulos. Falcon Codes: Fast, Authenticated LT Codes (Or: Making Rapid Tornadoes Unstoppable). In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 103247. CCS 15. New York, NY, USA: Association for Computing Machinery, 2015. https://doi.org/10.1145/2810103.2813728.
## Summary
The paper addresses the problem of **adversarial erasures** in case of **non-MDS codes**, in a **private coding setting**.
LT-codes, and their derivatives (RaptorQ, etc.) are known to provide fast(even linear-time) encode and decode both asymptotically and in practice, and are useful both as large block codes and as rateless codes. However, their guarantees are w.h.p only, while minimum code distance can be small in practice. This means that adversarial erasure patterns exist that can eliminate the advantages of an otherwise strong redundancy. Falcon codes aim to solve this by hiding the coding pattern. Note that this hiding can only work in a private setting, where there is a shared secret between encoder and decoder.
### Main ideas
The main idea is to:
- Take an LT encoder, which already uses and RNG to pick from a random degree distribution when generating bipartite coding graph.
- Employ a PRG parametrised by a secret to make the random coding graph secret.
- Encoding is now using a secret graph, but since encoding is done using XOR, it would be easy to infer the graph by observing segments. Protect this by adding a layer of encryption over segments.
- Optionally add a MAC to convert corruptions to erasure.
### Other ideas
Other ideas in the paper include:
- reduce MAC overhead: batching MACs amplifies error but reduces overhead.
- Scalability (FalconS): original Falcon needs access to all segments. Change this by applying Falcon in `b` blocks. This improves encoder locality but introduces adversarial erasure. Thus, apply a random permutation over all parity symbols over all blocks to avoid the adversarial erasures.
- Rateless (FalconR): split original to `b` blocks, and set up a different Falcon for each, but do not encode yet. Then, generate the next parity symbol by one of the `b` Falcon encoders, randomly selecting which one to use.
There is also a whole section dedicated to the use of Falcon in PoR …. this needs further study.