Conference Paper

Tight Bounds for Unconditional Authentication Protocols in the Manual Channel and Shared Key Models.

Conference: Advances in Cryptology - CRYPTO 2006, 26th Annual International Cryptology Conference, Santa Barbara, California, USA, August 20-24, 2006, Proceedings
Source: DBLP

Full-text preview

Available from:
  • Source
    • "The comparison-based model that we consider here was first studied in [11] [12] [10], with a more general treatment appearing in [15]. Tight bounds for achieving information-theoretic security in this model were shown in [14]. The MA-DH protocol of [13] has many similarities to the Bluetooth v2.1 numeric comparison protocol analyzed in this paper. "

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: We address the message authentication problem in two seemingly different communication models. In the first model, the sender and receiver are connected by an insecure channel and by a low-bandwidth auxiliary channel, that enables the sender to “manually” authenticate one short message to the receiver (for example, by typing a short string or comparing two short strings). We consider this model in a setting where no computational assumptions are made, and prove that for any 0 < ε< 1 there exists a log* n-round protocol for authenticating n-bit messages, in which only 2 log(1 /ε) + O(1) bits are manually authenticated, and any adversary (even computationally unbounded) has probability of at most ε to cheat the receiver into accepting a fraudulent message. Moreover, we develop a proof technique showing that our protocol is essentially optimal by providing a lower bound of 2 log(1/ ε) – 6 on the required length of the manually authenticated string. The second model we consider is the traditional message authentication model. In this model the sender and the receiver share a short secret key; however, they are connected only by an insecure channel. Once again, we apply our proof technique, and prove a lower bound of 2 log(1/ ε) – 2 on the required Shannon entropy of the shared key. This settles an open question posed by Gemmell and Naor (CRYPTO ’93). Finally, we prove that one-way functions are essential (and sufficient) for the existence of protocols breaking the above lower bounds in the computational setting.
    Advances in Cryptology - CRYPTO 2006, 01/1970: pages 214-231;
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: We investigate unconditional security for message authentication protocols that are designed using two-channel cryptography. (Two-channel cryptography employs a broadband, insecure wireless channel and an authenticated, narrow-band manual channel at the same time.) We study both noninteractive message authentication protocols (NIMAPs) and interactive message authentication protocols (IMAPs) in this setting. First, we provide a new proof of nonexistence of nontrivial unconditionally secure NIMAPs. This proof consists of a combinatorial counting argument and is much shorter than the previous proof by Wang and Safavi-Naini, which was based on probability distribution arguments. We also prove a new result which holds in a weakened attack model. Further, we propose a generalization of an unconditionally secure 3-round IMAP due to Naor, Segev and Smith. The IMAP is based on two \epsilon-\Delta universal hash families. With a careful choice of parameters, our scheme improves that of Naor et al. Our scheme is very close to optimal for most parameter situations of practical interest. Finally, a variation of the 3-round IMAP is presented, in which only one hash family is required.
    Designs Codes and Cryptography 05/2010; 55(2-3). DOI:10.1007/s10623-009-9352-5 · 0.96 Impact Factor
Show more