Sciweavers

CRYPTO
2006
Springer

Tight Bounds for Unconditional Authentication Protocols in the Manual Channel and Shared Key Models

14 years 4 months ago
Tight Bounds for Unconditional Authentication Protocols in the Manual Channel and Shared Key Models
We address the message authentication problem in two seemingly different communication models. In the first model, the sender and receiver are connected by an insecure channel and by a low-bandwidth auxiliary channel, that enables the sender to "manually" authenticate one short message to the receiver (for example, by typing a short string or comparing two short strings). We consider this model in a setting where no computational assumptions are made, and prove that for any 0 < < 1 there exists a log n-round protocol for authenticating n-bit messages, in which only 2 log(1/ )+O(1) bits are manually authenticated, and any adversary (even computationally unbounded) has probability of at most to cheat the receiver into accepting a fraudulent message. Moreover, we develop a proof technique showing that our protocol is essentially optimal by providing a lower bound of 2 log(1/ ) - O(1) on the required length of the manually authenticated string. The second model we consider...
Moni Naor, Gil Segev, Adam Smith
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2006
Where CRYPTO
Authors Moni Naor, Gil Segev, Adam Smith
Comments (0)