Y. Desmedt and M. Yung. Arbitrated unconditionally secure authentication can be unconditionally protected against arbiter's attack, Lecture Notes in Computer Science 537, 177--188 (CRYPTO '90 Proceedings).  Home/Search   Document Not in Database   Summary   Related Articles   Check

....an attacker floods the receiver with bogus packets supposedly containing a signature. Since signature verification is often computationally expensive, the receiver is overwhelmed verifying bogus signatures. Researchers proposed information theoretically secure broadcast authentication mechanisms [10, 11, 12, 13, 20, 34, 35, 36]. These protocols have a high overhead in large groups with many receivers. Canetti et al. construct a broadcast authentication protocol based on k different keys to authenticate every message with k different MAC s [7] Every receiver knows m keys and can hence verify m MAC s. The keys are ....

Y. Desmedt and M. Yung. Arbitrated unconditionally secure authentication can be unconditionally protected against arbiter's attacks. In pages 177--188, 1991.

....In this paper, we present combinatorial lower bounds on the cheating probabilities P I ; PS ; P T ; PR0 ; PR1 of A codes, both for A codes without secrecy and general A codes. The bounds for A codes without secrecy are all tight because there exixt A codes without secrecy [13, 12, 14] which meet al..l the bounds with equalities. We also show two kinds of combinatorial lower bounds on the sizes of keys jER j and jE T j of A codes without secrecy. The first one is tight for small size of source states. For large size of source states, the second one is more tight, but may not ....

....) where I(X ; Y ) denotes the mutual entropy of X and Y . 5 ER ffi E T = f(e; f) j Pr[T has e 2 E T and R has f 2 ER ] 0g Proposition 3.2 [12] jER j (P I PS P T ) jER ffi E T j (P I PS P T PR0 PR1 jE T j (P I PS PR0 PR1 3.4 Known A Let q be a prime power. 3.4. 1 Scheme 1 [13, 12] In this A E T = feg; e = e 1 ; e 2 ; e 3 ; e 4 ) ER = ffg; f = f 1 ; f 2 ; f 3 ) where e 1 ; e 2 ; e 3 ; e 4 2 GF (q) f 1 ; f 2 ; f 3 2 GF (q) and e 3 = f 1 e 1 f 3 ; e 4 = f 2 e 2 f 3 : For a source state s 2 GF (q) T sends a message m such that m = e(s) s; e 1 se 2 ; e 3 ....

Y. Desmedt and M. Yung. "Arbitrated unconditionally secure authenticaiton can be unconditioally protected against arbiter's attack ". In Proc. of Crypto'90, Lecture Notes in Computer Science, LNCS 537, Springer Verlag, pages 177--188, 1990.

....a transmission phase during which the transmitter uses its key to produce a codeword and finally a dispute phase during which disputes are resolved with the aid of the arbiter. The arbiter in Simmons model is active during the transmission phase and is assumed to be trustworthy. Yung and Desmedt [83] remove this assumption and consider a model in which the arbiter is only trusted to resolve disputes. Johansson [35] and Kurosawa [39] derive lower bounds on the probability of deception in such codes. Johansson [36] and Taylor [73] propose constructions. 2.7 Shared generation of authenticators ....

M. Yung and Y. Desmedt. Arbitrated unconditionally secure authentication can be unconditionally protected against arbiter's attack. Proc. Crypto'90, LNCS Vol. 537, SpringerVerlag, Berlin, 1990, pp. 177-188.

....2 codes. Combinatorial lower bounds on the sizes of keys jER j and 2 jE T j of A 2 codes are automatically obtained by combining our bounds with the bounds given by T. Johansson [10] Our bounds for A 2 codes without secrecy are all tight because there exist A 2 codes without secrecy [7, 10, 8] which meet al..l the bounds with equalities. Next, we show that there exists an upper bound on jSj if the equalities of these bounds are all satisfied, where S denotes the set of source states (plaintexts) Then for larger jSj than this upper bound, we derive more tight lower bounds on the sizes of ....

....inf I(ET ;M 0 jER;M) P T 2 Gamma inf I(ER ;MjET ) where I(X ; Y ) denotes the mutual entropy of X and Y . Proposition 6 [10] jER j (P I PSP T ) Gamma1 ; jER ffi E T j (P I PSP T PR0 PR1 ) Gamma1 ; jE T j (P I PSPR0 PR1 ) Gamma1 : 3.3. Known A 2 codes 3.3.1. Scheme 1 [7, 10] Over GF (q) let e 2 E T and f 2 ER be e = e 1 ; e 2 ; e 3 ; e 4 ) f = f 1 ; f 2 ; f 3 ) such that e 3 = f 1 e 1 f 3 ; e 4 = f 2 e 2 f 3 : For a source state s 2 GF (q) T sends a message m = s; a 1 ; a 2 ) such that a 1 = e 1 se 2 ; a 2 = e 3 se 4 to R. R accepts m = s; a 1 ; a ....

Y. Desmedt and M. Yung. "Arbitrated unconditionally secure authentication can be unconditionally protected against arbiter's attack ". In Proc. of Crypto'90, Lecture Notes in Computer Science, LNCS 537, Springer Verlag, pages 177--188, 1990.

....and the receiver from impersonation and substitution attacks of an opponent [1 8] In the model of authenticaiton codes [1 8] the opponent is infinitely powerful. Therefore, digital signatures cannot be used. For authenticaiton codes, see [15] too. Broadcast authentication was introduced by [10] (see pp.185) In broadcast authentication, a transmitter broadcasts v messages e 1 (s) Delta Delta Delta ; e v (s) and authenticates a source state s to all n receivers. An obvious solution is that the transmitter gives each receiver R i its own key e i and transmits an individually ....

Y. Desmedt and M.Yung, "Arbitrated unconditionally secure authentication can be unconditionally protected against arbiter's attacks.", Proceedings of CRYPTO 90, Lecture Notes in Computer Science 537, SpringerVerlag, pp.177-188 (1991)

....In this paper, we present combinatorial lower bounds on the cheating probabilities P I ; PS ; P T ; PR0 ; PR1 of A 2 codes, both for A 2 codes without secrecy and general A 2 codes. The bounds for A 2 codes without secrecy are all tight because there exixt A 2 codes without secrecy [13, 12, 14] which meet al..l the bounds with equalities. We also show two kinds of combinatorial lower bounds on the sizes of keys jER j and jE T j of A 2 codes without secrecy. The first one is tight for small size of source states. For large size of source states, the second one is more tight, but may not ....

....entropy of X and Y . Let ER ffi E T 4 = f(e; f) j Pr[T has e 2 E T and R has f 2 ER ] 0g Proposition 3.2 [12] jER j (P I PS P T ) Gamma1 jER ffi E T j (P I PS P T PR0 PR1 ) Gamma1 jE T j (P I PS PR0 PR1 ) Gamma1 3.4 Known A 2 codes Let q be a prime power. 3.4. 1 Scheme 1 [13, 12] In this A 2 code, E T = feg; e = e 1 ; e 2 ; e 3 ; e 4 ) ER = ffg; f = f 1 ; f 2 ; f 3 ) where e 1 ; e 2 ; e 3 ; e 4 2 GF (q) f 1 ; f 2 ; f 3 2 GF (q) and e 3 = f 1 e 1 f 3 ; e 4 = f 2 e 2 f 3 : For a source state s 2 GF (q) T sends a message m such that m = e(s) s; e 1 se ....

Y. Desmedt and M. Yung. "Arbitrated unconditionally secure authenticaiton can be unconditioally protected against arbiter's attack ". In Proc. of Crypto'90, Lecture Notes in Computer Science, LNCS 537, Springer Verlag, pages 177--188, 1990.

No context found.

Y. Desmedt and M. Yung. Arbitrated unconditionally secure authentication can be unconditionally protected against arbiter's attack, Lecture Notes in Computer Science 537, 177--188 (CRYPTO '90 Proceedings).

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC