Universal Hashing and Multiple Authentication

Atıcı, Mustafa; Stinson, Douglas R.

doi:10.1007/3-540-68697-5_2

Cited by 31 publications

(50 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition to secrecy, we also need to ensure authenticity of the communication between the components. We observe that this can be done easily using information-theoretic MAC schemes based on universalhashing [33,3]. Roughly, each pair of components will maintain rolling MAC keys that are only used Θ(1) times.…”

Section: From Ocl + To Ldsmentioning

confidence: 99%

“…3 Then, "prove" to HW that indeed e = Eval pk (Ĉ, U s,v ). In case HW is "convinced", it decrypts C (v) = Dec sk (e) and returns the result to the evaluator.…”

Section: The Constructionmentioning

confidence: 99%

“…We therefore show how to realize secure communication channels over insecure networks in a leakage-resilient manner. This construction, which uses noncommitting encryption [12] and information theoretic MACs (e.g., [33,3]), is the main technical novelty in the current work. See Section 1.4.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Program Obfuscation with Leaky Hardware

Bitansky

Canetti

Goldwasser

et al. 2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We consider general program obfuscation mechanisms using "somewhat trusted" hardware devices, with the goal of minimizing the usage of the hardware, its complexity, and the required trust. Specifically, our solution has the following properties:(i) The obfuscation remains secure even if all the hardware devices in use are leaky. That is, the adversary can obtain the result of evaluating any function on the local state of the device, as long as this function has short output. In addition the adversary also controls the communication between the devices.(ii) The number of hardware devices used in an obfuscation and the amount of work they perform are polynomial in the security parameter independently of the obfuscated function's complexity.(iii) A (universal) set of hardware components, owned by the user, is initialized only once and from that point on can be used with multiple "software-based" obfuscations sent by different vendors.

show abstract

Section: From Ocl + To Ldsmentioning

confidence: 99%

“…3 Then, "prove" to HW that indeed e = Eval pk (Ĉ, U s,v ). In case HW is "convinced", it decrypts C (v) = Dec sk (e) and returns the result to the evaluator.…”

Section: The Constructionmentioning

confidence: 99%

See 1 more Smart Citation

Program Obfuscation with Leaky Hardware

Bitansky

Canetti

Goldwasser

et al. 2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…A complexity-theoretical secure MAC for multiple use can easily be obtained from the unconditionally secure by changing the key part zi by the output of a pseudo random function, see for example [2]. Recently, in [11] a new method for multiple authentication was proposed. This method does not use a refreshed key part and, hence, it does not require the z~ (called counter in [11]) for multiple authentication.…”

Section: A Multiple Message Macmentioning

confidence: 99%

“…Recently, in [11] a new method for multiple authentication was proposed. This method does not use a refreshed key part and, hence, it does not require the z~ (called counter in [11]) for multiple authentication. Consequently there is no problem if one or several messages are lost during transmission.…”

Section: A Multiple Message Macmentioning

confidence: 99%

Fast message authentication using efficient polynomial evaluation

Afanassiev

Gehrmann

Smeets

1997

Fast Software Encryption

View full text Add to dashboard Cite

Abstract. Message authentication codes (MACs) using polynomial evaluation have the advantage of requiring a very short key even for very large messages. We describe a low complexity software polynomial evaluation procedure, that for large message sizes gives a MAC that has about the same low software complexity as for bucket hashing but requires only small keys and has better security characteristics.Key words: Message authentication, universal hash functions, polynomial evaluation, software MAC generation. IntroductionThe verification of the authenticity of a text document or a datafile is one of the main applications of cryptographic techniques. A common used technique for this purpose is the application of a message authentication code (MAC). Basically we have two users called the sender S (or signer) and the verifier V. S and V share a secret random key string and a publicly known MAC. The MAC maps a message string to a shorter, so called, tag string. The sender calculates the tag corresponding to the message string and the shared secret key string and sends the message to V together with the tag. V accepts a received message if the received tag is the same as the tag for the received message and the secret key. A good MAC is designed to make it hard for an adversary to send own messages or substitute observed messages by new ones, without being detected by the receiver. Usually one distinguishes between so called unconditionally secure, computationally secure, and provable secure authentication codes, [1, page 392]. Codes belonging to the first category are codes for which the security of the MAC is independent of the computational power of the adversary. The security of these codes is expressed in the probability of success of an deception attack. A MAC is called computationally secure if the adversary is faced with the difficulty that all known

show abstract

Homomorphic authentication codes for network coding

Tang

2013

Concurrency and Computation

View full text Add to dashboard Cite

Summary Authentication codes (A‐codes) are a well studied technique to provide unconditionally secure authentication. An A‐code is defined by a map that associates a pair formed by a message and a key to a tag. A‐codes linear in the keys have been studied for application to distributed authentication schemes. In this paper, we address the dual question, which is the study of A‐codes that are linear in the messages. This is usually an undesired property, except in the context of network coding. Regarding these A‐codes, we derive some lower bounds on security parameters when key space is known. We also show a lower bound on key size when security parameter values are given (with some special properties) and construct some codes meeting the bound. We finally present a variant of these codes that authenticate multiple messages with the same key while preserving unconditional security. Copyright © 2013 John Wiley & Sons, Ltd.

show abstract

Universal Hashing and Multiple Authentication

Abstract: Abstract. In this paper, we study unconditionally secure codes that provide authentication without secrecy.

Cited by 31 publications

References 10 publications

Program Obfuscation with Leaky Hardware

Program Obfuscation with Leaky Hardware

Fast message authentication using efficient polynomial evaluation

Homomorphic authentication codes for network coding

Contact Info

Product

Resources

About