Combinatorial characterizations of authentication codes in verification oracle model

We consider unconditionally secure authentication codes where the adversary has access to a verification oracle that when presented with a message query gives a response of 1 or 0 if the query corresponds to an authenticated message or not, respectively.We define two types of attack, offline and online, and their two corresponding games. We define the advantage of the adversary in each game and obtain a lower bound on the maximum advantage when the adversary plays his optimal strategy. For each game, authentication codes that satisfy the lower bounds with equality are said to provide perfect protection and guarantee the minimum success chance for the attacker in the corresponding game. We prove that an optimal code for the offline attack is also an optimal code for the online attack. In both cases, we prove that perfect protection of order i implies perfect protection of order j for j < i and derive a lower bound on the number of keys for an optimal code. Finally we show that the encoding matrix of codes with perfect protection of order i and minimum number of keys correspond to a Steiner system.

[1]  Douglas R. Stinson,et al.  Combinatorial characterizations of authentication codes , 1991, Des. Codes Cryptogr..

[2]  J. L. Massey,et al.  Cryptography ― a selective survey , 1986 .

[3]  Dingyi Pei Information-theoretic bounds for authentication codes and block designs , 2004, Journal of Cryptology.

[4]  Andrea Sgarro,et al.  Informational Divergence Bounds for Authentication Codes , 1990, EUROCRYPT.

[5]  Mihir Bellare,et al.  The Power of Verification Queries in Message Authentication and Authenticated Encryption , 2004, IACR Cryptol. ePrint Arch..

[6]  Reihaneh Safavi-Naini,et al.  Bounds on authentication systems in query model , 2005, IEEE Information Theory Workshop on Theory and Practice in Information-Theoretic Security, 2005..

[7]  Moti Yung,et al.  General Group Authentication Codes and Their Relation to "Unconditionally-Secure Signatures" , 2004, Public Key Cryptography.

[8]  Ute Rosenbaum A lower bound on authentication after having observed a sequence of messages , 2004, Journal of Cryptology.

[9]  Douglas R. Stinson,et al.  The combinatorics of authentication and secrecy codes , 2005, Journal of Cryptology.

[10]  Andrea Sgarro,et al.  Information-Theoretic Bounds for Authentication Frauds , 1992, J. Comput. Secur..

[11]  Douglas R. Stinson,et al.  Combinatorial Characterizations of Authentication Codes II , 1992, Des. Codes Cryptogr..

[12]  Douglas R. Stinson Some Constructions and Bounds for authentication Codes , 1986, CRYPTO.

[13]  Gustavus J. Simmons,et al.  Authentication Theory/Coding Theory , 1985, CRYPTO.

[14]  F. MacWilliams,et al.  Codes which detect deception , 1974 .

[15]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..