Authentication codes: An area where coding and cryptology meet
Among many applications of cryptography, the use of authentication schemes is of great practical importance. The purpose of authentication schemes ,  is to add proof to a message that the message is authentic, i.e. it was not sent by an imposter and it has not been altered on its way to the receiver. The imposter may replace an authenticated message by another message (substitution) or may just try to send his own message (impersonation). The aspect of secrecy could also be introduced here, but in many cases the receiver just wants to be sure that the message is genuine. Think for instance of offices that are communicating with each other.
An important distinction to be made is that between authentication schemes that are unconditionally secure and schemes that are based on certain complexity theoretic assumptions. It is the first category that will be the main topic of this paper. A common technique here is to append to a message a (relatively short) tail that depends in an essential way on every bit in the message and also on a key that is shared with the legitimate receiver.
Some well-known bounds on the probability of successful substitution and impersonation will be given. Further, a direct connection with the existence of error-correcting codes will be given. (This relation is not a direct one-to-one correspondence!) Interesting results have already been obtained in this way, but there is ample room for improvement. It is the purpose of this paper to make the reader acquainted with this area of research.
KeywordsAuthentication Scheme Message Authentication Code Authentication Code Successful Substitution Unconditional Security
Unable to display preview. Download preview PDF.
- 1.Bassalygo, L.A., Lower bounds for the probability of successful message deception, Probl. Inf. Trans., 29, No. 2, pp. 104–108, 1993.Google Scholar
- 3.Gilbert, E.N., F.J. MacWilliams, and N.J.A. Sloane, Codes which detect deception, Bell System Technical Journal, Vol. 53, pp. 405–424, 1974.Google Scholar
- 4.Johansson, T., G. Kabatianskii, and B. Smeets, On the relation between A-codes and codes correcting independent errors, Proceedings of Eurocrypt '93, pp. M1–10, 1993.Google Scholar
- 5.Johansson, T., A shift register of unconditionally secure authentication codes, Designs, Codes and Cryptography, Vol. 4, pp. 69–81, 1994.Google Scholar
- 6.Johansson, T., Contributions to unconditionally secure authentication, KF Sigma, Lund, 1994.Google Scholar
- 7.McEliece, R.J., The theory of information and coding, Encyclopedia of Math. and its Applications, Vol. 3, Addison-Wesley Publ. Comp., Reading, Mass., 1977.Google Scholar
- 9.Schneier, B., Applied Cryptography: Protocols, Algorithms, and Source Code in C, John Wiley & Sons, New York etc., 1994.Google Scholar
- 10.Simmons, G.J., A survey of information authentication, in Contemporary cryptology: the science of information integrity, G.J. Simmons, Ed., IEEE Press, New York, pp. 379–419, 1992.Google Scholar
- 11.van Tilborg, H.C.A., An introduction to cryptology, Kluwer Academic Publishers, Boston, etc., 1988.Google Scholar
- 12.van Tilborg, H.C.A., Coding theory, a first course, Chartwell Bratt Studentlitteratur, Lund, Sweden, 1993.Google Scholar