On the construction of digest functions for manual authentication protocols

نویسندگان

  • Long H. Nguyen
  • A. W. Roscoe
چکیده

A digest function is a sort of universal hash that takes a key and a message as its inputs. This paper will study these functions’ properties and design in the context of their application in manual authentication technology. Frequently a digest function needs to have a very short output (e.g. 16–32 bits) and no key is used to digest more than one message. These together with other characteristics represent a new kind of game played between an attacker and honest parties, which is very different from other authentication mechanisms, notably message authentication codes or MACs. Short digests can be constructed directly or by ”condensing” longer functions. We offer an improved method for the latter but concentrate mainly on direct constructions. We propose a digest algorithm which uses word multiplications to obtain a very fast implementation. This digest scheme enjoys strong and provable security properties, namely for a single-word or b-bit output digest function the collision probability is = 21−b on equal and arbitrarily length inputs. The scheme is related to the multiplicative universal hash function of Dietzfelbinger et al., and it improves on several well-studied and efficient universal hashing algorithms, including MMH and NH. 1 Motivation and contribution We investigate the design, construction and security of a new cryptographic primitive termed a digest function, whose specification arises from its use in manual authentication technology [4, 16, 27, 36, 37, 38, 39]. A digest function digest(k,m), which takes a key k and a message m, has similarities to both -balanced and -almost universal hash functions [26, 53]. However, the majority of uses of this function in practice require it to have a very short output (16–32 bits as in a password), and thus our constructions introduced here are designed to take advantage of this feature, namely this feature opens the way for efficient and parallelisable constructions as opposed to the cascade structure underlying many long-output (universal) hash functions. Although other similar cryptographic primitives such as short-output universal hash functions MMH [18] and NH [9] have been designed and used to build message authentication codes, we note that these short-output primitives are not often used on their own in cryptographic mechanisms. In this paper we will focus on the application and security properties of digest functions in manual authentication protocols, which use this function together with existing human trust and interactions to authenticate data without the need for PKI, shared private keys and passwords. Here is an example of how this technology works: for electronic

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Short-Output Universal Hash Functions and Their Use in Fast and Secure Data Authentication

Message authentication codes usually require the underlining universal hash functions to have a long output so that the probability of successfully forging messages is low enough for cryptographic purposes. To take advantage of fast operation on word-size parameters in modern processors, long-output universal hashing schemes can be securely constructed by concatenating several different instanc...

متن کامل

Short-output universal hash functions and their use in fast and secure message authentication

Message authentication codes usually require the underlining universal hash functions to have a long output so that the probability of successfully forging messages is low enough for cryptographic purposes. To take advantage of fast operation on word-size parameters in modern processors, long-output universal hashing schemes can be securely constructed by concatenating several instances of shor...

متن کامل

On a Construction of Short Digests for Authenticating Ad Hoc Networks

In pervasive ad-hoc networks, there is a need for devices to be able to communicate securely, despite the lack of apriori shared security associations and the absence of an infrastructure such as a PKI. Previous work has shown that through the use of short verification strings exchanged over manual authentication channels, devices can establish secret session keys. We examine a construction of ...

متن کامل

Process algebraic modeling of authentication protocols for analysis of parallel multi-session executions

Many security protocols have the aim of authenticating one agent acting as initiator to another agent acting as responder and vice versa. Sometimes, the authentication fails because of executing several parallel sessions of a protocol, and because an agent may play both the initiator and responder role in parallel sessions. We take advantage of the notion of transition systems to specify authen...

متن کامل

Authenticating ad hoc networks by comparison of short digests

We show how to design secure authentication protocols for a non-standard class of scenarios. In these authentication is not bootstrapped from a PKI, shared secrets or trusted third parties, but rather using a minimum of work by human user(s) implementing the low-bandwidth unspoofable channels between them. We develop both pairwise and group protocols which are essentially optimal in human effor...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IACR Cryptology ePrint Archive

دوره 2011  شماره 

صفحات  -

تاریخ انتشار 2011