Coding Theorems for Secret - Key Authentication Systems ∗

This paper provides the Shannon theoretic coding theorems on the success probabilities of the impersonation attack and the substitution attack against secret-key authentication systems. Though there are many studies that develop lower bounds on the success probabilities, their tight upper bounds are rarely discussed. This paper characterizes the tight upper bounds in an extended secret-key authentication system that includes blocklength K and permits the decoding error probability tending to zero as K → ∞. In the extended system an encoder encrypts K source outputs to K cryptograms under K keys and transmits K cryptograms to a decoder through a public channel in the presence of an opponent. The decoder judges whether K cryptograms received from the public channel are legitimate or not under K keys shared with the encoder. It is shown that 2−KI(W ;E) is the minimal attainable upper bound of the success probability of the impersonation attack, where I(W ;E) denotes the mutual information between a cryptogram W and a key E. In addition, 2−KH(E|W ) is proved to be the tight upper bound of the probability that the opponent can correctly guess K keys from transmitted K cryptograms, where H(E|W ) denotes the conditional entropy of E given W . key words: authentication, impersonation attack, substitution