CryptoDB
Separating two roles of hashing in one-way message authentication
| Authors: | |
|---|---|
| Download: | |
| Abstract: | We analyse two new and related families of one-way authentication protocols, where a party wants to authenticate its public information to another. In the first, the objective is to do without shared passwords or a PKI, making use of low-bandwidth empirical/authentic channels where messages cannot be faked or modified. The analysis of these leads to a new security principle, termed separation of security concerns, under which protocols should be designed to tackle one-shot attacks and combinatorial search separately. This also leads us develop a new class of protocols for the case such as PKI where a relatively expensive signature mechanism exists. We demonstrate as part of this work that a popular protocol in the area, termed MANA I, neither optimises human effort nor offers as much security as had previously been believed. We offer a number of improved versions for MANA I that provides more security for half the empirical work, using a more general empirical channel. |
BibTeX
@misc{eprint-2009-18236,
title={Separating two roles of hashing in one-way message authentication},
booktitle={IACR Eprint archive},
keywords={cryptographic protocols /},
url={http://eprint.iacr.org/2009/003},
note={a short verion of this paper has been published in the Proceedings of FCS-ARSPA-WITS'08 workshop (Foundation of Computer Security, Automated Reasoning Security Protocol Analysis and Issues in the Theory of Security). long.nguyen@comlab.ox.ac.uk 14243 rece},
author={L. H. Nguyen and A. W. Roscoe},
year=2009
}