Shaoquan Jiang

Shaoquan Jiang

We further study the keyless authentication problem in a noisy model in our previous work, where no secret setup is available for sender Alice and receiver Bob while there is DMC $W_1$ from Alice to Bob and a two-way noiseless but insecure channel between them. We propose a construction such that the message length over DMC $W_1$ does not depend on the size of the source space. If the source space is ${\cal S}$ and the number of channel $W_1$ uses is $n$, then our protocol only has a round complexity of $\log^*|{\cal S}|-\log^*n+4.$ In addition, we show that the round complexity of any secure protocol in our model is lower bounded by $\log^*|{\cal S}|-\log^* n-5$. We also obtain a lower bound on the success probability when the message size on DMC $W_1$ is given. Finally, we derive the capacity for a non-interactive authentication protocol under general DMCs, which extends the result under BSCs in our previous work.

Dajiang Chen, Shaoquan Jiang, Zhiguang Qin

Message Authentication Code (MAC) is a keyed function $f_K$ such that when Alice, who shares the secret $K$ with Bob, sends $f_K(M)$ to the latter, Bob will be assured of the integrity and authenticity of $M$. Traditionally, it is assumed that the channel is noiseless. However, Maurer showed that in this case an attacker can succeed with probability $2^{-\frac{H(K)}{\ell+1}}$ after authenticating $\ell$ messages. In this paper, we consider the setting where the channel is noisy. Specifically, Alice and Bob are connected by a discrete memoryless channel (DMC) $W_1$ and a noiseless but insecure channel. In addition, an attacker Oscar is connected with Alice through DMC $W_2$ and with Bob through a noiseless channel. In this setting, we study the framework that sends $M$ over the noiseless channel and the traditional MAC $f_K(M)$ over channel $(W_1, W_2)$. We regard the noisy channel as an expensive resource and define the authentication rate $ρ_{auth}$ as the ratio of message length to the number $n$ of channel $W_1$ uses. The security of this framework depends on the channel coding scheme for $f_K(M)$. A natural coding scheme is to use the secrecy capacity achieving code of Csiszár and Körner. Intuitively, this is also the optimal strategy. However, we propose a coding scheme that achieves a higher $ρ_{auth}.$ Our crucial point for this is that in the secrecy capacity setting, Bob needs to recover $f_K(M)$ while in our coding scheme this is not necessary. How to detect the attack without recovering $f_K(M)$ is the main contribution of this work. We achieve this through random coding techniques.