Codes for Interactive Authentication

Abstract

An authentication protocol is a procedure by which an informant tries to convey n bits of information, which we call an input message, to a recipient. An intruder, I, controls the network over which the informant and the recipient talk and may change any message before it reaches its destination. a If the protocol has security p, then the the recipient must detect this a cheating with probability at least 1 - p. This paper is devoted to characterizing the amount of secret information that the sender and receipient must share in a p-secure protocol. We provide a single-round authentication protocol which requires log(n) + 5 log(1/p) bits of secrecy. as well as a single-round protocol which requires log(n)+2 log(1/p) bits of secrecy based on non-constructive random codes. We prove a lower bound of log(n) + log(1/p) secret bits for single-round protocols.We introduce authentication protocols with more than one round of communication (multi-round protocols) and present a k-round protocol which reduces the amount of secret information that the two parties need to log(k)(n)+ 5 log(1/p). When the number of rounds is log*(n), our protocol requires 2 log(1/p) + O(1) bits. Hence interaction helps when log(n) > log(1/p). We also show a lower bound of log(k)(n) on the number of shared random bits in a k-round protocol.