Direct proof of security of Wegman–Carter authentication with partially known key

Direct proof of security of Wegman–Carter authentication with partially known key Information-theoretically secure (ITS) authentication is needed in quantum key distribution (QKD). In this paper, we study security of an ITS authentication scheme proposed by Wegman & Carter, in the case of partially known authentication key. This scheme uses a new authentication key in each authentication attempt, to select a hash function from an Almost Strongly Universal $$_2$$ 2 hash function family. The partial knowledge of the attacker is measured as the trace distance between the authentication key distribution and the uniform distribution; this is the usual measure in QKD. We provide direct proofs of security of the scheme, when using partially known key, first in the information-theoretic setting and then in terms of witness indistinguishability as used in the universal composability (UC) framework. We find that if the authentication procedure has a failure probability $$\varepsilon $$ ε and the authentication key has an $$\varepsilon ^{\prime }$$ ε ′ trace distance to the uniform, then under ITS, the adversary’s success probability conditioned on an authentic message-tag pair is only bounded by $$\varepsilon +|\mathcal T |\varepsilon ^{\prime }$$ ε + | T | ε ′ , where $$|\mathcal T |$$ | T | is the size of the set of tags. Furthermore, the trace distance between the authentication key distribution and the uniform increases to $$|\mathcal T |\varepsilon ^{\prime }$$ | T | ε ′ after having seen an authentic message-tag pair. Despite this, we are able to prove directly that the authenticated channel is indistinguishable from an (ideal) authentic channel (the desired functionality), except with probability less than $$\varepsilon +\varepsilon ^{\prime }$$ ε + ε ′ . This proves that the scheme is ( $$\varepsilon +\varepsilon ^{\prime }$$ ε + ε ′ )-UC-secure, without using the composability theorem. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Quantum Information Processing Springer Journals

Direct proof of security of Wegman–Carter authentication with partially known key

Loading next page...
 
/lp/springer_journal/direct-proof-of-security-of-wegman-carter-authentication-with-iC2JiQtZRi
Publisher
Springer Journals
Copyright
Copyright © 2013 by Springer Science+Business Media New York
Subject
Physics; Quantum Information Technology, Spintronics; Quantum Computing; Data Structures, Cryptology and Information Theory; Quantum Physics; Mathematical Physics
ISSN
1570-0755
eISSN
1573-1332
D.O.I.
10.1007/s11128-013-0641-6
Publisher site
See Article on Publisher Site

Abstract

Information-theoretically secure (ITS) authentication is needed in quantum key distribution (QKD). In this paper, we study security of an ITS authentication scheme proposed by Wegman & Carter, in the case of partially known authentication key. This scheme uses a new authentication key in each authentication attempt, to select a hash function from an Almost Strongly Universal $$_2$$ 2 hash function family. The partial knowledge of the attacker is measured as the trace distance between the authentication key distribution and the uniform distribution; this is the usual measure in QKD. We provide direct proofs of security of the scheme, when using partially known key, first in the information-theoretic setting and then in terms of witness indistinguishability as used in the universal composability (UC) framework. We find that if the authentication procedure has a failure probability $$\varepsilon $$ ε and the authentication key has an $$\varepsilon ^{\prime }$$ ε ′ trace distance to the uniform, then under ITS, the adversary’s success probability conditioned on an authentic message-tag pair is only bounded by $$\varepsilon +|\mathcal T |\varepsilon ^{\prime }$$ ε + | T | ε ′ , where $$|\mathcal T |$$ | T | is the size of the set of tags. Furthermore, the trace distance between the authentication key distribution and the uniform increases to $$|\mathcal T |\varepsilon ^{\prime }$$ | T | ε ′ after having seen an authentic message-tag pair. Despite this, we are able to prove directly that the authenticated channel is indistinguishable from an (ideal) authentic channel (the desired functionality), except with probability less than $$\varepsilon +\varepsilon ^{\prime }$$ ε + ε ′ . This proves that the scheme is ( $$\varepsilon +\varepsilon ^{\prime }$$ ε + ε ′ )-UC-secure, without using the composability theorem.

Journal

Quantum Information ProcessingSpringer Journals

Published: Sep 20, 2013

References

You’re reading a free preview. Subscribe to read the entire article.


DeepDyve is your
personal research library

It’s your single place to instantly
discover and read the research
that matters to you.

Enjoy affordable access to
over 18 million articles from more than
15,000 peer-reviewed journals.

All for just $49/month

Explore the DeepDyve Library

Search

Query the DeepDyve database, plus search all of PubMed and Google Scholar seamlessly

Organize

Save any article or search result from DeepDyve, PubMed, and Google Scholar... all in one place.

Access

Get unlimited, online access to over 18 million full-text articles from more than 15,000 scientific journals.

Your journals are on DeepDyve

Read from thousands of the leading scholarly journals from SpringerNature, Elsevier, Wiley-Blackwell, Oxford University Press and more.

All the latest content is available, no embargo periods.

See the journals in your area

DeepDyve

Freelancer

DeepDyve

Pro

Price

FREE

$49/month
$360/year

Save searches from
Google Scholar,
PubMed

Create lists to
organize your research

Export lists, citations

Read DeepDyve articles

Abstract access only

Unlimited access to over
18 million full-text articles

Print

20 pages / month

PDF Discount

20% off