HBC entity authentication for low-cost pervasive devices

The HB-like entity authentication protocols for low-cost pervasive devices have attracted a great deal of attention because of their simplicity, computational efficiency and solid security foundation on a well-studied hard problem-learning parity with noise. By far, the most efficient protocol is HB^#, which is provably resistant to the GRS attack under the conjecture that it is secure in the DET-model. However, in order to achieve 80-bit security, a typical HB^# authentication key comprises over 1000 bits, which imposes considerable storage burdens on resource-constrained devices. In this study, the authors propose a new HB-like protocol: HB^C. The protocol makes use of a special type of circulant matrix, in contrast to the Toeplitz matrix in HB^#, to significantly reduce storage consumption and overcome a subtle security proof inefficacy in HB^#. In addition, the authors introduce a masking technique that substantially increases noise level from an adversary´s standpoint, and thus improves protocol performance. The authors demonstrate that 613-bit authentication key suffices for 80-bit security in the HB^C protocol, which is quite competitive and more appealing for low-cost devices.