Message Authentication Code over a wiretap channel

Message Authentication Code (MAC) is a keyed function f_K such that when Alice, who shares the secret K with Bob, sends f_K(M) to the latter, Bob will be assured of the integrity and authenticity of M. Traditionally, it is assumed that the channel is noiseless. Unfortunately, Maurer showed that in this case an attacker can succeed with probability equation after authenticating ∓ messages, where H(K) is the entropy of K. In this paper, we consider the setting where the channel is noisy. Specifically, Alice and Bob are connected by a discrete memoryless channel (DMC) W₁ and a noiseless but insecure channel. In addition, there is a DMC W₂ between Alice and attacker Oscar. We regard the noisy channel as an expensive resource and define the authentication rate ρ_auth as the ratio of message length to the number n of channel W₁ uses. The security of this model depends on the channel coding for f_K(M). A natural coding scheme is to use the secrecy capacity achieving code of Csiszár and Körner. Intuitively, this is also the optimal strategy. However, we propose a coding scheme that achieves a higher ρ_auth. Our crucial point is that under a secrecy capacity code, Bob can fully recover f_K(M) while in our model this is not necessary as we only need to detect the existence of the modification. How to detect the malicious modification without recovering f_K(M) is the main contribution of this work. We achieve this through random coding techniques.