مرکز منطقه ای اطلاع رساني علوم و فناوري - Repeated use of codes which detect deception (Corresp.)

Abstract :

A sender $A$ wants to send $N$ messages $x_{i} = 1 , \\ldots ,N$ , chosen from a set containing $M$ different possible messages, $M > N$ , to a receiver $B$ . Every $x_{i}$ has to pass through the hands of a dishonest messenger $C$ . Therefore $A$ and $B$ agree on a mathematical transformation $f$ and a secret parameter, or key $k$ , that will be used to produce the authenticator $y_{i} = f(x_{i} , k )$ , which is sent together with $x$ . The key is chosen at random from a set of $L$ elements. $C$ knows $f$ and can find all elements in the set $G(x_{i},y_{i}) = {k|f(x_{i}, k) = y_{i}}$ given enough time and computer resources. $C$ wants to change $x_{i} \\in\\to x^{\\prime }$ without $B$ suspecting. This means that $C$ must find the new anthenticator $y^{\\prime } = f(x^{\\prime } , k)$ . Since $G(x_{i},y_{i})$ can be found for any $(x_{i},y_{i})$ , it is obvious that $C$ will always succeed unless $G(x_{i},y_{i})$ contains more than one element. Here it is proved that the average probability of success for $C$ is minimized if (a) $G(x_{i}, y_{i})$ contains $L^{(N-1)/N}$ elements and (b) each new known pair $(x_{j}, y_{j})$ will diminish this set of solutions by a factor of $L^{-l/N}$ . The minimum average probability will then be $L^{-l/N}$ .