Results 1  10
of
15
Universal Hashing and Authentication Codes
, 1991
"... unconditionally secure authentication codes without secrecy. This idea is most useful when the number of authenticators is exponentially small compared to the number of possible source states (plaintext messages). We formally de ne some new classes of hash functions and then prove some new bounds a ..."
Abstract

Cited by 58 (1 self)
 Add to MetaCart
unconditionally secure authentication codes without secrecy. This idea is most useful when the number of authenticators is exponentially small compared to the number of possible source states (plaintext messages). We formally de ne some new classes of hash functions and then prove some new bounds and give some general constructions for these classes of hash functions. Then we discuss the implications to authentication codes.
Software performance of universal hash functions
 In Advances in Cryptology — EUROCRYPT ’99
, 1999
"... Abstract. This paper compares the parameters sizes and software performance of several recent constructions for universal hash functions: bucket hashing, polynomial hashing, Toeplitz hashing, division hashing, evaluation hashing, and MMH hashing. An objective comparison between these widely varying ..."
Abstract

Cited by 26 (0 self)
 Add to MetaCart
Abstract. This paper compares the parameters sizes and software performance of several recent constructions for universal hash functions: bucket hashing, polynomial hashing, Toeplitz hashing, division hashing, evaluation hashing, and MMH hashing. An objective comparison between these widely varying approaches is achieved by defining constructions that offer a comparable security level. It is also demonstrated how the security of these constructions compares favorably to existing MAC algorithms, the security of which is less understood. 1
Applications of Combinatorial Designs to Communications, Cryptography, and Networking
, 1999
"... ... In this paper, we focus on another collection of recent applications in the general area of communications, including cryptography and networking. Applications have been chosen to represent those in which design theory plays a useful, and sometimes central, role. Moreover, applications have been ..."
Abstract

Cited by 25 (2 self)
 Add to MetaCart
... In this paper, we focus on another collection of recent applications in the general area of communications, including cryptography and networking. Applications have been chosen to represent those in which design theory plays a useful, and sometimes central, role. Moreover, applications have been chosen to reflect in addition the genesis of new and interesting problems in design theory in order to treat the practical concerns. Of many candidates, thirteen applications areas have been included. They are as follows:
Combinatorial Characterizations of Authentication Codes II
 Designs, Codes and Cryptography
, 1996
"... For any authentication code for k source states and v messages having minimum possible deception probabilities (namely, P d 0 = k=v and P d 1 = (k \Gamma 1)=(v \Gamma 1)), we show that there must be at least v encoding rules. (This can be thought of as an authenticationcode analogue of Fisher's In ..."
Abstract

Cited by 19 (4 self)
 Add to MetaCart
For any authentication code for k source states and v messages having minimum possible deception probabilities (namely, P d 0 = k=v and P d 1 = (k \Gamma 1)=(v \Gamma 1)), we show that there must be at least v encoding rules. (This can be thought of as an authenticationcode analogue of Fisher's Inequality. ) We derive several properties that an extremal code must satisfy, and we characterize the extremal codes for equiprobable source states as arising from symmetric balanced incomplete block designs. We also present an infinite class of extremal codes, in which the source states are not equiprobable, derived from affine planes. 1 Introduction Authentication codes were invented in 1974 by Gilbert, MacWilliams and Sloane [4]. The theory of authentication codes was developed throughout the 1980's by Simmons and others. Numerous papers have given constructions and bounds for authentication codes; see the list of references for a representative sample. For a survey of authentication code...
Codes for Interactive Authentication

, 1998
"... An authentication protocol is a procedure by which an informant tries to convey n bits of information, which we call an input message, to a recipient. An intruder, I, controls the network over which the informant and the recipient talk and may change any message before it reaches its destination ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
An authentication protocol is a procedure by which an informant tries to convey n bits of information, which we call an input message, to a recipient. An intruder, I, controls the network over which the informant and the recipient talk and may change any message before it reaches its destination. a If the protocol ha security p, then the the recipient must detect this a cheating with probability at leat I  p. This paper
Applications of Designs to Cryptography
"... to Bob, she encrypts x using the encryption rule e K . That is, she computes y = e K (x), and sends y to Bob over the channel. When Bob receives y, he decrypts it using the decryption function dK , obtaining x. Informally, perfect secrecy means that observation of a ciphertext gives no informatio ..."
Abstract

Cited by 11 (4 self)
 Add to MetaCart
to Bob, she encrypts x using the encryption rule e K . That is, she computes y = e K (x), and sends y to Bob over the channel. When Bob receives y, he decrypts it using the decryption function dK , obtaining x. Informally, perfect secrecy means that observation of a ciphertext gives no information about the corresponding plaintext. This idea can be stated more precisely using probability distributions. Suppose there is are probability distributions pP on P, and pK on K. Then a probability distribution p C is induced on C. A cryptosystem is said to provide perfect secrecy provided that pP (xjy) = pP<F24.
Combinatorial Bounds of Authentication Codes with Arbitration
 Proc. of CRYPTO’94, LNCS 839
, 1997
"... Unconditionally secure authentication codes with arbitration (A²codes) protect against deceptions from the transmitter and the receiver as well as that from the opponent. In this paper, we present combinatorial lower bounds on the cheating probabilities and the sizes of keys of A²codes. ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
Unconditionally secure authentication codes with arbitration (A²codes) protect against deceptions from the transmitter and the receiver as well as that from the opponent. In this paper, we present combinatorial lower bounds on the cheating probabilities and the sizes of keys of A²codes. Especially, our bounds for A²codes without secrecy are all tight for small size of source states.
Combinatorial Bounds and Design of Broadcast Authentication
 IN IEICE TRANS
, 1996
"... This paper presents a combinatorial characterization of broadcast authentication in which a transmitter broadcasts v messages e 1 (s); \Delta \Delta \Delta ; e v (s) to authenticate a source state s to all n receivers so that any k receivers cannot cheat any other receivers, where e i is a key. Supp ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
This paper presents a combinatorial characterization of broadcast authentication in which a transmitter broadcasts v messages e 1 (s); \Delta \Delta \Delta ; e v (s) to authenticate a source state s to all n receivers so that any k receivers cannot cheat any other receivers, where e i is a key. Suppose that each receiver has l keys. First, we prove that k ! l if v ! n. Then we show an upper bound of n such that n v(v \Gamma 1)=l(l \Gamma 1) for k = l \Gamma 1 and n ` v dl=ke ' = ` l dl=ke ' + ` v dl=ke ' for k ! l \Gamma 1. Further, a scheme for k = l \Gamma 1 which meets the upper bound is presented by using a BIBD and a scheme for k ! l \Gamma 1 such that n = ` v dl=ke ' = ` l dl=ke ' is presented by using a Steiner system. Some other efficient schemes are also presented.
New Combinatorial Bounds for Authentication Codes and Key Predistribution Schemes
, 1998
"... . This paper provides new combinatorial bounds and characterizations of authentication codes (Acodes) and key predistribution schemes (KPS). We first prove a new lower bound on the number of keys in an Acode without secrecy, which can be thought of as a generalization of the classical Rao bound fo ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
. This paper provides new combinatorial bounds and characterizations of authentication codes (Acodes) and key predistribution schemes (KPS). We first prove a new lower bound on the number of keys in an Acode without secrecy, which can be thought of as a generalization of the classical Rao bound for orthogonal arrays. We also prove a new lower bound on the number of keys in a general Acode, which is based on the Petrenjuk, RayChaudhuri and Wilson bound for tdesigns. We also present new lower bounds on the size of keys and the amount of users' secret information in KPS, the latter of which is accomplished by showing that a certain Acode is "hiding" inside any KPS. 1. Introduction In the usual model of authentication codes (or Acodes) due to Simmons [8], there are three participants: a transmitter T , a receiver R and an opponent O. T and R share an encoding rule (or key) e 2 E. Given a source state s 2 S, T sends a message m 2 M to R over a public channel. O tries to cheat R b...
Combinatorial Classification of Optimal Authentication Codes with Arbitration
, 2000
"... Unconditionally secure authentication codes with arbitration (A²codes) protect against deceptions from the transmitter and the receiver as well as that from the opponent. We first show that an optimal A²code implies an orthogonal array and an affine alpharesolvable design. Next we defin ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Unconditionally secure authentication codes with arbitration (A²codes) protect against deceptions from the transmitter and the receiver as well as that from the opponent. We first show that an optimal A²code implies an orthogonal array and an affine alpharesolvable design. Next we define a new design, an affine alpharesolvable + BIBD, and prove that optimal A²codes are equivalent to this new design. From this equivalence, we derive a condition on the parameters for the existence of optimal A²codes. Further, we show tighter lower bounds on the size of keys than before for large sizes of source states which can be considered as an extension of the bounds on the related designs.