3-codes, that is, without any trusted arbiter. Finally, we introduce a novel model of asymmetric A-codes with an arbiter but do not have to be fully trusted, and also show a concrete construction of the asymmetric A-codes for the model. Since our proposed A-code does not require fully trusted arbiters, it is more secure than A2-codes or A3-codes." />


The Role of Arbiters for Unconditionally Secure Authentication

Goichiro HANAOKA  Junji SHIKATA  Yumiko HANAOKA  Hideki IMAI  

Publication
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E87-A   No.5   pp.1132-1140
Publication Date: 2004/05/01
Online ISSN: 
DOI: 
Print ISSN: 0916-8508
Type of Manuscript: Special Section LETTER (Special Section on Discrete Mathematics and Its Applications)
Category: 
Keyword: 
authentication code,  arbiter,  unconditional security,  

Full Text: PDF(212.8KB)>>
Buy this Article




Summary: 
Authentication codes (A-codes, for short) are considered as important building blocks for constructing unconditionally secure authentication schemes. Since in the conventional A-codes, two communicating parties, transmitter and receiver, utilized a common secret key, and such A-codes do not provide non-repudiation. With the aim of enhancing with non-repudiation property, Simmons introduced A2-codes. Later, Johansson formally defined an improved version of A2-codes called, the A3-codes. Unlike A2-codes, A3-codes do not require an arbiter to be fully trusted. In this paper, we clarify the security definition of A3-codes which may be misdefined. We show a concrete attack against an A3-code and conclude that concrete constructions of A3-codes implicitly assumes a trusted arbiter. We also show that there is no significant difference between A2-codes and A3-codes in a practical sense and further argue that it is impossible to construct an "ideal" A3-codes, that is, without any trusted arbiter. Finally, we introduce a novel model of asymmetric A-codes with an arbiter but do not have to be fully trusted, and also show a concrete construction of the asymmetric A-codes for the model. Since our proposed A-code does not require fully trusted arbiters, it is more secure than A2-codes or A3-codes.