International Association for Cryptologic Research

International Association
for Cryptologic Research


Shuhong Wang


New Results on Unconditionally Secure Multireceiver Manual Authentication
Shuhong Wang Reihaneh Safavi-Naini
Manual authentication is a recently proposed model of communication motivated by the settings where the only trusted infrastructure is a low bandwidth authenticated channel, possibly realized by the aid of a human, that connects the sender and the receiver who are otherwise connected through an insecure channel and do not have any shared key or public key infrastructure. A good example of such scenarios is pairing of devices in Bluetooth. Manual authentication systems are studied in computational and information theoretic security model and protocols with provable security have been proposed. In this paper we extend the results in information theoretic model in two directions. Firstly, we extend a single receiver scenario to multireceiver case where the sender wants to authenticate the same message to a group of receivers. We show new attacks (compared to single receiver case) that can launched in this model and demonstrate that the single receiver lower bound $2\log(1/\epsilon)+O(1)$ on the bandwidth of manual channel stays valid in the multireceiver scenario. We further propose a protocol that achieves this bound and provides security, in the sense that we define, if up to $c$ receivers are corrupted. The second direction is the study of non-interactive protocols in unconditionally secure model. We prove that unlike computational security framework, without interaction a secure authentication protocol requires the bandwidth of the manual channel to be at least the same as the message size, hence non-trivial protocols do not exist.
The Multireceiver Commitment Schemes
Shuhong Wang
Existing commitment schemes were addressed under the classic two-party scenario. However, popularity of the secure multi-party computation in today's lush network communication is motivating us to adopt more sophisticate commitment schemes. In this paper, we study for the first time multireceiver commitment in unconditionally secure setting, i.e., one committer promises a group of verifiers a common secret value (in computational setting it is trivial). We extend the Rivest model for this purpose and present a provably secure generic construction using multireceiver authentication codes (without secrecy) as a building block. Two concrete schemes are proposed as its immediate implementations, which are almost as efficient as an optimal MRA-code. Furthermore, to affirmatively answer the open question of Pinto, Souto, Matos and Antunes, we present also a generic construction (for two-party case) using only an A-code with secrecy. Finally, we show the possibility of constructing multireceiver commitment schemes using other primitives such as verifiable secret sharing. We leave open problems and believe the work will open doors for more interesting research.
Noninteractive Manual Channel Message Authentication Based On eTCR Hash Functions
We present a new non-interactive message authentication protocol in manual channel model (NIMAP, for short) using the weakest assumption on the manual channel (i.e. assuming the strongest adversary). Our protocol uses enhanced target collision resistant (eTCR) hash family and is provably secure in the standard model. We compare our protocol with protocols with similar properties and show that the new NIMAP has the same security level as the best previously known NIMAP whilst it is more practical. In particular, to authenticate a message such as a 1024-bit public key, we require an eTCR hash family that can be constructed from any off-the-shelf Merkle-Damg{\aa}rd hash function using randomized hashing mode. The underlying compression function must be {\em evaluated second preimage resistant} (eSPR), which is a strictly weaker security property than collision resistance. We also revisit some closely related security notions for hash functions and study their relationships to help understanding our protocol.
Private Information Retrieval Using Trusted Hardware
Many theoretical PIR (Private Information Retrieval) constructions have been proposed in the past years. Though information theoretically secure, most of them are impractical to deploy due to the prohibitively high communication and computation complexity. The recent trend in outsourcing databases fuels the research on practical PIR schemes. In this paper, we propose a new PIR system by making use of trusted hardware. Our system is proven to be information theoretically secure. Furthermore, we derive the computation complexity lower bound for hardware-based PIR schemes and show that our construction meets the lower bounds for both the communication and computation costs, respectively.