Key recycling in authentication

Computer Science – Information Theory

Scientific paper

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0


15+6 pages, 3 figures

Scientific paper

In their seminal work on authentication, Wegman and Carter propose that to authenticate multiple messages, it is sufficient to reuse the same hash function as long as each tag is encrypted with a one-time pad. They argue that because the one-time pad is perfectly hiding, the hash function used remains completely unknown to the adversary. Since their proof is not composable, we revisit it using a universally composable framework. It turns out that the above argument is insufficient: information about the hash function is in fact leaked in every round to the adversary, and after a bounded finite amount of rounds it is completely known. We show however that this leak is very small, and Wegman and Carter's protocol is still \epsilon-secure, if \epsilon-almost strongly universal hash functions are used. This implies that the secret key corresponding to the choice of hash function can be recycled for any task without any additional error than this \epsilon. For example, if all the messages from many rounds of quantum key distribution are authenticated in this way, the error increases linearly in the number of rounds.

No associations


Say what you really think

Search for scientists and scientific papers. Rate them and share your experience with other people.


Key recycling in authentication does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.

If you have personal experience with Key recycling in authentication, we encourage you to share that experience with our community. Your opinion is very important and Key recycling in authentication will most certainly appreciate the feedback.

Rate now


Profile ID: LFWR-SCP-O-119972

All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.