Title:Rate Efficient Authentication over a Wiretap Channel

Abstract:Message authentication is an interactive procedure that allows Alice to send message $M$ to Bob such that the latter is assured of its authenticity. Toward this, they usually share a secret key $K$. It is known that if the communication is noiseless, then after $\ell$ times of authentication, an adversary can succeed in an attack with probability $2^{-\frac{H(K)}{\ell+1}}$, which quickly approaches 1 with $\ell$. Lai et al. studied the authentication problem over a wiretap channel and presented a protocol that allows Alice to authenticate many messages without significantly increasing an attacker's success probability. Under their protocol, $M$ is protected. In this paper, we consider the setting where $M$ is not protected and is transmitted over a noiseless channel that can be seen and tampered by an attacker. Under this setting, we study the authentication framework which transmits a tag over a wiretap channel (besides sending $M$ over the noiseless channel). We regard the transmission over the wiretap channel as an expensive resource and define two efficiency measures: authentication rate $\rho_{auth}$ and channel coding rate $\rho_{chan}$. Improving both measures can improve the channel efficiency. With the secrecy capacity $C_s$ of Csiszár and Körner in mind, one can trivially achieve $\rho_{chan}= C_s$, which seems also the best possible result. However, we present a scheme with $\rho_{chan}>C_s$ when the main channel is less noisy. Our crucial point for this is that Bob does not need to recover the tag (as he can compute it from $M$ and $K$) and so the protection for the tag is only to defeat the attack. $\rho_{auth}$ in our scheme employs purely cryptographic techniques and has very good performance.