Messages per secret bit when authentication and a min-entropy secrecy criterion are required

摘要

Suppose Alice and Bob share a secret key, of which Eve is initially oblivious. Clearly, Alice and Bob can use this key to ensure that any particular plain-message sent is both authentic and secure. This paper investigates how many plain-messages can be sent per bit of secret key, while still ensuring both secrecy and authentication. In particular the secrecy tolerance relates to the min-entropy of any individual plain message, given all observed cipher-messages, while the authentication tolerance directly relates to the maximum allowable probability of Bob erroneously accepting a cipher-message from Eve. In this paper we characterize the set of all messages to secret bit ratios. We do this by providing a direct and converse, showing that the maximum ratio is directly determined by the tolerance parameters for authentication and secrecy, and is independent of the ratio of the length of the plain-message to the length of the secret key.