New Bound for the Authentication Channel when Used in the Notary Mode.

摘要

Authentication codes have traditionally been designed to only protect the receiver from accepting as authentic either fraudulent messages sent by an opponent when no legitimate message has been sent or else a fraudulent message substituted for the first legitimate message sent by an authorized transmitter. Clearly, an opponent might choose instead to wait and observe several legitimate (authenticated) messages before attempting to deceive the receiver. In this paper, we treat a ''worst case'' scenario in which the opponent can not only observe several authenticated messages before attempting a deception but he can also choose the information that is to be authenticated in the communications that occur before he acts. 15 refs.