3.1. A General Scheme without Secrecry
An authentication scheme [
5] provides a method to ensure the integrity of the information when sent through a channel public. A transmitter and receiver share a secret key, which allows the receiver to verify that the message received is authentic. An authentication scheme without secrecy is a quadruple:
where
is the source space,
is the tag space,
is the space key, and
is the encoding rule. The sets
,
and
are assumed to be finite and not empty. Additionally, the message space is defined,
A transmitter and the receiver share a secret key
The transmitter wants to send a piece of information (called source)
to the receiver, then the transmitter calculates
and inserts into the public channel the message
m consisting of the ordered pair
The receiver, when receiving
calculates
and verifies if
; if so, the receiver accepts the message as authentic, otherwise the message is rejected. Since the communication channel is public, there is a risk that an intruder may deliberately observe, and cause a communication disturbance. It is assumed that the intruder can insert a message into the channel or replace the observed message
m with another message
The success probabilities in these attacks (impersonation and substitution) denoted by
and
are respectively [
6].
Lower bounds are obtained for
and
[
5]:
Relationships between the sizes of the spaces are given.
Theorem 2 ([
7])
. Let be an authentication scheme without secrecy in which . ThenThe authentication scheme is optimal if the equality if
In this way, the relationship between the cardinality of the source space and the tag space is compromised by obtaining the minimum bounds for and .
3.2. A First Construction Using Gray Map
We give an authentication scheme without secrecy. Encoding rules with domain in a Galois ring and image over a finite field, using Gray map, trace map, and resilient functions are given. We obtain minimum bounds in success probabilities in impersonation and substitution attacks.
In [
8] there are a tedious source space and a long injection proof between key space and encoding maps, eight pages approximately. Here we simplify the source space increasing its number of elements, obtaining a better relation between message space and key space. The reader can see the link between the message space and key space in [
6]. On the other hand, we reduce the injection proof of [
8] mainly due to Gray map properties, the new source space, and Theorem 3.
Let and We can see that . If then .
Let
be a
t-resilient function,
and
be the Gray map. We build the following authentication scheme,
where
,
,
and
the projection function
to
, sending
to the
k-th coordinate.
We can see that
,
where
The size of
is greater than the respective space in the first scheme given in [
8], and the tag space is similar. Therefore, in this work
and
are closer, obtaining then (following the Theorem 2) a better relationship between the spaces.
Please note that the source space can be considered to be
In this case, ,
where
Before resolving the injection problem, we give the next results.
Theorem 3. Let , and . Then exists an element such that
Proof. We know that there are
zero divisors in
S. Given
there are
elements
a in
S such that
As
, then
Let Hence there is at least an element in such that if
Let
. In particular
There is
in
such that
□
We will consider the value in the w coordinate of
Remark 1 ([
8])
. Let ThenConsider two coordinates j of
If is not a multiple of q, then take c such that only . In this case and values are different.
If is multiple of q such that and , then take such that only . In this case the two coordinates k and j of are different.
If is a multiple of q such that , then take such that only . In this case and values are different.
Remark 2. If is an even number and a generator, then or In any case, if hence Therefore, ifis in p-adic form, thenis also in its p-adic form. Theorem 4. Let the function be given by Then H is a bijective function.
Proof. Note we need to prove the following:
Let coordinates of If for an element then H is a bijective function.
We compare all the possibles coordinate pairs of considering its length by parts. Let us consider three cases.
Case 1: Two coordinates of
Case 2: A coordinate of and a coordinate of
Case 3: A coordinate of and a coordinate of two cases, and
Case 1:
Let
and the first two coordinates
of
If
by Remark 2 we can take
such that:
If then Thus,
If then Thus,
Therefore if as above, given two coordinates of these are distinct. It follows from Remark 1 and Lemma 2.
Case 2:
Let us pick a coordinate of and a coordinate of
In a first place we consider the same coordinate w in and in that means and
Let
and
. We know that exists a
k entry such that
(of
). By Theorem 3 we can choose an element
and
such that
Hence, if
and
then
So that Therefore with .
We now consider distinct coordinates
in
and in
Similarly as above,
and
If
and
(
p-adic form by Remark 2), then
Case 3:
Let
If
then
In otherwise we would have
Let two distinct elements , . Let an entry k of x, . By Theorem 3, there is a b such that ( k-th coordinate of ) and ; from here On the other hand, Therefore and and by Lemma 2,
Let
,
and
. Using Theorem 3, we know exists
such that
, where
and
Then,
follows from Lemma 2.
Finally, the case
and distinct coordinates. Let
and similar to above we find
such that
Hence,
and
Then, we consider,
. Therefore,
follows from Lemma 2.
The distinct above cases conclude the proof. □
The procedure to obtain bound for
and
is similar to Proposition 4 of [
8]. We give this result for granted.
3.3. A Second Construction Using Map Gray
In this authentication scheme, we remove a parameter from the first scheme, thus reducing the key spaces’ size; however, it is necessary to reduce the size of the source space. We obtain minimum bounds in success probabilities in impersonation and substitution attacks. To show that the minimum values for and are obtained, we find balanced functions in the composition of the Gray map, the trace and the resilient functions on Galois rings.
Let us recall that
and
L as the scheme
Let
be a
t-resilient function,
,
and
be the Gray map. We build the following authentication scheme,
where
,
and
the projection function
to
, sending
to the
k-th coordinate.
We can see that , where
.
Theorem 6. Let the function be given by Then H is a bijective function.
Proof. Note we need to prove the following:
Let coordinates of If for an element then H is a bijective function.
We compare all the possibles coordinate pairs of considering its length by parts. Let us consider 2 cases.
Case 1: Two coordinates of
Case 2: A coordinate of and a coordinate of
We can see that the proof of these two cases is similar to the first two cases of the demonstration of Theorem 4, since in this proof only is considered. Additionally, we know that the image of an element under the Gray map is a vector with all equal entries.
To find and , we give the following results. □
Let be the vectors in the image of the Gray map given in Definition 3,
Theorem 7. The sum of two or more elements of the vector set as above has the form where are arbitrary permutations of the vectors in , and and are the last and second last terms of the sum, respectively, in increasing order of the indexes. Proof. The claim is proved by mathematical induction.
Basis step:
Let two summands,
and
,
,
. We know that
and
Please note that
which indicates that each vector
of
has exactly
times the length of the vector
. Then,
.
Inductive step:
Suppose that we have the sum of
vectors (the sum in increasing order with respect to indexes) of the set
found in the image of the Gray map, where the second last vector is
r and the last is
l:
Now, a
k-th vector,
, is added to the resulting sum above:
where
Observe that has length This completes the inductive step.
So by mathematical induction we prove the statement of the theorem. □
Let be the vectors in the image of the Gray map given in Definition 3,
Corollary 1. Let , be vectors as above. Then, in the sum of at most of those terms, every element is in entries.
Proof. Consider a finite sum, such that the vectors
and
are the last and second last terms of the sum, respectively, in increasing order of the indexes. The resulting vector is conformed by a permutation of the vectors
in
where
It follows from Theorem 7.
Then, the number of entries equal to a value is equal to , being that each element of is repeated times in □
Corollary 2. Let , . Then .
Proof. By proof of Theorem 7,
c and
can be obtained from vectors
and
giving the respective permutations of vectors
and
in these. Where
and
We can see that any element in is repeated in the same coordinates of and , times.
Please note that different from Corollary 3, here the sum of the elements have coefficients, but this does not represent a problem, since we would only have additionally permutations of elements of c and □
The following theorem is a generalization of Proposition 3 of [
9], now on Galois rings.
Theorem 8. Let be a t-resilient function and let such that and Proof. There are the following equalities
The last equality is justified as follows:
Please note that and cannot both be zero, unless because of the shape of source space.
If and exists such that
Then, similar to Lemma 2.1 proof of [
12],
If
and
then, since
is balanced and by Lemma 1,
Finally, if
and
suppose without loss of generality that the nonzero entries of
are in the entries
. Since
f is
t-resilient, these
t entries of
are kept constant. Then,
is balanced; even more,
is constant, and also by Lemma 1 we have the last equality.
Theorem 9. Let , be as in scheme , and . Then, the vector of length where , , has coordinates equal to t, namely the value of the distinct coordinates are balanced.
Proof. By Corollary 1, in the sum of at most
vectors of
of the Gray map, every element
is in
entries. On the other hand, if an element
then
To have the number of images equal to a value for any element a in it is necessary to consider the possible values that can have the coefficients
If we consider the possible combinations for the sum of terms without the case and without considering the last term, then entries are equal to t.
If the term is considered:
If the sum of the first terms is nonzero, then the number of combinations increases to since there are q distinct elements
If the sum of the first terms is zero, then we only have the term . Since there is only one element such that , then we have a vector with entries equal to t. Hence, the possible combinations are .
The above is valid for all elements in R repeated only once because in each element of R is repeated times. Therefore, there are elements in that corresponding to coordinates of equal to t. □
Theorem 10. Let , be as in the scheme , , . Thenwhere and , Proof. Let and such that . Then by Theorem 8 and proceeding as in the proof of Theorem 9, □
Proof. Let us find :
By Theorem 9,
. Thus, the probability of impersonation is
Let us find :
Let
and
By Theorem 10 if
, then
If
, then
. Thus,
(follows from Corollary 2). Hence,
Therefore, □
3.4. Third Construction: Without Map Gray, over Galois Rings
In this scheme, the composition of resilient functions and trace function on Galois rings are provided. We get a generalization on Galois rings of the authentication scheme given on finite fields in [
9]. If
, then we obtain the scheme presented in [
9], with the difference that the source space of the scheme constructed here has a greater cardinality; this result brings a better relationship between the message space and the key space for our scheme (see Theorems 2.3 and 3.1 in [
6] and Theorem 14 in [
7]).
Let
be a
t-resilient function,
We build the following authentication scheme,
and
We can see that , where
This authentication scheme is a generalization of the first authentication scheme given in [
9], where the scheme is considered on finite fields. In our scheme if we consider
, then we obtain the same scheme, except the size of the source space; here, this is greater than the size of the source space given in [
9]. Therefore, in this work
and
are closer, following the Theorem 2. Then, we have a better relationship between the spaces.
The following result ensures that the encoding rules are equally likely to be chosen.
Theorem 12. The function defined by is a bijection.
Proof. Suppose
,
Then,
Let be nonzero in its i-th entry. Let and . Then Thus, namely □
Solving similarly to the proof of Theorem 8, the following result is granted.
Theorem 13. Let be a t-resilient function, elements of and In the following result, minimum values for and are obtained.
Theorem 14. Let the authentication scheme . Then, Proof. Let
. We know that the function
is balanced. Then,