Message Authentication Code over a Wiretap Channel

Abstract

Message Authentication Code (MAC) is a keyed function fK such that when Alice, who shares the secret K with Bob, sends fK(M) to the latter, Bob will be assured of the integrity and authenticity of M. Traditionally, it is assumed that the channel is noiseless. However, Maurer showed that in this case an attacker can succeed with probability 2-H(K)+1 after authenticating messages. In this paper, we consider the setting where the channel is noisy. Specifically, Alice and Bob are connected by a discrete memoryless channel (DMC) W1 and a noiseless but insecure channel. In addition, an attacker Oscar is connected with Alice through DMC W2 and with Bob through a noiseless channel. In this setting, we study the framework that sends M over the noiseless channel and the traditional MAC fK(M) over channel (W1, W2). We regard the noisy channel as an expensive resource and define the authentication rate auth as the ratio of message length to the number n of channel W1 uses. The security of this framework depends on the channel coding scheme for fK(M). A natural coding scheme is to use the secrecy capacity achieving code of Csisz\'ar and K\"orner. Intuitively, this is also the optimal strategy. However, we propose a coding scheme that achieves a higher auth. Our crucial point for this is that in the secrecy capacity setting, Bob needs to recover fK(M) while in our coding scheme this is not necessary. How to detect the attack without recovering fK(M) is the main contribution of this work. We achieve this through random coding techniques.