Authentication theory and hypothesis testing

By interpreting message authentication as a hypothesis testing problem, this paper provides a generalized treatment of information-theoretic lower bounds on an opponent's probability of cheating in one-way message authentication. We consider the authentication of an arbitrary sequence of messages, using the same secret key shared between sender and receiver. The adversary tries to deceive the receiver by forging one of the messages in the sequence. The classical two types of cheating are considered, impersonation and substitution attacks, and lower bounds on the cheating probability for any authentication system are derived for three types of goals the adversary might wish to achieve. These goals are (a) that the fraudulent message should be accepted by the receiver, or, in addition, (b) that the adversary wishes to know or (c) wants to even choose the value of the plaintext message obtained by the legitimate receiver after decoding with the secret key.