Separating two roles of hashing in one−way message authentication

Abstract

We analyse two new and related families of authentication protocols, where a party wants to authenticate its public information to another. In the first, the objective is to do without shared passwords or a PKI, making use of low-bandwidth empirical or authentic channels where messages cannot be faked or modified. The analysis of these leads to a new security principle, termed separation of security concerns, under which protocols should be designed to tackle random and search attacks separately. This also leads us develop a new class of digital signature schemes which is potentially much more efficient than conventional signature schemes.