HBC entity authentication for low-cost pervasive devices

Abstract

The HB-like entity authentication protocols for low-cost pervasive devices have attracted a great deal of attention because of their simplicity, computational efficiency and solid security foundation on a well-studied hard problem–learning parity with noise. By far, the most efficient protocol is HB#, which is provably resistant to the GRS attack under the conjecture that it is secure in the DET-model. However, in order to achieve 80-bit security, a typical HB# authentication key comprises over 1000 bits, which imposes considerable storage burdens on resource-constrained devices. In this study, the authors propose a new HB-like protocol: HB. The protocol makes use of a special type of circulant matrix, in contrast to the Toeplitz matrix in HB#, to significantly reduce storage consumption and overcome a subtle security proof inefficacy in HB#. In addition, the authors introduce a masking technique that substantially increases noise level from an adversary's standpoint, and thus improves protocol performance. The authors demonstrate that 613-bit authentication key suffices for 80-bit security in the HB protocol, which is quite competitive and more appealing for low-cost devices.