Information-Theoretically Secure Key-Insulated Multireceiver Authentication Codes

Exposing a secret-key is one of the most disastrous threats in cryptographic protocols. The key-insulated security is proposed with the aim of realizing the protection against such key-exposure problems. In this paper, we study key-insulated authentication schemes with information-theoretic security. More specifically, we focus on one of information-theoretically secure authentication, called rnultireceiver authentication codes, and we newly define a model and security notions of information-theoretically secure key-insulated rnultireceiver authentication codes (KI-MRA for short) based on the ideas of both computationally secure key-insulated signature schemes and multi-receiver authentication-codes with information-theoretic setting. In addition, we show lower bounds of sizes of entities' secret-keys. We also provide two kinds of constructions of KI-MRA: direct and generic constructions which are provably secure in our security definitions. It is shown that the direct construction meets the lower bounds of key-sizes with equality. Therefore, it turns out that our lower bounds are tight, and that the direct construction is optimal.