Paper 2006/326

Analyzing the HB and HB+ Protocols in the ``Large Error'' Case

Jonathan Katz and Adam Smith

Abstract

HB and HB+ are two shared-key, unidirectional authentication protocols whose extremely low computational cost makes them potentially well-suited for severely resource-constrained devices. Security of these protocols is based on the conjectured hardness of learning parity with noise; that is, learning a secret $s$ given ``noisy'' dot products of $s$ that are incorrect with probability $\epsilon$. Although the problem of learning parity with noise is meaningful for any constant $\epsilon < 1/2$, existing proofs of security for HB and HB+ only imply security when $\epsilon < 1/4$. In this note, we show how to extend these proofs to the case of arbitrary $\epsilon < 1/2$.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
RFID
Contact author(s)
jkatz @ cs umd edu
History
2006-09-28: received
Short URL
https://ia.cr/2006/326
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2006/326,
      author = {Jonathan Katz and Adam Smith},
      title = {Analyzing the HB and HB+ Protocols in the ``Large Error'' Case},
      howpublished = {Cryptology ePrint Archive, Paper 2006/326},
      year = {2006},
      note = {\url{https://eprint.iacr.org/2006/326}},
      url = {https://eprint.iacr.org/2006/326}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.