As an interesting application of LMT we envision an email authentication system with minimal user interaction. Email clients could routinely generate a secret LMT key upon their first invocation, and then equip all outgoing messages with corresponding tags. On the receiver's side, client software could automatically verify whether incoming messages originate from the same entity as previously or subsequently received messages with an (allegedly) identical sender address. Although this form of message authentication does not provide as strong guarantees of sender's origin as signature schemes would do, we do believe that trading the apparently discouraging obstacles implied by the authentic distribution of signature verification keys for the assumption that an attacker does not forge every message exchanged between parties is quite attractive.
On the technical side, we formalize the notions of LMT and its (more efficient) variant CMT (classifiable message tagging), including corresponding notions of unforgeability. For both variants we propose a range of provably secure constructions, basing on different hardness assumptions, with and without requiring random oracles.Category / Keywords: message authentication, key distribution problem, message tagging, digital signatures Date: received 6 Jan 2014 Contact author: guenther at cs tu-darmstadt de Available format(s): PDF | BibTeX Citation Note: In submission Version: 20140107:094116 (All versions of this report) Discussion forum: Show discussion | Start new discussion