Paper 2005/424

Efficient Mutual Data Authentication Using Manually Authenticated Strings

Sven Laur, N. Asokan, and Kaisa Nyberg


Solutions for an easy and secure setup of a wireless connection between two devices are urgently needed for WLAN, Wireless USB, Bluetooth and similar standards for short range wireless communication. In this paper we analyse the SAS protocol by Vaudenay and propose a new three round protocol MA-3 for mutual data authentication based on a cryptographic commitment scheme and short manually authenticated out-of-band messages. We show that non-malleability of the commitment scheme is essential for the security of the SAS and the MA-3 schemes and that extractability or equivocability do not imply non-malleability. We also give new proofs of security for the SAS and MA-3 protocols and suggestions how to instantiate the MA-3 protocol in practise.

Note: The current Eprint version of the aricle is outdated and kept here for historical reasons. The new update "Efficient mutual data authentication using manually authenticated strings: Extended version" is available from until Eprint starts to support multiple versions of the same report. We suggest to cite older version for historical references and CANS paper otherwise.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. A shortened and more updated version will be published at CANS 2006.
data authenticationmanual authentication protocol
Contact author(s)
kaisa nyberg @ nokia com
2006-09-18: revised
2005-11-22: received
See all versions
Short URL
Creative Commons Attribution


      author = {Sven Laur and N.  Asokan and Kaisa Nyberg},
      title = {Efficient Mutual Data Authentication Using Manually Authenticated Strings},
      howpublished = {Cryptology ePrint Archive, Paper 2005/424},
      year = {2005},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.