Method for Authentication of Diffie ‒ Hellman Values Based on Pre-Distributed Random Sequences and Wegman ‒ Carter One-Time Pad Algorithm

A method of authentication of keys generated by the Diffie-Hellman method is investigated in the context of the use of a man-in-the-middle attack by an attacker. It is assumed that the users Alice and Bob, who form the key, have pre-distributed random bit strings a and b, respectively, obtained either from some source or generated by themselves based on data obtained from magnetometers or accelerometers from mobile devices. The attacker has no access to these chains. A method for authenticating Diffie ‒ Hellman values (DH values) is proposed. For this purpose, the message (DH-value) is divided by Alice into N blocks. For each block, an authenticator is calculated using the Wegman ‒ Carter algorithm with a one-time pad keys, which are sequences a and b. The DH-value and authenticators are transmitted over the channel to Bob, who calculates authenticators from the received DH-value and compares them with the authenticators received from the channel. If the number of unauthenticated blocks does not exceed the set threshold, then DH-value authentication is considered successful. But the drawback of this method is a little disagreement between authenticating strings of different users. The formulas for probabilities of the undetected deception and the false alarm (due to the mismatch of chains a and b) are proved. The optimization of the method parameters (the number of blocks and the length of the authenticator) is carried out, at which the consumption of the authentication key (chains a and b) is minimized when the specified requirements for the probability of the undetected deception and the false alarm are met. Examples of the choice of authentication parameters for a 256-bit DH-value are given.