Provably-Secure One-Message Unilateral Entity Authentication Schemes

A one-message unilateral entity authentication scheme allows one party, called the prover, to authenticate himself, i.e., to prove his identity, to another party, called the verifier, by sending a single authentication message. We consider schemes where the prover and the verifier do not share any secret information, such as a password, in advance. We propose the first theoretical characterization for one-message unilateral entity authentication schemes, by formalizing the security requirements for such schemes with respect to different kinds of passive and active adversarial behaviours. In particular, we consider both static and adaptive adversaries for each kind of attack (passive/active). Afterwards, we explore the relationships between the security notions resulting from different adversarial behaviours for one-message unilateral entity authentication schemes. Finally, we propose three different constructions for one-message unilateral entity authentication schemes and we analyze their security with respect to the different definitions introduced in this paper.