研究成果

In cryptographic application, there is need for protecting privacy of users besides integrity of data transmitted in a public channel. In unconditional (or information-theoretic) security setting, a model of GA-codes (Group Authentication codes) which ensures the anonymity for senders like the computationally secure group signature was proposed. In this model, it is assumed that both the sender and the receiver are mutually trusted. In this paper, we remove the assumption and newly propose a model and security definition of the GA²-code (Group Authentication codes with an Arbiter) in which a trusted arbiter is provided so that the arbiter can resolve a dispute between the sender and the receiver. This model can be considered as extension of both the GA-codes and the traditional A²-codes (Authentication codes with an Arbiter). In addition, we propose a construction which meets our security definition of GA²-codes by using polynomials over finite fields. We also consider the case that the arbiter is not always honest and call this model GA³-codes (GA-codes with protecting against arbiter's attack), which is similar to the setting of the traditional A³-codes.