Proposition 1 : G() is truly necessary

• Theorem:

  • Let G() be d-contracting with d > 0. Then W must depend on X.

• Proof by contradiction:

  • Assume for a d-contracting G() that W = W0 is a constant. According to the definition there exist an X1 and an X2 such that G(W0, X1) = Z1 is not equal to G(W0, X2) = Z2. Define D0 such that D0 = l(X2 - X1) where the scaling parameter l is chosen such that | D0| = d > 0. Then, recursively applying G(W0, X1+mD0) = G(W0, X1+(m+1)D0) and G(W0, X1+D0) = Z1. Moreover, it must be the case that G(W0, X1) = G(W0, X2). This is in contraction with the initial assumptions.

Consequence:

When using noisy measurement data as input to a cryptographic function, one needs to use helper information W.

Note that the above authentication scheme captures any solution where the measurement data Y is processed before it is fed into the cryptographic function. the theorem proves that these cannot work unless some helper data is used effectively.

Previous slide

Next slide

Back to first slide

View graphic version