Background: An A-code is a matrix E x M, where e is the encoding rule used, and m is the message the transmitter should send (output). The message to be authenticated (input) is s in { s_1 .. s_k }, and the contents of the matrix are members of such that every row (encoding rule) contains s_1..s_k. In schemes with secrecy, there is an additional constraint that each column include each of s_1..s_k. Any unused cells are filled with 0, indicating that the message/encoding combination is invalid and indicative that the message is fraudulent.
Put another way, if f : S x E -> M is a map, then f is onto and for each encoding rule e, the map f(o , e) : S -> M defined by s -> f(s,e) is one-to-one. Furthermore, the code is minimal if |E| = |M|. As I understand it, this means there are no matrix elements containing 0. This is ostensibly desirable as it minimizes the number of bits necessary to encode the encoding rule (lg |E|). However, it would appear to provide no protection against substitution or impersonation. Question: Is that last statement correct? Isn't it the case that every minimal authentication code with secrecy is also a latin square? ...just wanted to be sure I was understanding it correctly... -- "Curiousity killed the cat, but for a while I was a suspect" -- Steven Wright Security Guru for Hire http://www.lightconsulting.com/~travis/ -><- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]