| 摘要 |
<p>A method is provided for authentication of encrypted messages (M). A non-malleable public-key encryption technique is employed, so that an eavesdropper (B) cannot employ an encrypted message (M), previously overheard, to generate a message which, when sent to a recipient (R), which would pass as a message originating from a valid sender (S). In a preferred embodiment, a protocol is provided in which, in response to a message authentication request (req) from a sender, a recipient (R) sends the sender (S) a string (st), encrypted according to the sender's non-malleable public key (Es). The sender (S) decrypts the string using its private key, and sends the recipient (R) a message (Auth (M, ST)) which is a function (Auth) of the string (St) and the message (M) to be authenticated. Because of the non-malleability of the public keys, an eavesdropper cannot impersonate the sender (S) or the recipient (R) and produce a disinformation message which would nevertheless contain the correct authorization string. <IMAGE></p> |
