1

In an application we need some way for a user to authenticate, but have the challenges of very restricted functions to use.

Each user has got a 16bit-number he can't change. We want to calculate some individual "secret" for some of the numbers that allow users to have higher access rights. The aim is to make it as hard as possible for other users to generate a valid secret for a different number even if they know some valid combinations. Brute forcing on the device itself would take ~10 seconds per try, so I think that won't be an issue.

We are only able to use basic mathematical and logical functions, XOR and Modulo and sine/cosine. Also the length of our integers are limited to a maximum of only 32bit.

We thought about some asymmetric signature that is easy to verify (for example Rabin), but it seems that 32bit are just too unsecure.

An alternative would be some kind of symmetrical mac. Would the best way be to implement some kind of own "mac" by implementing combinations of the usable functions? Or is there any better way?

I found this answer to a similar question, but don't really get why the mac solution isn't brute forcable offline. Is it because we suppose the attacker doesn't know that mac algorithm?

JacopoStacioni
  • 11
  • 1
  • What secrets are available to what users right now? Is the 16-bit number a secret (the only one?)? Can you store arrays of 32-bit integers (and thus construct larger integers based on arrays of 32-bit integers)? How much RAM do you have for this? Is it OK if the MAC takes several hundred of the basic arithmetic operations on like 16 32-it words? – SEJPM Mar 26 '20 at 14:05
  • 1
    The 16-bit number isn't a secret, but an unchangeable user-id. It's made sure that users can't change it (not by us) except that currently there are not secrets at all. The scenario in detail: We are using a third party software that has authentication and so on, but we (and the user) can only create combinations of mentioned basic functions within the UI of the software and don't have access to anything relevant different than the user id. We can hide our "functions" from the users. – JacopoStacioni Mar 26 '20 at 14:17
  • We can combine a maximum of 4 (max. 32bit) inputs per created function and can create and combine about 20 of these functions. On our abstraction we don't have any information about RAM or anything. – JacopoStacioni Mar 26 '20 at 14:19

0 Answers0