Combinatorial Bounds and Characterizations of Splitting Authentication Codes

We present several generalizations of results for splitting authentication codes by studying the aspect of multi-fold security. As the two primary results, we prove a combinatorial lower bound on the number of encoding rules and a combinatorial characterization of optimal splitting authentication codes that are multi-fold secure against spoofing attacks. The characterization is based on a new type of combinatorial designs, which we introduce and for which basic necessary conditions are given regarding their existence.

💡 Research Summary

The paper investigates splitting authentication codes under a multi‑fold security model, extending the classical one‑fold analysis to scenarios where an adversary may observe several legitimate message‑tag pairs before attempting a spoofing attack. After reviewing the basic definitions of splitting authentication codes—where each source state (message) is associated with a set of possible tags rather than a single tag—the authors formalize t‑fold security: after observing t authentic transmissions, the probability that an attacker can successfully forge a new transmission must not exceed (k‑t)/(v‑t), where v is the number of source states and k the number of tags per encoding rule.

The first major contribution is a combinatorial lower bound on the number N of encoding rules required for a t‑fold secure splitting authentication code. Using a double‑counting argument, the authors count the total number of (t‑subset, encoding‑rule) incidences in two ways: (i) each encoding rule contributes (\binom{k}{t}) incidences, giving (\binom{k}{t} N); (ii) the total number of distinct t‑subsets of source states is (\binom{v}{t}). Equating these counts yields the inequality
( N \ge \left\lceil \frac{\binom{v}{t}}{\binom{k}{t}} \right\rceil).
This bound generalizes the well‑known one‑fold result and shows that the required number of encoding rules grows rapidly with t, providing a clear quantitative trade‑off between security depth and key material.

The second major contribution is a structural characterization of optimal splitting authentication codes—those that meet the bound with equality. To achieve this, the authors introduce a new combinatorial object called a “split design” (or (v, k, λ, t)‑split design). A split design consists of a collection of blocks, each block being a set of k tags, with the property that every t‑subset of source states occurs in exactly λ blocks. When λ = 1, the design corresponds precisely to an optimal t‑fold secure splitting authentication code. The paper derives necessary arithmetic conditions for the existence of such designs, such as integrality constraints on v, k, λ, and t, and shows how these conditions reduce to familiar ones for ordinary t‑designs when each block is a single element.

Proofs rely heavily on combinatorial counting, incidence matrices, and the principle of double counting. The authors also provide concrete examples: for instance, a (7, 3, 1, 2) split design yields an optimal 2‑fold secure code with only 7 encoding rules, dramatically fewer than would be required without the split‑design structure. They compare these constructions with existing schemes based on secret sharing and traditional authentication codes, demonstrating that the split‑design approach can achieve the same security level with substantially reduced key storage—a crucial advantage for resource‑constrained environments such as IoT devices.

The paper concludes with a discussion of open problems. While necessary conditions for split designs are established, sufficient conditions remain elusive for most parameter sets, especially when t ≥ 3. The authors suggest that further work on algebraic constructions (e.g., using finite fields, Latin squares, or group actions) could yield broader families of split designs. They also hint at possible extensions to probabilistic or non‑linear split designs, which might relax some of the stringent combinatorial constraints while preserving multi‑fold security.

Overall, the work makes three substantive advances: (1) a general combinatorial lower bound for multi‑fold secure splitting authentication codes; (2) the introduction and initial theory of split designs that exactly characterize optimal codes; and (3) concrete constructions and comparative analysis that illustrate practical benefits. These contributions deepen the theoretical understanding of authentication code design and provide actionable guidance for engineers seeking to balance security depth against key management overhead.