hfinney@shell.portal.com writes:
I have read one paper which attempts to solve this problem, called "Human Identification through Insecure Channel". Unfortunately my papers are in a mess right now so I don't have the reference handy. It was by some Japnese researchers, published in one of the proceedings books. I believe a follow-on paper was published within the last year or two which had some improvements or corrections to their algorithm. Sorry to be so vague, I'll try to dig out more info over the weekend.
The article, by T. Matsumoto and H. Imai, was in Eurocrypt '91, which is published as vol. 547 of "Lecture notes in computer science". The only followup article I could find was: C.-H. Wang, T. Hwang, and J.-J. Tsai, "On the Matsumoto and Imai's [sic] human identification scheme." (LNCS 921, 1995)
I am sure better algorithms can be found for this purpose if mental cryptography is made explicit as a design goal. Perhaps it should be?
It's a hard problem to solve in general because you have only a human mind to do the identification algorithm but you have computers to try to break it. But I would like to see the problem get more attention.
It may be that the approach is off anyway. Credit cards have only signature verification -- if the salesperson bothers -- because stolen cards are reported. You don't need a strong authentication technique if a stolen card is easy to cancel. Of course, perhaps this encourages someone to steal your card and incapacitate you before you can report it. That's why we have PINs... so that someone can steal your card, threaten you until you reveal your PIN, and then incapacitate you... Hmm... Even with a weak PIN system for authentication, you can always provide a "duress" PIN, right? nathan