Authenticated Key Agreement with Key Re-Use in the Short Authenticated Strings Model
In this paper, the authors introduce a notion of Message Authentication (MA) protocols in the Short Authenticated String (SAS) model. A SAS-MA protocol authenticates arbitrarily long messages sent over insecure channels as long as the sender and the receiver can additionally send a very short, e.g. 20 bit, authenticated message to each other. The main practical application of a SAS-MA protocol is Authenticated Key Agreement (AKA) in this communication model, i.e. SAS-AKA, which can be used for so-called \"Pairing\" of wireless devices. Subsequent work showed three-round SAS-AKA protocols.