Better than BiBa: Short One-Time Signatures with Fast Signing and Verifying

  • Leonid Reyzin
  • Natan Reyzin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2384)


One-time signature schemes have found numerous applications: in ordinary, on-line/off-line, and forward-secure signatures. More recently, they have been used in multicast and broadcast authentication. We propose a one-time signature scheme with very efficient signing and verifying, and short signatures. Our scheme is well-suited for broadcast authentication, and, in fact, can be viewed as an improvement of the BiBa one-time signature (proposed by Perrig in CCS 2001 for broadcast authentication).


Hash Function Signature Scheme Authentication Scheme Random Oracle Hash Family 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AR00]
    Michel Abdalla and Leonid Reyzin. A new forward-secure digital signature scheme. In Tatsuaki Okamoto, editor, Advances in Cryptology— ASIACRYPT 2000, volume 1976 of Lecture Notes in Computer Science, pages 116–129, Kyoto, Japan, 3–7 December 2000. Springer-Verlag. Full version available from the Cryptology ePrint Archive, record 2000/002, Scholar
  2. [BC92]
    Jurjen N. E. Bos and David Chaum. Provably unforgeable signatures. In Ernest F. Brickell, editor, Advances in Cryptology— CRYPTO’92, volume 740 of Lecture Notes in Computer Science, pages 1–14. Springer-Verlag, 1993, 16–20 August 1992.Google Scholar
  3. [BM94]
    Daniel Bleichenbacher and Ueli M. Maurer. Directed acyclic graphs, oneway functions and digital signatures. In Yvo G. Desmedt, editor, Advances in Cryptology—CRYPTO’ 94, volume 839 of Lecture Notes in Computer Science, pages 75–82. Springer-Verlag, 21–25 August 1994.Google Scholar
  4. [BM96a]
    Daniel Bleichenbacher and Ueli M. Maurer. On the efficiency of one-time digital signatures. In Kwangjo Kim and Tsutomu Matsumoto, editors, Advances in Cryptology—ASIACRYPT’ 96, volume 1163 of Lecture Notes in Computer Science, pages 145–158, Kyongju, Korea, 3–7 November 1996. Springer-Verlag.CrossRefGoogle Scholar
  5. [BM96b]
    Daniel Bleichenbacher and Ueli M. Maurer. Optimal tree-based one-time digital signature schemes. In Claude Puech and Rüdiger Reischuk, editors, Symposium on Theoretical Aspects of Computer Science, volume 1046 of Lecture Notes in Computer Science, pages 363–374. Springer-Verlag, 1996.Google Scholar
  6. [DBP96]
    Hans Dobbertin, Antoon Bosselaers, and Bart Preneel. RIPEMD-160: A strengthened version of RIPEMD. In D. Gollmann, editor, Fast Software Encryption. Third International Workshop Proceedings. Springer-Verlag, 1996.Google Scholar
  7. [EGM96]
    Shimon Even, Oded Goldreich, and Silvio Micali. On-line/off-line digital signatures. Journal of Cryptology, 9(1):35–67, Winter 1996.zbMATHMathSciNetCrossRefGoogle Scholar
  8. [GMR88]
    Shafi Goldwasser, Silvio Micali, and Ronald L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2):281–308, April 1988.Google Scholar
  9. [Lam79]
    Leslie Lamport. Constructing digital signatures from a one way function. Technical Report CSL-98, SRI International, October 1979.Google Scholar
  10. [Mer82]
    Ralph C. Merkle. Secrecy, Authentication, and Public Key Systems. UMI Research Press, 1982.Google Scholar
  11. [Mer87]
    Ralph C. Merkle. A digital signature based on a conventional encryption function. In Carl Pomerance, editor, Advances in Cryptology— CRYPTO’ 87, volume 293 of Lecture Notes in Computer Science, pages 369–378. Springer-Verlag, 1988, 16–20 August 1987.Google Scholar
  12. [Mer89]
    Ralph C. Merkle. A certified digital signature. In G. Brassard, editor, Advances in Cryptology—CRYPTO’ 89, volume 435 of Lecture Notes in Computer Science, pages 218–238. Springer-Verlag, 1990, 20–24 August 1989.CrossRefGoogle Scholar
  13. [MM82]
    Carl H. Meyer and Stephen M. Matyas. Cryptography: A New Dimension in Computer Data Security. John Wiley & Sons, 1982.Google Scholar
  14. [NIS95]
    FIPS Publication 180-1: Secure Hash Standard. National Institute of Standards and Technology (NIST), April 1995. Available from
  15. [Per01]
    Adrian Perrig. The BiBa one-time signature and broadcast authentication protocol. In Eighth ACM Conference on Computer and Communication Security, pages 28–37. ACM, November 5–8 2001.Google Scholar
  16. [Rab78]
    Michael O. Rabin. Digitalized signatures. In Richard A. Demillo, David P. Dobkin, Anita K. Jones, and Richard J. Lipton, editors, Foundations of Secure Computation, pages 155–168. Academic Press, 1978.Google Scholar
  17. [Roh99]
    Pankaj Rohatgi. A compact and fast hybrid signature scheme for multicast packet authentication. In Sixth ACM Conference on Computer and Communication Security, pages 93–100. ACM, November 1999.Google Scholar
  18. [Vau92]
    Serge Vaudenay. One-time identification with low memory. In P. Camion, P. Charpin, S. Harari, and G. Cohen, editors, Proceedings of EUROCODE’ 92, Lecture Notes in Computer Science, pages 217–228. Springer-Verlag, 1992.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Leonid Reyzin
    • 1
  • Natan Reyzin
    • 1
  1. 1.Boston UniversityBoston

Personalised recommendations