Better than BiBa: Short One-Time Signatures with Fast Signing and Verifying
One-time signature schemes have found numerous applications: in ordinary, on-line/off-line, and forward-secure signatures. More recently, they have been used in multicast and broadcast authentication. We propose a one-time signature scheme with very efficient signing and verifying, and short signatures. Our scheme is well-suited for broadcast authentication, and, in fact, can be viewed as an improvement of the BiBa one-time signature (proposed by Perrig in CCS 2001 for broadcast authentication).
KeywordsHash Function Signature Scheme Authentication Scheme Random Oracle Hash Family
Unable to display preview. Download preview PDF.
- [AR00]Michel Abdalla and Leonid Reyzin. A new forward-secure digital signature scheme. In Tatsuaki Okamoto, editor, Advances in Cryptology— ASIACRYPT 2000, volume 1976 of Lecture Notes in Computer Science, pages 116–129, Kyoto, Japan, 3–7 December 2000. Springer-Verlag. Full version available from the Cryptology ePrint Archive, record 2000/002, http://eprint.iacr.org/.CrossRefGoogle Scholar
- [BC92]Jurjen N. E. Bos and David Chaum. Provably unforgeable signatures. In Ernest F. Brickell, editor, Advances in Cryptology— CRYPTO’92, volume 740 of Lecture Notes in Computer Science, pages 1–14. Springer-Verlag, 1993, 16–20 August 1992.Google Scholar
- [BM94]Daniel Bleichenbacher and Ueli M. Maurer. Directed acyclic graphs, oneway functions and digital signatures. In Yvo G. Desmedt, editor, Advances in Cryptology—CRYPTO’ 94, volume 839 of Lecture Notes in Computer Science, pages 75–82. Springer-Verlag, 21–25 August 1994.Google Scholar
- [BM96a]Daniel Bleichenbacher and Ueli M. Maurer. On the efficiency of one-time digital signatures. In Kwangjo Kim and Tsutomu Matsumoto, editors, Advances in Cryptology—ASIACRYPT’ 96, volume 1163 of Lecture Notes in Computer Science, pages 145–158, Kyongju, Korea, 3–7 November 1996. Springer-Verlag.CrossRefGoogle Scholar
- [BM96b]Daniel Bleichenbacher and Ueli M. Maurer. Optimal tree-based one-time digital signature schemes. In Claude Puech and Rüdiger Reischuk, editors, Symposium on Theoretical Aspects of Computer Science, volume 1046 of Lecture Notes in Computer Science, pages 363–374. Springer-Verlag, 1996.Google Scholar
- [DBP96]Hans Dobbertin, Antoon Bosselaers, and Bart Preneel. RIPEMD-160: A strengthened version of RIPEMD. In D. Gollmann, editor, Fast Software Encryption. Third International Workshop Proceedings. Springer-Verlag, 1996.Google Scholar
- [GMR88]Shafi Goldwasser, Silvio Micali, and Ronald L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2):281–308, April 1988.Google Scholar
- [Lam79]Leslie Lamport. Constructing digital signatures from a one way function. Technical Report CSL-98, SRI International, October 1979.Google Scholar
- [Mer82]Ralph C. Merkle. Secrecy, Authentication, and Public Key Systems. UMI Research Press, 1982.Google Scholar
- [Mer87]Ralph C. Merkle. A digital signature based on a conventional encryption function. In Carl Pomerance, editor, Advances in Cryptology— CRYPTO’ 87, volume 293 of Lecture Notes in Computer Science, pages 369–378. Springer-Verlag, 1988, 16–20 August 1987.Google Scholar
- [MM82]Carl H. Meyer and Stephen M. Matyas. Cryptography: A New Dimension in Computer Data Security. John Wiley & Sons, 1982.Google Scholar
- [NIS95]FIPS Publication 180-1: Secure Hash Standard. National Institute of Standards and Technology (NIST), April 1995. Available from http://csrc.nist.gov/fips/.
- [Per01]Adrian Perrig. The BiBa one-time signature and broadcast authentication protocol. In Eighth ACM Conference on Computer and Communication Security, pages 28–37. ACM, November 5–8 2001.Google Scholar
- [Rab78]Michael O. Rabin. Digitalized signatures. In Richard A. Demillo, David P. Dobkin, Anita K. Jones, and Richard J. Lipton, editors, Foundations of Secure Computation, pages 155–168. Academic Press, 1978.Google Scholar
- [Roh99]Pankaj Rohatgi. A compact and fast hybrid signature scheme for multicast packet authentication. In Sixth ACM Conference on Computer and Communication Security, pages 93–100. ACM, November 1999.Google Scholar
- [Vau92]Serge Vaudenay. One-time identification with low memory. In P. Camion, P. Charpin, S. Harari, and G. Cohen, editors, Proceedings of EUROCODE’ 92, Lecture Notes in Computer Science, pages 217–228. Springer-Verlag, 1992.Google Scholar