Abstract
Broadcast authentication is a vital security primitive for the management of a copious number of parties. In the universally composable framework, this paper investigates broadcast authentication using one-time signature based on the fact that one-time signature has efficient signature generation and verification suitable for low-power devices, and gives immediate authentication, which is a favorable property for time-critical messages. This paper first formulates a broadcast authentication model with the ideal functionalities such as one-time signature and broadcast authentication, and proposes a broadcast authentication scheme in the hybrid model. This paper then improves HORS, which is secure based on a strong assumption (i.e., a subset-resilient hash function) and presents the improved version as HORS+, which differs from HORS such that it is a secure one-time signature based on weaker assumptions, i.e. one-way functions, one-way hash functions and collision-resistant hash functions. At the same time, a protocol OWC using one-way chains is proposed to provide more registered keys for multi-message broadcast authentication. Our broadcast authentication scheme constructed by the combined use of HORS+ and OWC is universally composable secure and suitable for low-power devices.
Similar content being viewed by others
References
Wang Y, Attebury G, Ramamurthy B. A survey of security issues in wireless sensor networks. IEEE Commun Surveys & Tutorials, 2006, 8: 2–23
Perrig A, Szewczyk R, Wen V, et al. SPINS: Security protocols for sensor networks. In: Proceedings of ACM Conference on Mobile Computing and Networks (MobiCom). New York: ACM, 2001. 189–199
Luk M, Perrig A, Whillock B. Seven cardinal properties of sensor network broadcast authentication. In: ACM Workshop on Security of Ad Hoc and Sensor Networks, (SASN). New York: ACM, 2001
Lamport L. Constructing digital signatures from a one-way function. Technical Report SRI-CSL-98, SRI International Computer Science Laboratory, October 1979
Merkle R C. A digital signature based on a conventional encryption function. In: Pomerance C, ed. CRYPTO’87. Berlin: Springer, 1987. 369–378
Merkle R C. A certified digital signature. In: Advances in Cryptology-CRYPTO’89. Berlin: Springer, 1989. 218–238
Bos J N, Chaum D. Provably unforgeable signatures. In: Advances in Cryptology-CRYPTO’92. Berlin: Springer, 1992. 1–14
Bleichenbacher D, Maurer U M. Directed acyclic graphs, one-way functions and digital signatures. In: Advances in Cryptology-CRYPTO’94. Berlin: Springer, 1994. 75–82
Bleichenbacher D, Maurer U M. On the efficiency of one-time digital signatures. In: Advances in Cryptology-ASIACRYPT’96. Berlin: Springer, 1996. 145–158
Bleichenbacher D, Maurer U M. Optimal tree-based one-time digital signature schemes. In: STACS 96, 13th Annual Symposium on Theoretical Aspects of Computer Science, LNCS 1046. Berlin: Springer, 1996. 363–374
Even S, Goldreich O, Micali S. On-line/off-line digital schemes. In: Brassard G, ed. Advances in Cryptology-CRYPTO’89. Berlin: Springer, 1989. 263–275
Hevia A, Micciancio D. The provable security of graph-based one-time signatures and extensions to algebraic signature schemes. in: ASIACRYPT 2002, LNCS 2501. Berlin: Springer, 2002. 379–396
Perrig A. The BiBa one-time signature and broadcast authentication protocol. In: Proceedings of the 8th ACM Conference on Computer and Communications Security. New York: ACM, 2001. 28–37
Mitzenmacher M, Perrig A. Bounds and improvements for BiBa signature schemes. No. TR-02-02, Computer Science Group, Harvard University, USA, 2002
Reyzin L, Reyzin N. Better than BiBa: Short one-time signatures with fast signing and verifying. In: Information Security and Privacy. In: 7th Australian Conference, ACISP 2002. Berlin: Springer, 2002. 144–153
Pieprzyk J, Wang H X, Xing C P. Multiple-time signature schemes against adaptive chosen message attacks. In: Selected Areas in Cryptography, SAC 2003. Berlin: Springer, 2003. 88–100
Park Y, Cho Y. Efficient one-time signature schemes for stream authentication. J Inf Sci Eng, 2006, 22: 611–624
Canetti R. Universally composable security: A new paradigm for cryptographic protocols. A revised version (2005) is available at IACR Eprint Archive, http://eprint.iacr.org/2000/067
Zhang F, Ma J F, Moon S J. Universally composable anonymous Hash certification model. Sci China Ser F-Inf Sci, 2007, 50: 440–455
Feng T, Li F H, Ma J F, et al. A new approach for UC security concurrent deniable authentication. Sci China Ser F-Inf Sci, 2008, 51: 352–367
Canetti R. Universally composable signatures, certification, and authenticated communication. In: Proceedings of 17th Computer Security Foundations Workshop (CSFW). Washington, DC: IEEE Computer Society, 2004
Goldreich O. The Foundations of Cryptography. Cambridge: Cambridge University Press, 2001
Goldwasser S, Bellare M. Lecture Note on Cryptography. http://www-cse.ucsd.edu/ mihir/papers/gb.html
Bicakci K, Baykal N. Infinite length hash chains and their applications. In: Proceedings of the Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE’02). Washington, DC: IEEE Computer Society, 2002
Hu Y, Jakobsson M, Perrig A. Efficient constructions for one-way hash chains. In: Conference on Applied Cryptography and Network Security (ACNS) 2005. New York: ACM, 2005
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Zhang, J., Ma, J. & Moon, S. Universally composable one-time signature and broadcast authentication. Sci. China Inf. Sci. 53, 567–580 (2010). https://doi.org/10.1007/s11432-010-0056-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11432-010-0056-2