Joint State Theorems for Public-Key Encryption and Digital Signature Functionalities with Local Comp

阅读全文 阅读(1) 评论(0) 2008-04-21 21:24

 Sequential Aggregate Signatures and Multisignatures Without Random oracles

阅读全文 阅读(5) 评论(0) 2008-03-13 21:31

 Identity-Based Aggregate Signatures

阅读全文 阅读(10) 评论(0) 2008-03-04 22:31

 Batch Verification of Short Signatures

2007 8-1

Abstract: With computer networks spreading into a variety of new environments, the need to authenticate and secure communication grows. Many of these new enviroments have particular requirements on the applicable cryptographic primitives. For instance, several applications require that communication overhead be small and that many messages be processed at the same time. In this paper we consider the suitability of public key signatures in the latter scenario. That is, we consider signatures that are 1) short and 2) where many signatures from (possibly) different signers on (possibly) different messages can be verified quickly. Prior work focused almost exclusively on batching signatures from the same signer.

Introduction

As the world moves towards pervasive(普通深入的) computing and communication, devices from vehicles to dog collars will soon be expected to communicate with their environments. For example, many governments and industry consortia(公会) are currently planning for the future of intelligent cars that constantly communicate with each other and transportation infrastructure to prevent accidents and to help alleviate traffic congestion. Raya and Hubaux suggest that vehicles will transmit safety messages every 300ms to all other vehicles within a minimum range of 110 meters, which in turn may retransmit these messages.

For such pervasive systems to work properly, there are many competing constraints. First, there are physical limitations, such as a limited spectrum allocation for specific types of communications and the potential roaming(漫游) nature of devices, that messages be dept very short and (security) overhead be minimal. Yet for messages to be trusted by their recipients, they need to be authenticated in some fashion, so that entities spreading false information can be held accountable. Thus, some short form of authentication must be added. Third, different messages from many different signers may need to be verified and processed quickly (e.g. every 300ms). A possible fourth constraint that these authentications remain anonymous or pseudonymous, we leave as an exciting open problem.

In this work, we consider the suitability of public key signatures to the needs of pervasive communication applications. Generating one signature every 300ms is not a problem for current systems, but transmitting and /or verifying 100+ messages per second might pose a problem. Using RSA signatures for example seems attractive as they are verified quickly, however, one would need approximately 3000 bits to represent a signature on a message plus the certificate (i.e., the public key and signature on that public key) which might be too much for some applications. While many new schemes based on bilinear maps can provide the same security with significantly smaller signatures, they take significantly more time to verify. Thus, it is not immediately clear what the proper tradeoff between message length and verification time is for many pervasive commuincation applications. However, in some applications, there is evidence that doing a small amount of additional computation is more advantageous than sending longer messages. For example, Landsiedel, Wehrle, and Gotz showed that for applications using Mica2 sensors transmitting data consumes significantly more battery power than keeping the CPU active.

Fast verification of many signatures are an interesting problem in other scenarios as well. Consider a scenario where a mail server receives a lot of signed e-mails. To handle a variety of different e-mail clients on the internal network, it is easier to let the server do signature verification and insert a message into the body of the e-mail about who signed it. Assuming the internal network and the mail server are secure, clients can rely on the signature being correct without having to verify it themselves. However, the actual digital signature can still be attached to the e-mail should a dispute about the authenticity of the message later arise. To keep resource usage on the server to a minimum, signature verification should be fast, but we can take advantage of the fact that the server can buffer messages for short period before verifying all of them.

阅读全文 阅读(8) 评论(0) 2008-02-27 11:23

 计划---一百篇论文的摘要和引言

阅读全文 阅读(6) 评论(0) 2008-02-27 10:04

共有5篇文章，浏览更多 >>