¡@

When one-time signatures are used for stream authentication, one of the most serious drawbacks is that their large signature size yields high communication overhead. In this paper, we present two efficient one-time signature schemes for stream authentication. Compared with the previous schemes, these schemes have the smallest signature sizes. Moreover, their verification overheads are low. The signature size of Scheme 1 is smaller than that of Scheme 2 whereas Scheme 2 has much smaller signing cost: it requires only 2 hash operations in the majority of cases. Although Scheme 1¡¦s signing cost is relatively high, it can be parallelized without any additional risk because sharing the private key among distributed servers is not required.

Keywords: information theory, security, cryptography, authentication, digital signature, stream distribution

Retrieve PDF document (200605_09.pdf)

Received May 7, 2004; revised April 26, 2005; accepted November 2, 2005.
Communicated by Shiuhpyng Shieh.
^* A preliminary version of this paper has appeared on the technical/industrial track of ACNS 2004.
¹ In the Internet, streamed media is transmitted in the unit of IP packet. If a stream chunk (or its signature) is partially transmitted to the receivers by IP packet loss, it will be unverifiable. The larger the size of each chunk, the more frequently partial transmission occurs and the more chunks will be unverifiable. Hence, the size of a chunk should be much smaller than that of IP packet which is usually 4096 bytes.