Aggregate Message Authentication Codes
نویسندگان
چکیده
We propose and investigate the notion of aggregate message authentication codes (MACs) which have the property that multiple MAC tags, computed by (possibly) different senders on multiple (possibly different) messages, can be aggregated into a shorter tag that can still be verified by a recipient who shares a distinct key with each sender. We suggest aggregate MACs as an appropriate tool for authenticated communication in mobile ad-hoc networks or other settings where resource-constrained devices share distinct keys with a single entity (such as a base station), and communication is an expensive resource.
منابع مشابه
Sequential message authentication code without random oracles
Katz et al. provided a generic transform to construct aggregate message authentication codes and imposed a lower bound on the length of one aggregate MAC tag. The lower bound shows that the required tag length is at least linear with the number of messages when fast verification such as constant or logarithmic computation overhead is required. Aggregate message authentication codes are useful i...
متن کاملHistory-Free Aggregate Message Authentication Codes
Aggregate message authentication codes, as introduced by Katz and Lindell (CT-RSA 2008), combine several MACs into a single value, which has roughly the same size as an ordinary MAC. These schemes reduce the communication overhead significantly and are therefore a promising approach to achieve authenticated communication in mobile ad-hoc networks, where communication is prohibitively expensive....
متن کاملAggregate designated verifier signatures and application to secure routing
A designated verifier signature convinces only the specific recipient of the message of its integrity and origin. Following the notion of aggregate signature introduced by Boneh et al. in [3], we introduce in this work the notion of aggregate designated verifier signature. After defining the protocols and the security model for such schemes, we give a general construction which is based on mess...
متن کاملHistory-Free Sequential Aggregate Signatures
Aggregation schemes allow to combine several cryptographic values like message authentication codes or signatures into a shorter value such that, despite compression, some notion of unforgeability is preserved. Recently, Eikemeier et al. (SCN 2010) considered the notion of history-free sequential aggregation for message authentication codes, where the sequentiallyexecuted aggregation algorithm ...
متن کاملIntroducing Robustness into Message Authentication
Message Authentication Codes are very sensitive to any change of the message they are appended to. If one or more bits of the message change, Message Authentication Codes change about 50\% of their bits, making the message useless. The successful verification of Message Authentication Codes demands equality of all of bits of the received Message Authentication Code and that one recalculated of ...
متن کامل