Digital Signatures for Flows and Multicasts

Quantified Score

Visualization

Abstract

Our concerns are data authenticity and integrity for delay-sensitive packet flows. For an individual message (packet), these concerns can be addressed by one of several popular digital signature schemes. However, these schemes are not fast enough for signing/verifying packets individually for delay-sensitive flows, such as packet video. Furthermore, for a multicasted flow, the intended receivers generally get different subsequences of packets in the flow. Existing techniques that depend upon reliable flow delivery cannot be used. In this paper, we first present and compare chaining techniques for signing/verifying multiple packets using a single signing/verification operation. We then present flow signing and verification procedures based upon a tree chaining technique. Since a single signing/verification operation is amortized over many packets, these procedures improve signing and verification rates by 1-2 orders of magnitude compared to the approach of signing/verifying packets individually. Our procedures do not depend upon reliable delivery of packets, provide delay-bounded signing, and are thus suitable for delay-sensitive flows and multicast applications. To further improve our procedures, we propose several extensions to the Feige-Fiat-Shamir digital signature scheme to speed up both the signing and verification operations, as well as to allow "adjustable verification." The extended scheme, called eFFS, is compared to four other digital signature schemes (RSA, DSA, ElGamal, Rabin) on the same computing platform. We compare their signing and verification times, as well as key and signature sizes. We observe that (i) the signing and verification operations of eFFS are highly efficient compared to the other schemes, (ii) eFFS allows a tradeoff between memory and signing/verification time, and (iii) eFFS allows adjustable and incremental verification by receivers.