How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
Zero-knowledge proofs of identity
Journal of Cryptology
Digital signatures for flows and multicasts
IEEE/ACM Transactions on Networking (TON)
On the fly signatures based on factoring
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Child-proof authentication for MIPv6 (CAM)
ACM SIGCOMM Computer Communication Review
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Securing IPv6 neighbor and router discovery
WiSE '02 Proceedings of the 1st ACM workshop on Wireless security
Protecting AODV against impersonation attacks
ACM SIGMOBILE Mobile Computing and Communications Review
An Improvement of the Fiat-Shamir Identification and Signature Scheme
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Mobility helps security in ad hoc networks
Proceedings of the 4th ACM international symposium on Mobile ad hoc networking & computing
Energy aware lossless data compression
Proceedings of the 1st international conference on Mobile systems, applications and services
Security proofs for signature schemes
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
| Hi-index | 0.00 |
Cryptographically Generated Addresses (CGAs) have been designed to solve the so-called IPv6 Address Ownership problem. The current IETF CGA proposal relies on RSA signature. Generating an RSA signature is quite expensive and might be prohibitive for small devices with limited capacities. For example, a 1024-RSA signature requires approximately 1536 modular multiplications.In this paper, we propose a new CGA scheme whose verification requires fewer than 10 modular multiplications. We achieve this performance gain by (1) selecting an efficient signature scheme, namely the small prime variation of the Feige-Fiat-Shamir scheme and (2) tuning the cryptographic parameters of this signature scheme to the security strength of the CGA (i.e. the size of the hash function used to generate it).