Aggregate Designated Verifier Signatures and Application to Secure Routing.pdfVIP

Aggregate Designated Verifier Signatures and Application to Secure Routing Abstract A designated verifier signature convinces only the specific recipient of the message of its integrity and origin. Following the notion of aggregate signature introduced by Boneh et al. in [3], we introduce in this work the notion of aggregate designated verifier signature. After defining the protocols and the security model for such schemes, we give a general construction which is based on message authentication codes, and that can be extended to an identity- based scenario. The resulting schemes are proved to be secure under the CDH assumption, in the random oracle model. They are much more efficient than standard aggregate signature schemes, at the price of loosing some properties of standard signatures, in particular non-repudiation. Finally we explain the possible application of aggregate designated verifier signatures to the authentication of messages in routing protocols. We compare our new scheme with existing standard aggregate signature schemes and show why our solution with aggregate designated verifier signatures is more suitable for securing routing in mobile ad-hoc networks. Keywords: aggregate designated verifier signatures, MAC, ad hoc networks, routing protocols 1 Introduction Ensuring the integrity and the authenticity of the origin of a message is one of the goals of cryptography. This can be achieved by several authentication tools. For example, in a symmetric cryptography scenario, one can use message authentica- tion codes to produce symmetric signatures; both processes of signing and verifying depend on a common secret