Homomorphic Network Coding Signatures in the Standard Model

Network coding is known to provide improved resilience to packet loss and increased throughput. Unlike traditional routing techniques, it allows network nodes to perform transformations on packets they receive before transmitting them. For this reason, packets cannot be authenticated using ordinary digital signatures, which makes it difficult to hedge against pollution attacks, where malicious nodes inject bogus packets in the network. To address this problem, recent works introduced signature schemes allowing to sign linear subspaces (namely, verification can be made w.r.t. any vector of that subspace) and which are well-suited to the network coding scenario. Currently known network coding signatures in the standard model are not homomorphic in that the signer is forced to sign all vectors of a given subspace at once. This paper describes the first homomorphic network coding signatures in the standard model: the security proof does not use random oracles and, at the same time, the scheme allows signing individual vectors on-the-fly and has constant per-packet overhead in terms of signature size. The construction is based on the dual encryption technique introduced by Waters (Crypto'09) to prove the security of hierarchical identity-based encryption schemes.

[1]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[2]  Henri Gilbert,et al.  Advances in Cryptology - EUROCRYPT 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Monaco / French Riviera, May 30 - June 3, 2010. Proceedings , 2010, EUROCRYPT.

[3]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[4]  Rudolf Ahlswede,et al.  Network information flow , 2000, IEEE Trans. Inf. Theory.

[5]  Kamal Jain,et al.  Signatures for Network Coding , 2006 .

[6]  Bart Preneel,et al.  Topics in Cryptology — CT-RSA 2002 , 2002, Lecture Notes in Computer Science.

[7]  April Rasala Lehman Network coding , 2005 .

[8]  Dawn Xiaodong Song,et al.  Homomorphic Signature Schemes , 2002, CT-RSA.

[9]  Jonathan Katz,et al.  Secure Network Coding Over the Integers , 2010, IACR Cryptol. ePrint Arch..

[10]  Tracey Ho,et al.  Resilient network coding in the presence of Byzantine adversaries , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[11]  Shuo-Yen Robert Li,et al.  Linear network coding , 2003, IEEE Trans. Inf. Theory.

[12]  Fang Zhao,et al.  Signatures for Content Distribution with Network Coding , 2007, 2007 IEEE International Symposium on Information Theory.

[13]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[14]  Allison Bishop,et al.  New Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts , 2010, IACR Cryptol. ePrint Arch..

[15]  Josef Pieprzyk,et al.  Advances in Cryptology - ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, December 7-11, 2008. Proceedings , 2008, ASIACRYPT.

[16]  Jonathan Katz,et al.  Signing a Linear Subspace: Signature Schemes for Network Coding , 2009, IACR Cryptol. ePrint Arch..

[17]  Shai Halevi Advances in Cryptology - CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2009. Proceedings , 2009, CRYPTO.

[18]  Dan Boneh,et al.  Generalized Identity Based and Broadcast Encryption Schemes , 2008, ASIACRYPT.

[19]  Christina Fragouli,et al.  Network Coding Fundamentals , 2007, Found. Trends Netw..

[20]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[21]  Dan Boneh,et al.  Homomorphic MACs: MAC-Based Integrity for Network Coding , 2009, ACNS.

[22]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[23]  David Mazières,et al.  On-the-fly verification of rateless erasure codes for efficient content distribution , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[24]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[25]  Dan Boneh,et al.  Preventing Pollution Attacks in Multi-Source Network Coding , 2010, IACR Cryptol. ePrint Arch..

[26]  Christos Gkantsidis,et al.  Network coding for large scale content distribution , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[27]  Aggelos Kiayias,et al.  Multi-query Computationally-Private Information Retrieval with Constant Communication Rate , 2010, Public Key Cryptography.

[28]  Stanislaw Jarecki,et al.  Public Key Cryptography – PKC 2009 , 2009, Lecture Notes in Computer Science.

[29]  David Mandell Freeman,et al.  Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups , 2010, EUROCRYPT.

[30]  Minghua Chen,et al.  RIPPLE Authentication for Network Coding , 2010, 2010 Proceedings IEEE INFOCOM.

[31]  Brent Waters,et al.  Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions , 2009, IACR Cryptol. ePrint Arch..

[32]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[33]  Brian J. Matt Identification of Multiple Invalid Signatures in Pairing-Based Batched Signatures , 2009, Public Key Cryptography.

[34]  Tracey Ho,et al.  Byzantine modification detection in multicast networks using randomized network coding , 2004, International Symposium onInformation Theory, 2004. ISIT 2004. Proceedings..

[35]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[36]  Aggelos Kiayias,et al.  BiTR: Built-in Tamper Resilience , 2011, IACR Cryptol. ePrint Arch..