论文信息 - How to Sign Digital Streams

How to Sign Digital Streams

We present a new efficient paradigm for signing digital streams. The problem of signing digital streams to prove their authenticity is substantially different from the problem of signing regular messages. Traditional signature schemes are message oriented and require the receiver to process the entire message before being able to authenticate its signature. However, a stream is a potentially very long (or infinite) sequence of bits that the sender sends to the receiver and the receiver is required to consumes the received bits at more or less the input rate and without excessive delay. Therefore it is infeasible for the receiver to obtain the entire stream before authenticating and consuming it. Examples of streams include digitized video and audio files, data feeds and applets. We present two solutions to the problem of authenticating digital streams. The first one is for the case of a finite stream which is entirely known to the sender (say a movie). We use this constraint to devise an extremely efficient solution. The second case is for a (potentially infinite) stream which is not known in advance to the sender (for example a live broadcast). We present proofs of security of our constructions. Our techniques also have applications in other areas, for example, efficient authentication of long files when communication is at a cost and signature based filtering at a proxy server.

Rosario Gennaro | Pankaj Rohatgi

[1] Ueli Maurer,et al. Optimal Tree-Based One-Time Digital Signature Schemes , 1996, STACS.

[2] Moni Naor,et al. Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[3] Ralph C. Merkle,et al. A Certified Digital Signature , 1989, CRYPTO.

[4] Silvio Micali,et al. How to sign given any trapdoor permutation , 1992, JACM.

[5] Ueli Maurer,et al. On the Efficiency of One-Time Digital Signatures , 1996, ASIACRYPT.

[6] T. Elgamal. A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[7] Josh Benaloh,et al. One-Way Accumulators: A Decentralized Alternative to Digital Sinatures (Extended Abstract) , 1994, EUROCRYPT.

[8] Silvio Micali,et al. A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[9] Ralph C. Merkle,et al. A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[10] Adi Shamir,et al. A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[11] Whitfield Diffie,et al. New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[12] John Rompel,et al. One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.