Here, we propose two signature schemes that can be used in conjunction with network coding to prevent malicious modification of data. In particular, our schemes can be viewed as signing linear subspaces in the sense that a signature on V authenticates exactly those vectors in V. Our first scheme is homomorphic and has better performance, with both public key size and per-packet overhead being constant. Our second scheme does not rely on random oracles and uses weaker assumptions.
We also prove a lower bound on the length of signatures for linear subspaces showing that both of our schemes are essentially optimal in this regard.
Category / Keywords: public-key cryptography/signature schemes, network coding, pairing-based cryptography Publication Info: To appear in PKC 2009 Date: received 31 Jul 2008, last revised 23 Dec 2008 Contact author: jkatz at cs umd edu Available formats: PDF | BibTeX Citation Version: 20081223:142447 (All versions of this report) Discussion forum: Show discussion | Start new discussion