Paper 2006/087

Analysis of the SPV Secure Routing Protocol: Weaknesses and Lessons

Barath Raghavan, Saurabh Panjwani, and Anton Mityagin


We analyze a secure routing protocol, Secure Path Vector (SPV), proposed in SIGCOMM 2004. SPV aims to provide authenticity for route announcements in the Border Gateway Protocol (BGP) using an efficient alternative to ordinary digital signatures, called constant-time signatures. Today, SPV is often considered the best cryptographic defense for BGP. We find subtle flaws in the design of SPV which lead to attacks that can be mounted by 60% of Autonomous Systems in the Internet. In addition, we study several of SPV's design decisions and assumptions and highlight the requirements for security of routing protocols. In light of our analysis, we reexamine the need for constant-time signatures and find that certain standard digital signature schemes can provide the same level of efficiency for route authenticity.

Available format(s)
Publication info
Published elsewhere. ACM SIGCOMM Computer Communications Review, April 2007
Contact author(s)
barath @ cs ucsd edu
2007-04-26: last of 4 revisions
2006-03-07: received
See all versions
Short URL
Creative Commons Attribution


      author = {Barath Raghavan and Saurabh Panjwani and Anton Mityagin},
      title = {Analysis of the SPV Secure Routing Protocol: Weaknesses and Lessons},
      howpublished = {Cryptology ePrint Archive, Paper 2006/087},
      year = {2006},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.