Publications

Lower Bounds for Multicast Message Authentication

Authors: D. Boneh, G. Durfee, and M. Franklin

Abstract:
Message integrity between two parties is typically achieved by having them share a secret key to compute a Message Authentication Code (MAC). Unfortunately, this does not generalize well to the multicast settings. Consequently, integrity for multicast messages often relies on digital signatures: The sender signs the outgoing broadcast and the various receivers verify the signature. It is natural ask whether digital signatures are necessary for multicast message integrity, or whether a more lightweight mechanism can suffice. We prove that one cannot build a short collusion resistant multicast MAC without relying on digital signatures. This is in contrast to standard two party MACs that do not require signatures.

Reference:
In proceedings of Eurocrypt '2001, Lecture Notes in Computer Science, Vol. 2045, Springer-Verlag, pp. 437--452, 2001

Full paper: PostScript