Authentication of Concast Communication

“…It is shown in [1] that Scheme 3 is secure if the underlying signature scheme is secure. Unfortunately, we have already observed that the underlying signature scheme is not secure.…”

“…However, in Scheme 3 from [1], a different verification procedure is suggested, which can be described as follows:…”

“…Al-Ibrahim, Ghodosi and Pieprzyk [1] describe some methods of "batch" signature verification. Their Scheme 3 involves no interaction between the signers of the messages, and thus it is the preferred scheme for practical applications of concast communication.…”

“…Their Scheme 3 involves no interaction between the signers of the messages, and thus it is the preferred scheme for practical applications of concast communication. In this note, we show that Scheme 3 from [1] is insecure by describing how anyone can forge valid signatures. More precisely, this is a selective forgery using a key-only attack (see [2] for definitions of attacks on signature schemes).…”

Attack on a concast signature scheme

“…It is shown in [1] that Scheme 3 is secure if the underlying signature scheme is secure. Unfortunately, we have already observed that the underlying signature scheme is not secure.…”

“…However, in Scheme 3 from [1], a different verification procedure is suggested, which can be described as follows:…”

“…Al-Ibrahim, Ghodosi and Pieprzyk [1] describe some methods of "batch" signature verification. Their Scheme 3 involves no interaction between the signers of the messages, and thus it is the preferred scheme for practical applications of concast communication.…”

“…Their Scheme 3 involves no interaction between the signers of the messages, and thus it is the preferred scheme for practical applications of concast communication. In this note, we show that Scheme 3 from [1] is insecure by describing how anyone can forge valid signatures. More precisely, this is a selective forgery using a key-only attack (see [2] for definitions of attacks on signature schemes).…”

Attack on a concast signature scheme

“…History shows that secure batch verification algorithms are tricky to construct; a number of schemes were presented and subsequently broken or shown to be otherwise flawed. One example is the scheme of Al-Ibrahim et al [1], which was broken by Stinson in [39]. Camenisch et al list and reference ten proposed schemes which were later broken [8, §1.2].…”

Group Testing and Batch Verification

Efficient batch authentication for hierarchical wireless sensor networks