Title :
A Comment on "MABS: Multicast Authentication Based on Batch Signature”
Author_Institution :
State Key Lab. of Inf. Security, Inst. of Inf. Eng., Beijing, China
Abstract :
Recently, Zhou et al. proposed a multicast authentication protocol named MABS which employs an efficient cryptographic primitive called batch verification to authenticate an arbitrary number of data packets simultaneously. Three implementations were presented: MABS-RSA, MABS-BLS, and MABS-DSA. In this comment, we are concerned with the last implementation, which is claimed to be much more efficient than the others. Our particular interest also lies in the fact that MABS-DSA was designed to thwart a known attack against its underlying batch DSA primitive and is claimed to be with increased security. After a careful revisit of the involved arithmetic, however, we find that the real issue lies in protocol correctness rather than security; the algorithm of MABS-DSA actually does not hold as one would expect. More specifically, even if each of the data packets was signed by an honest sender and securely delivered to the receiver, verification of the batch of signatures will still almost always fail.
Keywords :
cryptographic protocols; digital signatures; multicast protocols; public key cryptography; telecommunication security; MABS-BLS; MABS-DSA; MABS-RSA; attack; batch DSA primitive; batch signature; batch verification; cryptographic primitive; data packet; multicast authentication protocol; protocol correctness; receiver; security; Authentication; Digital signatures; Mobile computing; Protocols; Public key; Receivers; Authentication; batch verification; digital signature;
Journal_Title :
Mobile Computing, IEEE Transactions on
DOI :
10.1109/TMC.2012.119
