Universally composable one-time signature and broadcast authentication

Broadcast authentication is a vital security primitive for the management of a copious number of parties. In the universally composable framework, this paper investigates broadcast authentication using one-time signature based on the fact that one-time signature has efficient signature generation and verification suitable for low-power devices, and gives immediate authentication, which is a favorable property for time-critical messages. This paper first formulates a broadcast authentication model with the ideal functionalities such as one-time signature and broadcast authentication, and proposes a broadcast authentication scheme in the hybrid model. This paper then improves HORS, which is secure based on a strong assumption （i.e., a subset-resilient hash function） and presents the improved version as HORS＋, which diffiers from HORS such that it is a secure one-time signature based on weaker assumptions, i.e. one-way functions, one-way hash functions and collisionresistant hash functions. At the same time, a protocol OWC using one-way chains is proposed to provide more registered keys for multi-message broadcast authentication. Our broadcast authentication scheme constructed by the combined use of HORS＋ and OWC is universally composable secure and suitable for low-power devices.