Signing a Linear Subspace: Signature Schemes for Network Coding

  • Dan Boneh
  • David Freeman
  • Jonathan Katz
  • Brent Waters
Conference paper

DOI: 10.1007/978-3-642-00468-1_5

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5443)
Cite this paper as:
Boneh D., Freeman D., Katz J., Waters B. (2009) Signing a Linear Subspace: Signature Schemes for Network Coding. In: Jarecki S., Tsudik G. (eds) Public Key Cryptography – PKC 2009. PKC 2009. Lecture Notes in Computer Science, vol 5443. Springer, Berlin, Heidelberg


Network coding offers increased throughput and improved robustness to random faults in completely decentralized networks. In contrast to traditional routing schemes, however, network coding requires intermediate nodes to modify data packets en route; for this reason, standard signature schemes are inapplicable and it is a challenge to provide resilience to tampering by malicious nodes.

We propose two signature schemes that can be used in conjunction with network coding to prevent malicious modification of data. Our schemes can be viewed as signing linear subspaces in the sense that a signature σ on a subspace V authenticates exactly those vectors in V. Our first scheme is (suitably) homomorphic and has constant public-key size and per-packet overhead. Our second scheme does not rely on random oracles and is based on weaker assumptions.

We also prove a lower bound on the length of signatures for linear subspaces showing that our schemes are essentially optimal in this regard.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Dan Boneh
    • 1
  • David Freeman
    • 2
  • Jonathan Katz
    • 3
  • Brent Waters
    • 4
  1. 1.Stanford University 
  2. 2.CWI and Universiteit Leiden 
  3. 3.University of Maryland 
  4. 4.University of Texas at Austin 

Personalised recommendations