Forward-Secure Sequential Aggregate Message Authentication Revisited

  • Shoichi Hirose
  • Hidenori Kuwakado
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8782)


The notion of forward-secure sequential aggregate message authentication was introduced by Ma and Tsudik in 2007. It is suitable for applications such as audit logging systems and wireless sensor networks. Ma and Tsudik also constructed a scheme with a MAC function and a collision resistant hash function. However, the notion has not been fully formalized and the security of the scheme has not been confirmed. In this paper, forward-secure sequential aggregate message authentication schemes and their security are formalized. Then, a generic construction with a MAC function and a pseudorandom generator is presented. It is also shown that the construction is secure if the underlying primitives are secure.


Hash Function Message Authentication Code Message Authentication Pseudorandom Function Oracle Access 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M.: New proofs for NMAC and HMAC: Security without collision-resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 602–619. Springer, Heidelberg (2006), The full version is “Cryptology ePrint Archive: Report 2006/043” at CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Canetti, R., Krawczyk, H.: Pseudorandom functions revisited: The cascade construction and its concrete security. In: Proceedings of the 37th IEEE Symposium on Foundations of Computer Science, pp. 514–523 (1996)Google Scholar
  3. 3.
    Bellare, M., Miner, S.K.: A forward-secure digital signature scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Yee, B.S.: Forward integrity for secure audit logs. Technical report, University of California, San Diego (1997)Google Scholar
  5. 5.
    Bellare, M., Yee, B.S.: Forward-security in private-key cryptography. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 1–18. Springer, Heidelberg (2003), The full version is IACR Cryptology ePrint Archive: Report 2001/035 at CrossRefGoogle Scholar
  6. 6.
    Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo-random bits. SIAM Journal of Computing 13(4), 850–864 (1984)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Eikemeier, O., Fischlin, M., Götzmann, J.-F., Lehmann, A., Schröder, D., Schröder, P., Wagner, D.: History-free aggregate message authentication codes. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 309–328. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  8. 8.
    FIPS PUB 198-1. The keyed-hash message authentication code, HMAC (2008)Google Scholar
  9. 9.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. Journal of the ACM 33(4), 792–807 (1986)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Günther, C.G.: An identity-based key-exchange protocol. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 29–37. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  11. 11.
    Iwata, T., Kurosawa, K.: OMAC: One-key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003), An updated version is “Cryptology ePrint Archive: Report 2002/180” at CrossRefGoogle Scholar
  12. 12.
    Katz, J., Lindell, A.Y.: Aggregate message authentication codes. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 155–169. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Lysyanskaya, A., Micali, S., Reyzin, L., Shacham, H.: Sequential aggregate signatures from trapdoor permutations. In: Cachin, C., Camenisch, J. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 74–90. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. 14.
    Ma, D., Tsudik, G.: Extended abstract: Forward-secure sequential aggregate authentication. In: IEEE Symposium on Security and Privacy, pp. 86–91. IEEE Computer Society (2007), Also published as IACR Cryptology ePrint Archive: Report 2007/052 at
  15. 15.
    Ma, D., Tsudik, G.: A new approach to secure logging. ACM Transactions on Storage 5(1), 2:1–2:21 (2009)Google Scholar
  16. 16.
    Maurer, U.M., Sjödin, J.: Single-key AIL-MACs from any FIL-MAC. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 472–484. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    NIST Special Publication 800-38B. Recommendation for block cipher modes of operation: The CMAC mode for authentication (2005)Google Scholar
  18. 18.
    Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics. ACM Transactions on Information and System Security 2(2), 159–176 (1999)CrossRefGoogle Scholar
  19. 19.
    Simon, D.R.: Findings collisions on a one-way street: Can secure hash functions be based on general assumptions? In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 334–345. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  20. 20.
    Wang, B., Hong, X.: Sequential message authentication code without random oracles. Cryptology ePrint Archive, Report 2013/444 (2013),
  21. 21.
    Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD. In: Cryptology ePrint Archive, Report 2004/199 (2004),
  22. 22.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Shoichi Hirose
    • 1
  • Hidenori Kuwakado
    • 2
  1. 1.Graduate School of EngineeringUniversity of FukuiJapan
  2. 2.Faculty of InformaticsKansai UniversityJapan

Personalised recommendations