How to sign digital streams

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1294)


We present a new efficient paradigm for signing digital streams. The problem of signing digital streams to prove their authenticity is substantially different from the problem of signing regular messages. Traditional signature schemes are message oriented and require the receiver to process the entire message before being able to authenticate its signature. However, a stream is a potentially very long (or infinite) sequence of bits that the sender sends to the receiver and the receiver is required to consumes the received bits at more or less the input rate and without excessive delay. Therefore it is infeasible for the receiver to obtain the entire stream before authenticating and consuming it. Examples of streams include digitized video and audio files, data feeds and applets. We present two solutions to the problem of authenticating digital streams. The first one is for the case of a finite stream which is entirely known to the sender (say a movie). We use this constraint to devise an extremely efficient solution. The second case is for a (potentially infinite) stream which is not known in advance to the sender (for example a live broadcast). We present proofs of security of our constructions. Our techniques also have applications in other areas, for example, efficient authentication of long files when communication is at a cost and signature based filtering at a proxy server.


Hash Function Signature Scheme Message Authentication Code Proxy Server Authentication Information 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    M. Bellare, S. Micali. How to Sign Given any Trapdoor Permutation. J. of the ACM, 39(l):214–233, 1992.zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    J. Benaloh, M. de Mare. One-Way Accumulators: A Decentralized Alternative to Digital Signatures. Advances in Cryptology-EUROCRYPT'93. LNCS, vol.765, pp.274–285, Springer-Verlag, 1994.Google Scholar
  3. 3.
    D. Bleichenbacher, U. Maurer. Optimal Tree-Based One-time Digital Signature Schemes. STACS'96, LNCS, Vol. 1046, pp.363–374, Springer-Verlag.Google Scholar
  4. 4.
    D. Bleichenbacher, U. Maurer. On the efficiency of one-time digital signatures. Advances in Cryptology-ASYACRYPT'96, to appear.Google Scholar
  5. 5.
    W. Diffie, M. Hellman. New Directions in Cryptography. IEEE Transactions on Information Theory, IT-22(6):74–84, 1976.MathSciNetGoogle Scholar
  6. 6.
    T. ElGamal. A Public-Key Cryptosystem and a Signature Scheme based on Discrete Logarithms. IEEE Transactions on Information Theory, IT-31(4):469–472, 1985.CrossRefMathSciNetGoogle Scholar
  7. 7.
    S. Even, O. Goldreich, S. Micali. On-Line/Off-Line Digital Signatures. J. of Cryptology, 9(1):35–61, 1996.zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    R. Gennaro, P. Rohatgi. How to Sign Digital Streams. Final version available from Scholar
  9. 9.
    S. Goldwasser, S. Micali, R. Rivest. A Digital Signature Scheme Secure Against Adaptive Chosen Message Attack. SIAM J. Comp. 17(2):281–308, 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    G. Itkis. Asymmetric MACs. Rump talk at Crypto'96.Google Scholar
  11. 11.
    L. Lamport. Constructing Digital Signatures from a One-Way Function. Technical Report SRI Intl. CSL 98, 1979.Google Scholar
  12. 12.
    R. Merkle. A Digital Signature based on a Conventional Encryption Function. Advances in Cryptology-Crypto '87. LNCS, vol.293, pp. 369–378, Springer-Verlag, 1988.Google Scholar
  13. 13.
    R. Merkle. A Certified Digital Signature. Advances in Cryptology — Crypto '89. LNCS, vol.435, pp. 218–238, Springer-Verlag, 1990.Google Scholar
  14. 14.
    National Institute of Standard and Technology. Secure Hash Standard. NIST FIPS Pub 180-1,1995.Google Scholar
  15. 15.
    M. Naor, M. Yung. Universal One-Way Hash Functions and their Cryptographic Applications. Proceedings of STOC 1989, pp.33–43.Google Scholar
  16. 16.
    R. Rivest. The MD5 Message Digest Algorithm. Internet Request for Comments. April 1992.Google Scholar
  17. 17.
    R. Rivest, A. Shamir, L. Adleman. A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Comm. of the ACM, 21(2):120–126, 1978.zbMATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    J. Rompel. One-Way Functions are Necessary and Sufficient for Secure Signatures. Proceedings of STOC1990, pp.387–394.Google Scholar
  19. 19.
    Winternitz. Personal communication to R. Merkle.Google Scholar

Copyright information

© Springer-Verlag 1997

Authors and Affiliations

  1. 1.I.B.M. T.J.Watson Research CenterYorktown HeightsUSA

Personalised recommendations