Aggregate designated verifier signatures and application to secure routing

Abstract

A designated verifier signature convinces only the specific recipient of the message of its integrity and origin. Following the notion of aggregate signature introduced by Boneh et al. we introduce in this work the notion of aggregate designated verifier signature. After defining the protocols and the security model for such schemes, we give a general construction which is based on message authentication codes and that can be extended to an identity-based scenario. The resulting schemes are proved to be secure under the Computational DiffieHellman (CDH) assumption, in the random oracle model. They are much more efficient than standard aggregate signature schemes, at the price of losing some properties of standard signatures, in particular non-repudiation. Finally we explain the possible application of aggregate designated verifier signatures to the authentication of messages in routing protocols. We compare our new scheme with existing standard aggregate signature schemes and show why our solution with aggregate designated verifier signatures is more suitable for securing routing in mobile ad hoc networks.