Every day, the Internet links millions of people worldwide to vast amounts of information. Although there exist solutions for a widespread forgery attack on two threshold group signature schemes with secret signers [1], data packet transmissions on the global computer network are vulnerable to misuse, thrashing, piracy, corruption, and theft, due to inadequate secure authentication and troubleshooting on autonomous system paths. How should scalable, efficient multisignature algorithms be designed to possibly muddle through network fault diagnosis and data plane security among routers?
Boldyreva et al. present a method to confirm a systematically signed communal message by multiple parties, and a technique to successively accrue and authenticate the identities of the signers of alternative messages, with no dependency on public keys, harmonized clocks, or a trusted foremost signer. They prescribe a secure ordered multisignature (OMS) scheme, where the order of the signers is impervious to falsification, and a scheme to aggregate identity-based signatures that travel chronologically in routing-based applications. The secure OMS scheme consists of: an algorithm that produces global information by reliable third parties; a procedure that generates private- and public-key pairs associated with global information for users; a technique for signing messages with secret keys; and a deterministic method for corroborating signed messages. The scalable and efficient secure OMS scheme impartially doles out processing time to routers. The identity-based signature scheme includes algorithms used by trustworthy private-key generators (PKG) to produce master public and private keys, to generate private keys for users, and to aggregate and verify messages signed with secret keys, in order, by users. This scheme is amenable in secure-border gateway protocols (S-BGPs), where PKGs can be organized into hierarchies with higher-level PKGs entrusting private-key generation and authentication to lower-level domains. It maintains the identity-based signatures of small hierarchical S-BGP settings, given that the verification of an aggregated signature at a leaf in the hierarchy requires the public keys of all PKGs on the pathway from the root.
The authors convincingly present novel ceremonial cryptographic security schemes for network routing applications. The computational effectiveness and scalability of the secure OMS scheme are superior to the existing digital multiparty signature schemes. Both schemes save storage and bandwidth, compared to well-known public-key cryptographic schemes.