Issue No. 11 - Nov. (2012 vol. 11)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TMC.2012.119
Wen Tao Zhu , Chinese Academy of Sciences, Beijing
Recently, Zhou et al. proposed a multicast authentication protocol named MABS which employs an efficient cryptographic primitive called batch verification to authenticate an arbitrary number of data packets simultaneously. Three implementations were presented: MABS-RSA, MABS-BLS, and MABS-DSA. In this comment, we are concerned with the last implementation, which is claimed to be much more efficient than the others. Our particular interest also lies in the fact that MABS-DSA was designed to thwart a known attack against its underlying batch DSA primitive and is claimed to be with increased security. After a careful revisit of the involved arithmetic, however, we find that the real issue lies in protocol correctness rather than security; the algorithm of MABS-DSA actually does not hold as one would expect. More specifically, even if each of the data packets was signed by an honest sender and securely delivered to the receiver, verification of the batch of signatures will still almost always fail.
Receivers, Authentication, Digital signatures, Protocols, Public key, Mobile computing, batch verification, Authentication, digital signature
W. T. Zhu, "A Comment on "MABS: Multicast Authentication Based on Batch Signature”," in IEEE Transactions on Mobile Computing, vol. 11, no. , pp. 1775-1776, 2012.