In this paper, we examine homomorphic signatures that can be used to protect the integrity of network coding. In particular, Yu et al. proposed an RSA-based homomorphic signature scheme recently for this purpose. We show that their scheme in fact does not satisfy the required homomorphic property, and further, even though it can be fixed easily, still it allows no-message forgery attacks.
Bibliographical noteFunding Information:
The first and the third authors were supported, in part, by the US National Science Foundation (NFS) grants CCF-0621462 and CNS-0716025. The second author was supported by NAP of Korea Research Council of Fundamental Science & Technology.
- Network coding
- homomorphic hashing
- homomorphic signature