Broadcast authentication for group communication

Traditional point-to-point message authentication systems have been extensively studied in the literature. In this paper, we consider authentication systems for group communication. The basic primitive is a multireceiver authentication system with dynamic senders (DMRA-code). In a DMRA-code any member of the group can broadcast an authenticated message to the rest of the group such that every other member of the group can individually verify the authenticity of the message. We give a 0exible ‘synthesis’ construction for DMRA-codes by combining an A-code and a key distribution pattern. tDMRA-codes extend this model when there are up to t senders. We give two constructions, one algebraic and one by ‘synthesis’ of an A-code and a perfect hash family. We show universality of ‘synthesis’ constructions for unconditional and computational models of security which means that our results have wider range applications. Finally, to demonstrate the usefulness of DMRA model, we modify a secure dynamic conferencekey distribution system to construct a secure dynamic conference system that provides secrecy and authenticity of communication among conferencees. The system is key-e5cient as its key requirement remains nearly the same as the original conference key distribution system and so authentication is e7ectively obtained without any extra cost. We discuss possible extensions to this work. c © 2001 Elsevier Science B.V. All rights reserved.