Foundations of Security for Hash Chains

Nodes in ad hoc networks generally transmit data at regular intervals over long periods of time. Recently, ad hoc network nodes have been built that run on little power and have very limited memory. Authentication is a significant challenge in ad hoc networks, even without considering size and power constraints. Expounding on idealized hashing, this paper examines lower bounds for ad hoc broadcast authentication for μTESLA-like protocols. In particular, this paper explores idealized hashing for generating preimages of hash chains. Building on Bellare and Rogaway’s classical definition, a similar definition for families of hash chains is given. Using these idealized families of hash chain functions, this paper gives a time-space product Ω(k2 log n) bit operation1 lower-bound for optimal preimage hash chain generation for k constant. This bound holds where n is the total length of the hash chain and the hash function family is k-wise independent. These last results follow as corollaries to a lower bound of Coppersmith and Jakobsson. ∗A preliminary version of this paper appeared at MWN 2003: Workshop on Mobile and Wireless Networks, (a workshop of the 23rd ICDCS), 743-748, Ivan Stojmenovic and Jingyuan Zhang Editors. IEEE Press. All logarithms in this paper are base 2.