A Robust Multisignature Scheme with Applications to Multicast Acknowledgement Aggregation
Claude Castelluccia, Stanislaw Jarecki, Jihye Kim, Gene Tsudik


The source of multicast communication needs to securely verify which multicast group members have received a multicast message, but verification of individually signed acknowledgments from each receiver imposes unnecessary computation and communication costs.  We propose a solution which allows the intermediate nodes along the multicast distribution tree to aggregate the authenticated acknowledgments sent by the multicast receivers to the source. 

Our solution consists of a new multisignature scheme, secure under the discrete logarithm assumption in the random oracle model, which blends the well-known Schnorr signature scheme with the Merkle hash tree structure. The multisignature scheme we propose has a novel property of robustness, which allows for an efficient multisignature generation even in the presence of maliciously faulty nodes.