Graduation Year


Document Type




Degree Name

MS in Computer Science (M.S.C.S.)

Degree Granting Department

Computer Science and Engineering

Major Professor

Attila Altay Yavuz, Ph.D.

Committee Member

Jay Ligatti, Ph.D.

Committee Member

Mehran Mozaffari Kermani, Ph.D.


Aggregation, Audit logs, Resource-constrained devices, Storage efficiency, Unbounded message signing


In the modern Internet of Things (IoT) applications, the system entities collect security-sensitive information that must be cryptographically protected. In particular, authentication and integrity, as foundational security services, are essential for any IoT applications. Digital signatures provide both authentication and integrity to these applications. Nevertheless, once an IoT device is compromised, its signature private key is leaked to an adversary. Forward-secure digital signatures mitigate the impact of such key compromises by incorporating a key-evolving mechanism into the authentication process. However, existing forward-secure signatures suffer from large signature/key sizes, heavy computational overhead, and some prominent variants that can only sign a limited number of messages. Hence, there is a critical need for forward-secure and compact digital signatures that can be used to authenticate large amounts of critical information.

In this work, we proposed two forward-secure signatures with signature and partial public key aggregation capabilities that we refer to as COREKBase and CORE-MMM. Our first scheme, to the best of our knowledge, is the first K-time forward-secure and aggregate signature scheme with a public-key aggregation feature. The idea is to use a hash-chain mechanism to evolve the keys and pre-compute the aggregated public key. For each message, we compute its signature and aggregate it. COREKBase offers compact public keys as well as compact signatures with low verification overhead. We fully implemented COREKBase in commodity hardware and tested for various performance metrics. We also compared COREKBase with its most efficient counterparts. For instance, COREKBase has 180x faster signature verification compared to its most verification-efficient counterpart, it also has 16.5x more compact public-keys compared to the most public-key compact counterpart. Our second scheme CORE-MMM, is a practically unbounded forward-secure signature scheme that leverages COREKBase. Our use of COREKBase is central to the design of COREKBase because we crafted COREKBase to optimize the performance of unbounded signing capability under the generic MMM transformation. To the best of our knowledge, this specific design led to the most efficient compromise-resilient and compact signature which we refer to as CORE-MMM. We also compared the performance of CORE-MMM with its state-of-art alternatives. Our analysis shows that CORE-MMM outperforms its state-of-art counterparts in most performance metrics. Some notable examples include small public keys (only 32 Bytes), more than two magnitudes more efficient key updates, compact signatures, and a magnitude smaller private keys compared to its most efficient counterparts for each metric.