This repository provides a Go implementation of Forward-Secure Sequential Aggregate Authentication (FSSAGG), a cryptographic scheme designed for generating aggregate signatures over sequential log entries to ensure both content integrity and stream integrity. The implementation is based on the seminal work by Ma and Tsudik.
- Content Integrity: Each individual log entry is authenticated using a message authentication code (MAC)
- Stream Integrity: Sequential aggregation ensures the correct ordering and completeness of log entries
- Forward Security: Compromise of current keys does not affect the security of previously generated signatures
One major drawback of FSSAGG is the verification process. To verify an individual log entry at sequence n, the key must be iterated n-1 times, which may cause a significant performance impact. However, one optimization technique involves pre-computing keys at different intervals and caching them (preferably in encrypted memory). Based on the log sequence number, the system can select the closest cached key as a shortcut and iterate from that point.
This caching strategy is remarkably memory-efficient, storing keys for up to one million entries at 1,000-entry intervals requires only 32 kilobytes of RAM, making it a practical solution for improving verification performance without substantial resource overhead.
This implementation does not provide inherent protection against tail deletion attacks, where an adversary removes recent log entries. Mitigation can be achieved through log batching strategies, where every n log entries are batched together (n representing the acceptable risk factor in terms of time window or entry count).
This Go implementation is not hardened against cold-boot attacks and Golang in general should not be considered suitable for security-critical applications. The Go runtime and standard libraries are liberal in memory management, including creating copies of sensitive data structures that may persist in memory beyond their intended lifecycle.
For complete theoretical analysis, security proofs, and formal security model, please refer to the original paper:
Ma, Di, and Gene Tsudik. "Forward-secure sequential aggregate authentication." IEEE Symposium on Security and Privacy (SP'07). IEEE, 2007. Available at: https://eprint.iacr.org/2007/052.pdf