pith. sign in

arxiv: 1907.03911 · v1 · pith:FIWDYY6Rnew · submitted 2019-07-09 · 💻 cs.CR

Ultra Lightweight Multiple-time Digital Signature for the Internet of Things Devices

Attila A. Yavuz , Muslum Ozgur Ozmen This is my paper

Pith reviewed 2026-05-25 00:48 UTC · model grok-4.3

classification 💻 cs.CR
keywords digital signatureselliptic curve cryptographylightweight cryptographymultiple-time signaturesIoT securityenergy-efficient authenticationrandom oracle model
0
0 comments X

The pith

SEMECS is a multiple-time elliptic curve signature that performs no elliptic curve operations at the signer while keeping optimal signature and private-key sizes.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper introduces SEMECS, a signer-efficient multiple-time signature scheme built on elliptic curves for energy-limited IoT devices. It achieves the smallest signature and private-key sizes possible for any EC-based scheme by eliminating all elliptic-curve arithmetic during signing. The authors prove security in the random-oracle model with a tight reduction and report an 8-bit AVR implementation that consumes up to 19 times less energy than the fastest conventional EC signature while outperforming other multiple-time alternatives. The work is released as open source.

Core claim

SEMECS is a multiple-time digital signature whose signing algorithm uses only hash and arithmetic operations on small integers, never invoking elliptic-curve scalar multiplication or addition, yet still produces the shortest possible EC-based signatures and private keys; the scheme is proven secure under a tight reduction in the random-oracle model.

What carries the argument

The SEMECS signing procedure, which replaces elliptic-curve operations with a sequence of hash evaluations and modular additions on short integers while deferring all curve arithmetic to the verifier.

If this is right

  • Resource-constrained devices can now authenticate multiple messages without draining their battery on curve arithmetic.
  • Signature size remains minimal among all elliptic-curve schemes, reducing communication overhead.
  • Private-key storage stays small, fitting the memory limits of medical implants and sensors.
  • Verification still uses standard elliptic-curve operations, so the scheme pairs naturally with powerful verifiers.
  • The tight security reduction means the concrete security loss is small when parameters are chosen for a target bit level.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same technique might extend to other post-quantum or lattice-based signatures that currently require expensive operations at the signer.
  • Because verification cost is unchanged, the scheme is most useful when many low-power devices report to a single server or gateway.
  • Open-sourcing the AVR code allows direct integration into existing IoT protocol stacks without re-implementing the hash-chain logic.

Load-bearing premise

The construction really incurs no hidden elliptic-curve cost during key generation or verification that would offset the signer savings, and the random-oracle proof captures all practical attacks.

What would settle it

An implementation measurement on the same 8-bit AVR platform that shows signer energy consumption equal to or higher than SchnorrQ, or an attack that forges a signature after fewer random-oracle queries than the proven bound.

Figures

Figures reproduced from arXiv: 1907.03911 by Attila A. Yavuz, Muslum Ozgur Ozmen.

Figure 1
Figure 1. Figure 1: High-level description of SEMECS algorithms. of log2(K). In the binary search option, we basically assume that the verifier stores the public key sorted, and after the value H1(R0 j ) is calculated, binary search is made on sorted βs. We now elaborate the design rationale behind the use of two separate verification tokens (βj , γj ) in SEMECS, as opposed to only one token vj in ETA, for j = 0, . . . , K − … view at source ↗
Figure 2
Figure 2. Figure 2: Energy consumption of signature generation vs IoT sensors [PITH_FULL_IMAGE:figures/full_fig_p011_2.png] view at source ↗
read the original abstract

Digital signatures are basic cryptographic tools to provide authentication and integrity in the emerging ubiquitous systems in which resource-constrained devices are expected to operate securely and efficiently. However, existing digital signatures might not be fully practical for such resource-constrained devices (e.g., medical implants) that have energy limitations. Some other computationally efficient alternatives (e.g., one-time/multiple-time signatures) may introduce high memory and/or communication overhead due to large private key and signature sizes. In this paper, our contributions are two-fold: First, we develop a new lightweight multiple-time digital signature scheme called Signer Efficient Multiple-time Elliptic Curve Signature (SEMECS), which is suitable for resource-constrained embedded devices. SEMECS achieves optimal signature and private key sizes for an EC-based signature without requiring any EC operation (e.g., EC scalar multiplication or addition) at the signer. We prove SEMECS is secure (in random oracle model) with a tight security reduction. Second, we fully implemented SEMECS on 8-bit AVR microprocessor with a comprehensive energy consumption analysis and comparison. Our experiments confirm up to 19x less battery-consumption for SEMECS as compared to its fastest (full-time) counterpart, SchnorrQ, while offering significant performance advantages over its multiple-time counterparts in various fronts. We open-source our implementation for public testing and adoption.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

0 major / 2 minor

Summary. The manuscript introduces SEMECS, a multiple-time elliptic curve signature scheme for resource-constrained IoT devices. It claims to achieve optimal signature and private-key sizes for an EC-based construction while requiring no elliptic-curve operations (scalar multiplication or addition) at the signer, provides a security proof in the random oracle model with a tight reduction, and reports an 8-bit AVR implementation showing up to 19× lower battery consumption than SchnorrQ together with advantages over other multiple-time schemes; the implementation is open-sourced.

Significance. If the stated signer efficiency, tight ROM reduction, and measured energy savings hold, the result would be practically relevant for energy-limited embedded devices. The open-sourced AVR implementation and comprehensive energy analysis constitute verifiable strengths that support reproducibility and adoption.

minor comments (2)
  1. [Abstract] Abstract and §1: the phrase 'optimal signature and private key sizes for an EC-based signature' is used without an explicit lower-bound reference or comparison table; a short paragraph or citation clarifying the optimality criterion would improve precision.
  2. [§3] The security reduction is described as 'tight'; a brief statement of the concrete security loss factor (e.g., in terms of the number of signing queries) would make the tightness claim easier to verify at a glance.

Simulated Author's Rebuttal

0 responses · 0 unresolved

We thank the referee for the positive summary, acknowledgment of the practical relevance for energy-limited devices, and the recommendation for minor revision. No major comments were provided in the report.

Circularity Check

0 steps flagged

No significant circularity in derivation chain

full rationale

The paper presents SEMECS as a new EC-based multiple-time signature construction achieving stated efficiency properties, accompanied by a standard ROM security proof with tight reduction. No quoted equations or steps reduce the claimed signer efficiency, key/signature sizes, or security to self-definitional fits, renamed inputs, or load-bearing self-citations. The implementation results are separate empirical measurements. The derivation is self-contained against external benchmarks with no exhibited reduction to its own inputs by construction.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central claim rests on the random oracle model for the security proof and on standard elliptic-curve assumptions; no free parameters or invented entities are mentioned in the abstract.

axioms (1)
  • domain assumption Security reductions are valid in the random oracle model
    The abstract states the proof is given in the random oracle model.

pith-pipeline@v0.9.0 · 5769 in / 1239 out tokens · 23022 ms · 2026-05-25T00:48:12.467393+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

64 extracted references · 64 canonical work pages

  1. [1]

    Interacting with the soa-based internet of things: Discovery, query, selection, and on- demand provisioning of web services,

    D. Guinard, V . Trifa, S. Karnouskos, P. Spiess, and D. Savio, “Interacting with the soa-based internet of things: Discovery, query, selection, and on- demand provisioning of web services,” IEEE Transactions on Services Computing, vol. 3, no. 3, pp. 223–235, July 2010

    work page 2010

  2. [2]

    Trust management for soa-based iot and its application to service composition,

    I. Chen, J. Guo, and F. Bao, “Trust management for soa-based iot and its application to service composition,” IEEE Transactions on Services Computing, vol. 9, no. 3, pp. 482–495, May 2016

    work page 2016

  3. [3]

    Improving heterogeneous soa-based iot message stability by shortest processing time scheduling,

    J. Leu, C. Chen, and K. Hsu, “Improving heterogeneous soa-based iot message stability by shortest processing time scheduling,” IEEE Transactions on Services Computing , vol. 7, no. 4, pp. 575–585, Oct 2014

    work page 2014

  4. [4]

    Unleashing public-key cryptography in wireless sensor net- works,

    J. Lopez, “Unleashing public-key cryptography in wireless sensor net- works,” Journal of Computer Security , pp. 469–482, Sep. 2006

    work page 2006

  5. [5]

    Efficient, compromise resilient and append-only cryptographic schemes for secure audit logging,

    A. A. Yavuz, P. Ning, and M. K. Reiter, “Efficient, compromise resilient and append-only cryptographic schemes for secure audit logging,” in Proceedings of 2012 Financial Cryptography and Data Security (FC 2012), March 2012

    work page 2012

  6. [6]

    Katz and Y

    J. Katz and Y . Lindell, Introduction to Modern Cryptography. Chapman & Hall/CRC, 2007

    work page 2007

  7. [7]

    Perrig and J

    A. Perrig and J. Tygar, Secure broadcast communication in wired and wireless networks . Kluwer Academic Publishers, 2003. [Online]. Available: http://books.google.com/books?id=h5qXzbliKNIC

    work page 2003

  8. [8]

    A method for obtaining digital signatures and public-key cryptosystems,

    R. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, vol. 21, no. 2, pp. 120–126, 1978

    work page 1978

  9. [9]

    Hankerson, A

    D. Hankerson, A. Menezes, and S. Vanstone, Guide to Elliptic Curve Cryptography. Springer, 2004

    work page 2004

  10. [10]

    Pairing-based cryptography,

    M. Mass, “Pairing-based cryptography,” Master’s thesis, Technische Universiteit Eindhoven, 2004

    work page 2004

  11. [11]

    ANSI X9.62-1998: Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA) , American Bankers Association, 1999

    work page 1998

  12. [12]

    Short signatures from the weil pairing,

    D. Boneh, B. Lynn, and H. Shacham, “Short signatures from the weil pairing,” in Advances in Cryptology — ASIACRYPT 2001 , C. Boyd, Ed. Springer Berlin Heidelberg, 2001, pp. 514–532

    work page 2001

  13. [13]

    Efficient signature generation by smart cards,

    C. Schnorr, “Efficient signature generation by smart cards,” Journal of Cryptology, vol. 4, no. 3, pp. 161–174, 1991

    work page 1991

  14. [14]

    D. J. Bernstein, Curve25519: New Diffie-Hellman Speed Records . Springer Berlin Heidelberg, 2006, pp. 207–228. [Online]. Available: http://dx.doi.org/10.1007/11745853 14

    work page doi:10.1007/11745853 2006

  15. [15]

    Four Q : Four-dimensional decompositions on a Q -curve over the mersenne prime,

    C. Costello and P. Longa, “Four Q : Four-dimensional decompositions on a Q -curve over the mersenne prime,” in Advances in Cryptology – ASIACRYPT 2015 , T. Iwata and J. H. Cheon, Eds. Springer Berlin Heidelberg, 2015, pp. 214–235

    work page 2015

  16. [16]

    Kum- mer strikes back: New dh speed records,

    D. J. Bernstein, C. Chuengsatiansup, T. Lange, and P. Schwabe, “Kum- mer strikes back: New dh speed records,” in Advances in Cryptology – ASIACRYPT 2014 , P. Sarkar and T. Iwata, Eds. Springer Berlin Heidelberg, 2014, pp. 317–337

    work page 2014

  17. [17]

    High-speed high-security signatures,

    D. J. Bernstein, N. Duif, T. Lange, P. Schwabe, and B.-Y . Yang, “High-speed high-security signatures,” Journal of Cryptographic Engineering, vol. 2, no. 2, pp. 77–89, Sep 2012. [Online]. Available: https://doi.org/10.1007/s13389-012-0027-1

    work page doi:10.1007/s13389-012-0027-1 2012

  18. [18]

    Schnorrq: Schnorr signatures on fourq,

    C. Costello and P. Longa, “Schnorrq: Schnorr signatures on fourq,” MSR Tech Report, 2016. Available at: https://www. microsoft. com/en-us/research/wp-content/uploads/2016/07/SchnorrQ. pdf, Tech. Rep., 2016

    work page 2016

  19. [19]

    Nacl on 8-bit avr microcontrollers,

    M. Hutter and P. Schwabe, “Nacl on 8-bit avr microcontrollers,” in Progress in Cryptology – AFRICACRYPT 2013 , A. Youssef, A. Nitaj, and A. E. Hassanien, Eds. Springer Berlin Heidelberg, 2013, pp. 156– 172

    work page 2013

  20. [20]

    µkummer: Efficient hyperelliptic signatures and key exchange on microcontrollers,

    J. Renes, P. Schwabe, B. Smith, and L. Batina, “ µkummer: Efficient hyperelliptic signatures and key exchange on microcontrollers,” in Cryp- tographic Hardware and Embedded Systems – CHES 2016 , B. Gierlichs and A. Y . Poschmann, Eds. Springer Berlin Heidelberg, 2016, pp. 301– 320

    work page 2016

  21. [21]

    Four Q on embedded devices with strong countermeasures against side-channel attacks,

    Z. Liu, P. Longa, G. C. C. F. Pereira, O. Reparaz, and H. Seo, “Four Q on embedded devices with strong countermeasures against side-channel attacks,” in Cryptographic Hardware and Embedded Systems – CHES 2017, W. Fischer and N. Homma, Eds. Cham: Springer International Publishing, 2017, pp. 665–686

    work page 2017

  22. [22]

    Can D.S.A. be improved? Complexity trade-offs with the digital signature standard,

    D. Naccache, D. M’Ra ¨ıhi, S. Vaudenay, and D. Raphaeli, “Can D.S.A. be improved? Complexity trade-offs with the digital signature standard,” in Proceedings of the 13th International Conference on the Theory and Application of Cryptographic Techniques (EUROCRYPT ’94), 1994, pp. 77–85

    work page 1994

  23. [23]

    Online/offline digital signatures,

    S. Even, O. Goldreich, and S. Micali, “Online/offline digital signatures,” in Proceedings on Advances in Cryptology (CRYPTO ’89) . Springer- Verlag, 1989, pp. 263–275

    work page 1989

  24. [24]

    Improved online/offline signature schemes,

    A. Shamir and Y . Tauman, “Improved online/offline signature schemes,” in Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology , ser. CRYPTO ’01. London, UK: Springer- Verlag, 2001, pp. 355–367

    work page 2001

  25. [25]

    Constructing digital signatures from a one-way function,

    L. Lamport, “Constructing digital signatures from a one-way function,” Tech. Rep. CSL-98, October 1979

    work page 1979

  26. [26]

    Better than BiBa: Short one-time signatures with fast signing and verifying,

    L. Reyzin and N. Reyzin, “Better than BiBa: Short one-time signatures with fast signing and verifying,” in Proceedings of the 7th Australian Conference on Information Security and Privacy (ACIPS ’02). Springer- Verlag, 2002, pp. 144–153

    work page 2002

  27. [27]

    Com- parative study of multicast authentication schemes with application to wide-area measurement system,

    Y . W. Law, Z. Gong, T. Luo, S. Marusic, and M. Palaniswami, “Com- parative study of multicast authentication schemes with application to wide-area measurement system,” in Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security , ser. ASIA CCS ’13. New York, NY , USA: ACM, 2013, pp. 287–298

    work page 2013

  28. [28]

    Short one-time signatures,

    G. Zaverucha and D. Stinson, “Short one-time signatures,” Cryptology ePrint Archive, Report 2010/446, 2010, https://eprint.iacr.org/2010/446

    work page 2010

  29. [29]

    Multiple-time signature schemes against adaptive chosen message attacks,

    J. Pieprzyk, H. Wang, and C. Xing, “Multiple-time signature schemes against adaptive chosen message attacks,” in Selected Areas in Cryptog- raphy (SAC), 2003, pp. 88–100

    work page 2003

  30. [30]

    HORSE: An extension of an r-time signature scheme with fast signing and verification,

    W. Neumann, “HORSE: An extension of an r-time signature scheme with fast signing and verification,” in Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004. International Confer- ence on, vol. 1, april 2004, pp. 129 – 134 V ol.1

    work page 2004

  31. [31]

    XMSS: eXtended Merkle Signature Scheme,

    A. Huelsing, D. Butin, S.-L. Gazdag, J. Rijneveld, and A. Mohaisen, “XMSS: eXtended Merkle Signature Scheme,” RFC 8391, May 2018. [Online]. Available: https://rfc-editor.org/rfc/rfc8391.txt

    work page 2018

  32. [32]

    Time valid one- time signature for time-critical multicast data authentication,

    Q. Wang, H. Khurana, Y . Huang, and K. Nahrstedt, “Time valid one- time signature for time-critical multicast data authentication,” in IEEE INFOCOM 2009, April 2009, pp. 1233–1241

    work page 2009

  33. [33]

    Sphincs: Practical stateless hash-based signatures,

    D. J. Bernstein, D. Hopwood, A. H ¨ulsing, T. Lange, R. Niederha- gen, L. Papachristodoulou, M. Schneider, P. Schwabe, and Z. Wilcox- O’Hearn, “Sphincs: Practical stateless hash-based signatures,” in Ad- vances in Cryptology – EUROCRYPT 2015 , E. Oswald and M. Fischlin, Eds. Springer Berlin Heidelberg, 2015, pp. 368–397. 12

    work page 2015

  34. [34]

    Armed SPHINCS - comput- ing a 41 KB signature in 16 KB of RAM,

    A. H ¨ulsing, J. Rijneveld, and P. Schwabe, “Armed SPHINCS - comput- ing a 41 KB signature in 16 KB of RAM,” in Public-Key Cryptography - PKC 2016 - 19th IACR International Conference on Practice and Theory in Public-Key Cryptography , March 2016, pp. 446–470

    work page 2016

  35. [35]

    Lattice signatures and bimodal gaussians,

    L. Ducas, A. Durmus, T. Lepoint, and V . Lyubashevsky, “Lattice signatures and bimodal gaussians,” in Advances in Cryptology – CRYPTO 2013: 33rd Annual Cryptology Conference. Proceedings, Part I, R. Canetti and J. A. Garay, Eds. Springer Berlin Heidelberg, 2013, pp. 40–56

    work page 2013

  36. [36]

    Crystals – dilithium: Digital signatures from module lattices,

    L. Ducas, T. Lepoint, V . Lyubashevsky, P. Schwabe, G. Seiler, and D. Stehle, “Crystals – dilithium: Digital signatures from module lattices,” Cryptology ePrint Archive, Report 2017/633, 2017, http://eprint.iacr.org/ 2017/633

    work page 2017

  37. [37]

    pqsigrm,

    W. Lee, Y .-S. Kim, Y .-W. Lee, and J.-S. No, “pqsigrm,” Submis- sion to the NIST’s post-quantum cryptography standardization pro- cess, 2018, https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum- Cryptography/documents/round-1/submissions/pqsigRM.zip

    work page 2018

  38. [38]

    How to achieve a mceliece-based digital signature scheme,

    N. T. Courtois, M. Finiasz, and N. Sendrier, “How to achieve a mceliece-based digital signature scheme,” in Advances in Cryptology — ASIACRYPT 2001, C. Boyd, Ed. Springer Berlin Heidelberg, 2001, pp. 157–174

    work page 2001

  39. [39]

    Tachyon: Fast signatures from compact knapsack,

    R. Behnia, M. O. Ozmen, A. A. Yavuz, and M. Rosulek, “Tachyon: Fast signatures from compact knapsack,” in Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security , ser. CCS ’18. New York, NY , USA: ACM, 2018, pp. 1855–1867

    work page 2018

  40. [40]

    Random oracles are practical: A paradigm for designing efficient protocols,

    M. Bellare and P. Rogaway, “Random oracles are practical: A paradigm for designing efficient protocols,” in Proceedings of the 1st ACM conference on Computer and Communications Security (CCS ’93) . NY , USA: ACM, 1993, pp. 62–73

    work page 1993

  41. [41]

    Multi-signatures in the plain public-key model and a general forking lemma,

    M. Bellare and G. Neven, “Multi-signatures in the plain public-key model and a general forking lemma,” in Proceedings of the 13th ACM Conference on Computer and Communications Security , ser. CCS ’06. New York, NY , USA: ACM, 2006, pp. 390–399. [Online]. Available: http://doi.acm.org/10.1145/1180405.1180453

    work page doi:10.1145/1180405.1180453 2006

  42. [42]

    Eta: Efficient and tiny and authentication for heterogeneous wireless systems,

    A. A. Yavuz, “Eta: Efficient and tiny and authentication for heterogeneous wireless systems,” in Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks , ser. WiSec ’13. New York, NY , USA: ACM, 2013, pp. 67–72. [Online]. Available: http://doi.acm.org/10.1145/2462096.2462108

    work page doi:10.1145/2462096.2462108 2013

  43. [43]

    Sok: Security and privacy in implantable medical devices and body area networks,

    M. Rushanan, A. D. Rubin, D. F. Kune, and C. M. Swanson, “Sok: Security and privacy in implantable medical devices and body area networks,” in 2014 IEEE Symposium on Security and Privacy , May 2014, pp. 524–539

    work page 2014

  44. [44]

    Analysis of iso/ieee 11073 built-in security and its potential ihe-based extensibility,

    O. J. Rubio, J. D. Trigo, A. Alesanco, L. Serrano, and J. Garcia, “Analysis of iso/ieee 11073 built-in security and its potential ihe-based extensibility,”Journal of Biomedical Informatics, vol. 60, pp. 270 – 285, 2016

    work page 2016

  45. [45]

    Security and privacy issues in implantable medical devices: A comprehensive survey,

    C. Camara, P. Peris-Lopez, and J. E. Tapiador, “Security and privacy issues in implantable medical devices: A comprehensive survey,”Journal of Biomedical Informatics , vol. 55, pp. 272 – 289, 2015

    work page 2015

  46. [46]

    Low-cost standard public key cryptography services for wireless iot systems,

    M. O. Ozmen and A. A. Yavuz, “Low-cost standard public key cryptography services for wireless iot systems,” in Proceedings of the 2017 Workshop on Internet of Things Security and Privacy , ser. IoTS&P ’17. New York, NY , USA: ACM, 2017, pp. 65–70. [Online]. Available: http://doi.acm.org/10.1145/3139937.3139940

    work page doi:10.1145/3139937.3139940 2017

  47. [47]

    Health care applications: A solution based on the internet of things,

    N. Bui and M. Zorzi, “Health care applications: A solution based on the internet of things,” in Proceedings of the 4th International Symposium on Applied Sciences in Biomedical and Communication Technologies , ser. ISABEL ’11. New York, NY , USA: ACM, 2011, pp. 131:1–131:5. [Online]. Available: http://doi.acm.org/10.1145/2093698.2093829

    work page doi:10.1145/2093698.2093829 2011

  48. [48]

    An internet of things–based personal device for diabetes therapy management in ambient assisted living (aal),

    A. J. Jara, M. A. Zamora, and A. F. G. Skarmeta, “An internet of things–based personal device for diabetes therapy management in ambient assisted living (aal),” Personal and Ubiquitous Computing , vol. 15, no. 4, pp. 431–440, Apr 2011. [Online]. Available: https://doi.org/10.1007/s00779-010-0353-1

    work page doi:10.1007/s00779-010-0353-1 2011

  49. [49]

    Distributed detection of clone attacks in wireless sensor networks,

    M. Conti, R. D. Pietro, L. V . Mancini, and A. Mei, “Distributed detection of clone attacks in wireless sensor networks,” IEEE Trans. on Dependable Secure Compuation , pp. 685–698, 2011

    work page 2011

  50. [50]

    Seluge: Secure and DoS-resistant code dissemination in wireless sensor networks,

    S. Hyun, P. Ning, A. Liu, and W. Du, “Seluge: Secure and DoS-resistant code dissemination in wireless sensor networks,” in Proceedings of the 7th international conference on Information processing in sensor networks, ser. IPSN ’08. Washington, DC, USA: IEEE Computer Society, 2008, pp. 445–456

    work page 2008

  51. [51]

    Self-sustaining, efficient and forward-secure cryptographic constructions for unattended wireless sensor networks,

    A. A. Yavuz and P. Ning, “Self-sustaining, efficient and forward-secure cryptographic constructions for unattended wireless sensor networks,” Ad Hoc Networks , vol. 10, no. 7, pp. 1204–1220, 2012

    work page 2012

  52. [52]

    On the exact security of full domain hash,

    C. Jean-S ´ebastien, “On the exact security of full domain hash,” in Advances in Crpytology (CRYPTO ’00) . Springer-Verlag, 2000, pp. 229–235

    work page 2000

  53. [53]

    Introduction to modern cryptography,

    M. Bellare and P. Rogaway, “Introduction to modern cryptography,” in UCSD CSE Course , 1st ed., 2005, p. 207, http://www.cs.ucsd.edu/ ∼mihir/cse207/classnotes.html

    work page 2005

  54. [54]

    Cryptanalytic attacks on pseudorandom number generators,

    J. Kelsey, B. Schneier, D. Wagner, and C. Hall, “Cryptanalytic attacks on pseudorandom number generators,” in Proceedings of the 5th International Workshop on Fast Software Encryption , ser. FSE ’98. London, UK, UK: Springer-Verlag, 1998, pp. 168–188. [Online]. Available: http://dl.acm.org/citation.cfm?id=647933.740748

    work page arXiv 1998

  55. [55]

    The insecurity of the elliptic curve digital signature algorithm with partially known nonces,

    P. Q. Nguyen and I. E. Shparlinski, “The insecurity of the elliptic curve digital signature algorithm with partially known nonces,”Designs, Codes and Cryptography, vol. 30, no. 2, pp. 201–217, Sep 2003

    work page 2003

  56. [56]

    On the exact security of schnorr-type signatures in the random oracle model,

    Y . Seurin, “On the exact security of schnorr-type signatures in the random oracle model,” in Advances in Cryptology – EUROCRYPT 2012, D. Pointcheval and T. Johansson, Eds. Springer Berlin Heidelberg, 2012, pp. 554–571

    work page 2012

  57. [57]

    Sha-3 proposal blake,

    J.-P. Aumasson, L. Henzen, W. Meier, and R. C.-W. Phan, “Sha-3 proposal blake,” Submission to NIST (Round 3), 2010. [Online]. Available: http://131002.net/blake/blake.pdf

    work page 2010

  58. [58]

    Signal conditioning techniques for health monitoring devices,

    P. Szakacs-Simon, S. A. Moraru, and F. Neukart, “Signal conditioning techniques for health monitoring devices,” in 2012 35th International Conference on Telecommunications and Signal Processing (TSP) , July 2012, pp. 610–614

    work page 2012

  59. [59]

    Pulse oximeter based monitoring system for people at risk,

    P. Szakacs-Simon, S. A. Moraru, and L. Perniu, “Pulse oximeter based monitoring system for people at risk,” in 2012 IEEE 13th International Symposium on Computational Intelligence and Informatics (CINTI), Nov 2012, pp. 415–419

    work page 2012

  60. [60]

    Arduino cryptolibs,

    R. Weatherley, “Arduino cryptolibs,” Github Repository, 2016. [Online]. Available: https://github.com/rweather/arduinolibs/tree/master/libraries/ Crypto

    work page 2016

  61. [61]

    micro-ecc: Ecdh and ecdsa for 8-bit, 32-bit, and 64-bit processors,

    K. MacKay, “micro-ecc: Ecdh and ecdsa for 8-bit, 32-bit, and 64-bit processors,” Github Repository. [Online]. Available: https: //github.com/kmackay/micro-ecc

    work page

  62. [62]

    How public key cryptography influences wireless sensor node lifetime,

    K. Piotrowski, P. Langendoerfer, and S. Peter, “How public key cryptography influences wireless sensor node lifetime,” in Proceedings of the Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks, ser. SASN ’06. New York, NY , USA: ACM, 2006, pp. 169–

    work page 2006

  63. [63]

    Available: http://doi.acm.org/10.1145/1180345.1180366

    [Online]. Available: http://doi.acm.org/10.1145/1180345.1180366

    work page doi:10.1145/1180345.1180366

  64. [64]

    Low-cost Stan- dard Signatures in Wireless Sensor Networks: A Case for Reviving Pre- computation Techniques?

    G. Ateniese, G. Bianchi, A. Capossele, and C. Petrioli, “Low-cost Stan- dard Signatures in Wireless Sensor Networks: A Case for Reviving Pre- computation Techniques?” in Proceedings of the 20th Annual Network & Distributed System Security Symposium, NDSS 2013 , ser. NDSS2013, San Diego, CA, February 24-27 2013. Attila Altay Yavuz (M ‘11) is an Assistant P...

    work page 2013