For real-time multicast streams of data, ordinary secret-key or public-key source authentication techniques may not be efficient enough for practical applications.   Naive use of symmetrically-keyed MACs (i.e. one MAC per datagram per receiver) scales poorly with large receiver groups.  Existing asymmetric signature schemes are deemed too slow for per-packet signing of real-time traffic.  Thus the research community is considering new hybrid techniques for source authentication under these conditions.  Solutions to this source authentication problem are of particular interest to the IRTF's Secure Multicast Research Group (SMuG).

• R. Canetti and B. Pinkas, "A taxonomy of multicast security issues", is an Internet Draft available as draft-canetti-secure-multicast-taxonomy-00.
• R. Canetti and B. Pinkas, "A taxonomy of multicast security issues (updated version)", a.k.a. draft-canetti-secure-multicast-taxonomy-01, is available in text.  Section 5.2 reviews proposed methods for source authentication of multicast streams.

• R. Gennaro and P. Rohatgi, "How to Sign Digital Streams", in Advances in Cryptology -- CRYPTO `97, is available in PostScript.  Gennaro and Rohatgi suggest the use of the Even-Goldreich-Micali on-line/off-line signature scheme.

• C. K. Wong and S. S. Lam, "Digital Signatures for Flows and Multicasts", in Proc. IEEE ICNP `98, is available in PostScript as U. Texas at Austin Department of Computer Science Tech. Rept. 98-15.  Wong and Lam propose the use of an extended version of the Feige-Fiat-Shamir signature scheme, eFFS, and Merkle's one-time signature scheme.

• U.S. patent #5,016,274: "On-line/off-line digital signing", granted to Micali, Goldreich, and Even, covers their on-line/off-line signature scheme.  The application was filed 8 Nov 1988, so it appears that the patent will remain in force until 2008.

• U.S. patent #4,881,264: "Digital signature system and method based on a conventional encryption function", granted to Merkle, covers his one-time signature scheme.  The application was filed 30 July 1987, but the patent apparently expired in 1997.

• U.S.  patent #4,748,668: "Method, apparatus and article for identification and signature", granted to Shamir and Fiat and assigned to Yeda Research and Development Co. Ltd., apparently covers the FFS signature scheme (among other techniques).  The application was filed 9 July 1986, so it appears that the patent will remain in force until 2006.
• FFS implementation by James Pate Williams, using A.K. Lenstra's freelip