In this section we describe how we use the BiBa signature to design the BiBa broadcast authentication protocol.
A broadcast authentication protocol requires that each receiver can verify that the data originates from the sender. An obvious approach is for the sender to compute a BiBa signature on each message it broadcasts. Since the sender can only disclose a small number of SEALs, it could only sign a small number of messages (given a public key which commits to a fixed number of SEALs). For a viable broadcast authentication protocol, however, the sender needs to authenticate a potentially infinite stream of messages. So we construct a protocol that replenishes the SEALs disclosed with each signature. In a straightforward approach, the sender adds a new commitment (for each SEAL that it discloses) to the packet, and includes all the new commitments in the signature. This approach doubles the size of the signature and is not robust to packet loss. We now present a better approach for constructing the SEALs. We will not review signature generation and verification in this section, since it is the same as in the BiBa signature scheme that we describe in Section 2.4.