To prevent an adversary from forging for a signature, we need to ensure that an adversary knows few active SEALs. Hence, when the receiver receives a packet, the receiver has to be certain that an adversary could only know a small number of SEALs. The receiver can verify such a condition if it is time synchronized with the sender and knows the sending schedule of packets. We refer to TESLA for more details on time synchronization [16]. Assuming a maximum time synchronization error of between the sender and the receivers, the sender is limited to sign messages within time , where is the maximum number of active SEALs that the adversary can know, and is the number of SEALs revealed in a signature. When the receiver gets a packet it needs to verify that the sender did not yet disclose more than active SEALs. Because of the one-way SEAL chains, SEALs of one time period also disclose SEALs from previous time periods. Hence we require that the sender does not use a BiBa instance for time after it disclosed SEALs of that instance. To send continuously, the sender needs to use multiple BiBa broadcast authentication instances in a round-robin fashion.