Cryptographically Generated Addresses (CGAs) have been designed to solve the so-called IPv6 Address Ownership problem. The current IETF CGA proposal relies on RSA signature. Generating an RSA signature is quite expensive and might be prohibitive for small devices with limited capacities. For example, a 1024-RSA signature requires approximately 1536 modular multiplications.
In this paper, we propose a new CGA scheme whose verification requires fewer than 10 modular multiplications. We achieve this performance gain by (1) selecting an efficient signature scheme, namely the small prime variation of the Feige-Fiat-Shamir scheme and (2) tuning the cryptographic parameters of this signature scheme to the security strength of the CGA (i.e. the size of the hash function used to generate it).