Data centers increasingly host mutually distrustful users on shared infrastructure. A powerful tool to safeguard such users are digital signatures. Digital signatures have revolutionized Internet-scale applications, but current signatures are too slow for the growing genre of microsecond-scale systems in modern data centers. We propose DSig, the first digital signature system to achieve single-digit microsecond latency to sign, transmit, and verify signatures in data center systems. DSig is based on the observation that, in many data center applications, the signer of a message knows most of the time who will verify its signature. We introduce a new hybrid signature scheme that combines cheap single-use hash-based signatures verified in the foreground with traditional signatures pre-verified in the background. Compared to prior state-of-the-art signatures, DSig reduces signing time from 18.9 to 0.7 us and verification time from 35.6 to 5.1 us, while keeping signature transmission time below 2.5 us. Moreover, DSig achieves 2.5x higher signing throughput and 6.9x higher verification throughput than the state of the art. We use DSig to (a) bring auditability to two key-value stores (HERD and Redis) and a financial trading system (based on Liquibook) for 86% lower added latency than the state of the art, and (b) replace signatures in BFT broadcast and BFT replication, reducing their latency by 73% and 69%, respectively

翻译：数据中心日益在共享基础设施上托管互不信任的用户。数字签名是保护此类用户的有力工具。数字签名已彻底改变了互联网规模的应用，但对于现代数据中心中不断增长的微秒级系统而言，现有签名方案速度过慢。我们提出了DSig，这是首个在数据中心系统中实现个位数微秒级签名、传输和验证延迟的数字签名系统。DSig基于以下观察：在许多数据中心应用中，消息的签名者大多时候知道谁将验证其签名。我们引入了一种新型混合签名方案，该方案将前台验证的低成本一次性哈希签名与后台预验证的传统签名相结合。与现有最先进的签名方案相比，DSig将签名时间从18.9微秒降低至0.7微秒，验证时间从35.6微秒降低至5.1微秒，同时将签名传输时间保持在2.5微秒以下。此外，DSig实现了比现有最佳方案高2.5倍的签名吞吐量和6.9倍的验证吞吐量。我们应用DSig实现了以下成果：(a) 为两个键值存储系统（HERD和Redis）及一个金融交易系统（基于Liquibook）引入可审计性，其增加的延迟比现有最佳方案低86%；(b) 在BFT广播和BFT复制中替换原有签名方案，分别将其延迟降低了73%和69%。