Broadcast authentication is a vital security primitive for the management of a copious number of parties. In the universally composable framework, this paper investigates broadcast authentication using one-time signature based on the fact that one-time signature has efficient signature generation and verification suitable for low-power devices, and gives immediate authentication, which is a favorable property for time-critical messages. This paper first formulates a broadcast authentication model with the ideal functionalities such as one-time signature and broadcast authentication, and proposes a broadcast authentication scheme in the hybrid model. This paper then improves HORS, which is secure based on a strong assumption (i.e., a subset-resilient hash function) and presents the improved version as HORS+, which diffiers from HORS such that it is a secure one-time signature based on weaker assumptions, i.e. one-way functions, one-way hash functions and collisionresistant hash functions. At the same time, a protocol OWC using one-way chains is proposed to provide more registered keys for multi-message broadcast authentication. Our broadcast authentication scheme constructed by the combined use of HORS+ and OWC is universally composable secure and suitable for low-power devices. Broadcast the authentication is a vital security primitive for the management of a copious number of parties. In the universally composable framework, this paper investigates broadcast authentication using one-time signature based on the fact that one-time signature has efficient signature generation and verification suitable for low-power devices, and gives immediate authentication, which is a favorable property for time-critical messages. This paper first formulates a broadcast authentication model with the ideal functionalities such as one-time signature and broadcast authentication, the hybrid model. This paper then improves HORS, which is secure based on a strong assumption (ie, a subset-resilient hash function) and presents the improved version as HORS +, which diffiers from HORS such that it is a secure one-time signature based on weaker assumptions, ie one-way functions, one-way hash functions and collisionresistant hash function s. At the same time, a protocol OWC using one-way chains is proposed to provide more registered keys for multi-message broadcast authentication. Our broadcast authentication scheme constructed by the combined use of HORS + and OWC is universally composable secure and suitable for low -power devices.