That paper from Kempf, Wood, Ramzan and Gentry proposes to use multi-key CGAs as a way to secure address proxying.

Examples of address proxying include proxy-SEND (previously proxy-arp for IPv4), or Mobile IPv6, where the home agent locally claims ownership of an adress, on behalf of its real owner, because the owner is away from the network.

Pure SEND does not work in those cases, since it relies on a private key, that is not known by the proxy.

The proposed solution is to rely on two key pairs, one being owned by the proxy, the other one by the real owner of the address. The address is generated as a multi-key CGA, that is, the two public keys are used as part of the hash computation for CGA generation. The problem of signing messages is also solved by the paper : Indeed, only one key may be used to do the actual signing, since only one private key is known.

The proposed solution is to use a Ring signature. The Ring signature is a signing algorithm that allows anyone in a group of key owners to sign a message. The only requirement is to know one's own private key and the public keys of the other group members. An interesting feature of the kind of signature is that the signature verifier cannot guess if the signer was the proxy or the real owner. That is, if the verifier is an attacker, he cannot guess if the victim is at home or away.

Then the author study the performance of the proposed solution, compared to standard SEND, using their own implementation. They show that the use of the ring signature only slightly slows down the generation and verification process.

Unfortunately, there is no link to the implementation. Maybe is it a modified version of the DoCoMo SEND implementation ? I have noted that the multi-key CGAs are implemented there, but the CGA generation process is different :
* In the paper, a multi-key CGA is generated by including a SHA-1 hash of all the public keys as the public key field of the CGA parameter data structure.
* In the DoCoMo SEND implementation, a multi-key CGA is generated by including one public key in the public key field of the parameter data structure. The other keys are included as multi-key extensions with extension type 1.