Abstract. One approach to secure mobile agent execution is restricting the agent route to trusted environments. A necessary condition for this approach to be practical is that the agent route be protected. Previous proposals for agent route protection either offer low security or suffer from high computational costs due to cryptographic operations. We present two fast, hash-based mechanisms for agent route protection. The first solution relies on hash collisions and focuses on minimizing the computational cost of route verification by hosts along the route; the cost is shifted to the stage of route protection by the agent owner. The second solution uses Merkle trees and minimizes the cost of route protection by the agent owner, so that a single digital signature suffices to protect the whole route; for hosts along the route, the verification cost is similar to the cost of previous schemes in the literature, namely one digital signature verification per route step. The first solu...