Article

Sequential aggregate signatures and multisignatures without random oracles

Authors:

Rafail Ostrovsky,

Brent WatersAuthors Info & Claims

EUROCRYPT'06: Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques

Pages 465 - 485

https://doi.org/10.1007/11761679_28

Published: 28 May 2006 Publication History

Abstract

We present the first aggregate signature, the first multisignature, and the first verifiably encrypted signature provably secure without random oracles. Our constructions derive from a novel application of a recent signature scheme due to Waters. Signatures in our aggregate signature scheme are sequentially constructed, but knowledge of the order in which messages were signed is not necessary for verification. The aggregate signatures obtained are shorter than Lysyanskaya et al. sequential aggregates and can be verified more efficiently than Boneh et al. aggregates. We also consider applications to secure routing and proxy signatures.

References

[1]

N. Asokan, V. Shoup, and M. Waidner. Optimistic fair exchange of digital signatures. IEEE J. Selected Areas in Comm., 18(4):593-610, Apr. 2000.

Digital Library

[2]

F. Bao, R. Deng, and W. Mao. Efficient and practical fair exchange protocols with offline TTP. In P. Karger and L. Gong, editors, Proceedings of IEEE Security & Privacy, pages 77-85, May 1998.

[3]

P. Barreto and M. Naehrig. Pairing-friendly elliptic curves of prime order. In B. Preneel and S. Tavares, editors, Proceedings of SAC 2005, volume 3897 of LNCS, pages 319-31. Springer-Verlag, 2006.

Digital Library

[4]

M. Bellare, D. Micciancio, and B. Warinschi. Foundations of group signatures: Formal definitions, simplified requirements, and a construction based on general assumptions. In E. Biham, editor, Proceedings of Eurocrypt 2003, volume 2656 of LNCS, pages 614-29. Springer-Verlag, May 2003.

Digital Library

[5]

A. Bender, J. Katz, and R. Morselli. Ring signatures: Stronger definitions, and constructions without random oracles. In S. Halevi and T. Rabin, editors, Proceedings of TCC 2006, volume 3876 of LNCS, pages 60-79. Springer-Verlag, Mar. 2006.

Digital Library

[6]

A. Boldyreva. Threshold signature, multisignature and blind signature schemes based on the gap-Diffie-Hellman-group signature scheme. In Y. Desmedt, editor, Proceedings of PKC 2003, volume 2567 of LNCS, pages 31-46. Springer-Verlag, Jan. 2003.

Digital Library

[7]

A. Boldyreva, A. Palacio, and B. Warinschi. Secure proxy signature schemes for delegation of signing rights. Cryptology ePrint Archive, Report 2003/096, 2003. http://eprint.iacr.org/.

[8]

D. Boneh, C. Gentry, B. Lynn, and H. Shacham. Aggregate and verifiably encrypted signatures from bilinear maps. In E. Biham, editor, Proceedings of Eurocrypt 2003, volume 2656 of LNCS, pages 416-32. Springer-Verlag, May 2003.

Digital Library

[9]

D. Boneh, B. Lynn, and H. Shacham. Short signatures from the Weil pairing. J. Cryptology, 17(4):297-319, Sept. 2004. Extended abstract in Proceedings of Asiacrypt 2001.

Digital Library

[10]

R. Canetti, O. Goldreich, and S. Halevi. The random oracle methodology, revisited. J. ACM, 51(4):557-94, July 2004.

Digital Library

[11]

S. Chatterjee and P. Sarkar. Trading time for space: Towards an efficient IBE scheme with short(er) public parameters in the standard model. In D. Won and S. Kim, editors, Proceedings of ICISC 2005, LNCS. Springer-Verlag, Dec. 2005. To appear.

Digital Library

[12]

J.-S. Coron and D. Naccache. Boneh et al.'s k-element aggregate extraction assumption is equivalent to the Diffie-Hellman assumption. In C. S. Laih, editor, Proceedings of Asiacrypt 2003, volume 2894 of LNCS, pages 392-7. Springer-Verlag, Dec. 2003.

[13]

S. Galbraith. Pairings. In I. F. Blake, G. Seroussi, and N. Smart, editors, Advances in Elliptic Curve Cryptography, volume 317 of London Mathematical Society Lecture Notes, chapter IX, pages 183-213. Cambridge University Press, 2005.

[14]

S. Goldwasser, S. Micali, and R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Computing, 17(2):281-308, 1988.

Digital Library

[15]

J. Groth, R. Ostrovsky, and A. Sahai. Perfect non-interactive zero knowledge for NP. In S. Vaudenay, editor, Proceedings of Eurocrypt 2006, LNCS. Springer-Verlag, May 2006. This volume.

Digital Library

[16]

R. Hayashi, T. Okamoto, and K. Tanaka. An RSA family of trap-door permutations with a common domain and its applications. In F. Bao, R. H. Deng, and J. Zhou, editors, Proceedings of PKC 2004, volume 2947 of LNCS, pages 291-304. Springer-Verlag, Mar. 2004.

[17]

K. Itakura and K. Nakamura. A public-key cryptosystem suitable for digital multisignatures. NEC J. Res. & Dev., 71:1-8, Oct. 1983.

[18]

S. Kent, C. Lynn, and K. Seo. Secure border gateway protocol (Secure-BGP). IEEE J. Selected Areas in Comm., 18(4):582-92, April 2000.

Digital Library

[19]

N. Koblitz and A. Menezes. Pairing-based cryptography at high security levels. In N. Smart, editor, Proceedings of Cryptography and Coding 2005, volume 3796 of LNCS, pages 13-36. Springer-Verlag, Dec. 2005.

Digital Library

[20]

A. Lysyanskaya, S. Micali, L. Reyzin, and H. Shacham. Sequential aggregate signatures from trapdoor permutations. In C. Cachin and J. Camenisch, editors, Proceedings of Eurocrypt 2004, volume 3027 of LNCS, pages 74-90. Springer-Verlag, May 2004.

[21]

M. Mambo, K. Usuda, and E. Okamoto. Proxy signatures for delegating signing operation. In L. Gong and J. Stearn, editors, Proceedings of CCS 1996, pages 48-57. ACM Press, Mar. 1996.

Digital Library

[22]

S. Micali, K. Ohta, and L. Reyzin. Accountable-subgroup multisignatures (extended abstract). In P. Samarati, editor, Proceedings of CCS 2001, pages 245-54. ACM Press, Nov. 2001.

Digital Library

[23]

D. Naccache. Secure and practical identity-based encryption. Cryptology ePrint Archive, Report 2005/369, 2005. http://eprint.iacr.org/.

[24]

D. Nicol, S. Smith, and M. Zhao. Evaluation of efficient security for BGP route announcements using parallel simulation. Simulation Modelling Practice and Theory, 12:187-216, 2004.

[25]

K. Ohta and T. Okamoto. Multisignature schemes secure against active insider attacks. IEICE Trans. Fundamentals, E82-A(1):21-31, 1999.

[26]

T. Okamoto. A digital multisignature scheme using bijective public-key cryptosystems. ACM Trans. Computer Systems, 6(4):432-41, November 1988.

Digital Library

[27]

K. Paterson. Cryptography from pairings. In I. F. Blake, G. Seroussi, and N. Smart, editors, Advances in Elliptic Curve Cryptography, volume 317 of London Mathematical Society Lecture Notes, chapter X, pages 215-51. Cambridge University Press, 2005.

[28]

B. Waters. Efficient identity-based encryption without random oracles. In R. Cramer, editor, Proceedings of Eurocrypt 2005, volume 3494 of LNCS, pages 114-27. Springer-Verlag, May 2005.

Digital Library

Cited By

Gope PLin ZYang YNing J(2024)E-TenonJournal of Computer Security10.3233/JCS-22009732:4(319-348)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.3233/JCS-220097
Yang XZhang CXue HAu M(2024)Efficient Verifiably Encrypted ECDSA Schemes From Castagnos-Laguillaumie and Joye-Libert EncryptionsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.337562219(4161-4173)Online publication date: 11-Mar-2024
https://dl.acm.org/doi/10.1109/TIFS.2024.3375622
Meneghetti ASignorini E(2024)History-Free Sequential Aggregation of Hash-and-Sign SignaturesTopics in Cryptology – CT-RSA 202410.1007/978-3-031-58868-6_8(187-223)Online publication date: 6-May-2024
https://dl.acm.org/doi/10.1007/978-3-031-58868-6_8
Show More Cited By

Recommendations

Sequential Aggregate Signatures, Multisignatures, and Verifiably Encrypted Signatures Without Random Oracles

We present the first aggregate signature, the first multisignature, and the first verifiably encrypted signature provably secure without random oracles. Our constructions derive from a novel application of a recent signature scheme due to Waters. ...
Sequential aggregate signatures with short public keys without random oracles

The notion of aggregate signature has been motivated by applications and it enables any user to compress different signatures signed by different signers on different messages into a short signature. Sequential aggregate signature, in turn, is a special ...
Identity-Based Verifiably Encrypted Signatures without Random Oracles
ProvSec '09: Proceedings of the 3rd International Conference on Provable Security

Fair exchange protocol plays an important role in electronic commerce in the case of exchanging digital contracts. Verifiably encrypted signatures provide an optimistic solution to these scenarios with an off-line trusted third party. In this paper, we ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

EUROCRYPT'06: Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques

May 2006

611 pages

ISBN:3540345469

Editor:
Serge Vaudenay
EPFL, Lausanne, Switzerland

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 28 May 2006

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

107
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Gope PLin ZYang YNing J(2024)E-TenonJournal of Computer Security10.3233/JCS-22009732:4(319-348)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.3233/JCS-220097
Yang XZhang CXue HAu M(2024)Efficient Verifiably Encrypted ECDSA Schemes From Castagnos-Laguillaumie and Joye-Libert EncryptionsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.337562219(4161-4173)Online publication date: 11-Mar-2024
https://dl.acm.org/doi/10.1109/TIFS.2024.3375622
Meneghetti ASignorini E(2024)History-Free Sequential Aggregation of Hash-and-Sign SignaturesTopics in Cryptology – CT-RSA 202410.1007/978-3-031-58868-6_8(187-223)Online publication date: 6-May-2024
https://dl.acm.org/doi/10.1007/978-3-031-58868-6_8
Brodsky MChoudhuri AJain APaneth O(2024)Monotone-Policy Aggregate SignaturesAdvances in Cryptology – EUROCRYPT 202410.1007/978-3-031-58737-5_7(168-195)Online publication date: 26-May-2024
https://dl.acm.org/doi/10.1007/978-3-031-58737-5_7
Pan JWagner B(2024)Toothpicks: More Efficient Fork-Free Two-Round Multi-signaturesAdvances in Cryptology – EUROCRYPT 202410.1007/978-3-031-58716-0_16(460-489)Online publication date: 26-May-2024
https://dl.acm.org/doi/10.1007/978-3-031-58716-0_16
Mir OBauer BGriffy SLysyanskaya ASlamanig DMeng WJensen CCremers CKirda E(2023)Aggregate Signatures with Versatile Randomization and Issuer-Hiding Multi-Authority Anonymous CredentialsProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623203(30-44)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623203
Kabaleeshwaran RVenkata Shanmukh Sai P(2023)Synchronized Aggregate Signature Under Standard Assumption in the Random Oracle ModelProgress in Cryptology – INDOCRYPT 202310.1007/978-3-031-56232-7_10(197-220)Online publication date: 10-Dec-2023
https://dl.acm.org/doi/10.1007/978-3-031-56232-7_10
Boudgoust KTakahashi A(2023)Sequential Half-Aggregation of Lattice-Based SignaturesComputer Security – ESORICS 202310.1007/978-3-031-50594-2_14(270-289)Online publication date: 25-Sep-2023
https://dl.acm.org/doi/10.1007/978-3-031-50594-2_14
Pan JWagner B(2023)Chopsticks: Fork-Free Two-Round Multi-signatures from Non-interactive AssumptionsAdvances in Cryptology – EUROCRYPT 202310.1007/978-3-031-30589-4_21(597-627)Online publication date: 23-Apr-2023
https://dl.acm.org/doi/10.1007/978-3-031-30589-4_21
Fleischhacker NSimkin MZhang ZYin HStavrou ACremers CShi E(2022)SquirrelProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560655(1109-1123)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3560655
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents