Article

Aggregate and verifiably encrypted signatures from bilinear maps

Authors:

Hovav ShachamAuthors Info & Claims

EUROCRYPT'03: Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques

May 2003

Pages 416 - 432

Published: 04 May 2003 Publication History

Abstract

An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into a single short signature. This single signature (and the n original messages) will convince the verifier that the n users did indeed sign the n original messages (i.e., user i signed message M_i for i = 1, . . . , n). In this paper we introduce the concept of an aggregate signature, present security models for such signatures, and give several applications for aggregate signatures. We construct an efficient aggregate signature from a recent short signature scheme based on bilinear maps due to Boneh, Lynn, and Shacham. Aggregate signatures are useful for reducing the size of certificate chains (by aggregating all signatures in the chain) and for reducing message size in secure routing protocols such as SBGP. We also show that aggregate signatures give rise to verifiably encrypted signatures. Such signatures enable the verifier to test that a given ciphertext C is the encryption of a signature on a given message M. Verifiably encrypted signatures are used in contract-signing protocols. Finally, we show that similar ideas can be used to extend the short signature scheme to give simple ring signatures.

References

[1]

N. Asokan, V. Shoup, and M. Waidner. Optimistic fair exchange of digital signatures. IEEE J. Selected Areas in Comm., 18(4):593-610, April 2000.

Digital Library

[2]

F. Bao, R. Deng, and W. Mao. Efficient and practical fair exchange protocols with offline TTP. In Proceedings of IEEE Symposium on Security and Privacy, pages 77-85, 1998.

[3]

M. Bellare and P. Rogaway. The exact security of digital signatures: How to sign with RSA and Rabin. In Proceedings of Eurocrypt '96, volume 1070 of LNCS, pages 399-416. Springer-Verlag, 1996.

Digital Library

[4]

A. Boldyreva. Efficient threshold signature, multisignature and blind signature schemes based on the gap-Diffie-Hellman-group signature scheme. In Proceedings of PKC 2003, volume 2567 of LNCS, pages 31-46. Springer-Verlag, 2003.

Digital Library

[5]

D. Boneh and M. Franklin. Identity-based encryption from the Weil pairing. In Proceedings of Crypto 2001, volume 2139 of LNCS, pages 213-29. Springer-Verlag, 2001.

Digital Library

[6]

D. Boneh, C. Gentry, B. Lynn, and H. Shacham. Aggregate and verifiably encrypted signatures from bilinear maps. Cryptology ePrint Archive, Report 2002/175, 2002. http://eprint.iacr.org/.

[7]

D. Boneh, B. Lynn, and H. Shacham. Short signatures from the Weil pairing. In Proceedings of Asiacrypt 2001, volume 2248 of LNCS, pages 514-32. Springer-Verlag, 2001. Full paper: http://crypto.stanford.edu/~dabo/pubs.html.

Digital Library

[8]

Y. Dodis. Efficient construction of (distributed) verifiable random functions. In Proceedings of PKC 2003, volume 2567 of LNCS, pages 1-17. Springer-Verlag, 2003.

Digital Library

[9]

A. Fiat. Batch RSA. In Proceedings of Crypto '89, pages 175-185, 1989.

Digital Library

[10]

J. Garay, M. Jakobsson, and P. MacKenzie. Abuse-free optimistic contract signing. In Proceedings of Crypto '99, volume 1666 of LNCS, pages 449-466. Springer-Verlag, 1999.

Digital Library

[11]

P. Gemmel. An introduction to threshold cryptography. RSA CryptoBytes, 2(3):7- 12, 1997.

[12]

R. Gennaro, T. Rabin, S. Jarecki, and H. Krawczyk. Robust and efficient sharing of RSA functions. J. Cryptology, 13(2):273-300, 2000.

Digital Library

[13]

C. Gentry and A. Silverberg. Hierarchical ID-based cryptography. In Proceedings of Asiacrypt 2002, volume 2501 of LNCS, pages 548-66. Springer-Verlag, 2002.

Digital Library

[14]

S. Goldwasser, S. Micali, and R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Computing, 17(2):281-308, 1988.

Digital Library

[15]

J. Horwitz and B. Lynn. Toward hierarchical identity-based encryption. In Proceedings of Eurocrypt 2002, volume 2332 of LNCS, pages 466-81. Springer-Verlag, 2002.

Digital Library

[16]

A. Joux. A one round protocol for tripartite Diffie-Hellman. In Proceedings of ANTS IV, volume 1838 of LNCS, pages 385-94. Springer-Verlag, 2000.

Digital Library

[17]

S. Kent, C. Lynn, and K. Seo. Secure border gateway protocol (Secure-BGP). IEEE J. Selected Areas in Comm., 18(4):582-92, April 2000.

Digital Library

[18]

A. Lysyanskaya. Unique signatures and verifiable random functions from the DH-DDH separation. In Proceedings of Crypto 2002, volume 2442 of LNCS, pages 597-612. Springer-Verlag, 2002.

Digital Library

[19]

S. Micali, K. Ohta, and L. Reyzin. Accountable-subgroup multisignatures (extended abstract). In Proceedings of CCS 2001, pages 245-54. ACM Press, 2001.

Digital Library

[20]

S. Micali and R. Rivest. Transitive signature schemes. In Proceedings of RSA 2002, volume 2271 of LNCS, pages 236-43. Springer-Verlag, 2002.

Digital Library

[21]

A. Miyaji, M. Nakabayashi, and S. Takano. New explicit conditions of elliptic curve traces for FR-reduction. IEICE Trans. Fundamentals, E84-A(5):1234-43, May 2001.

[22]

M. Naor. Deniable ring authentication. In Proceedings of Crypto 2002, volume 2442 of LNCS, pages 481-98. Springer-Verlag, 2002.

Digital Library

[23]

K. Ohta and T. Okamoto. Multisignature schemes secure against active insider attacks. IEICE Trans. Fundamentals, E82-A(1):21-31, 1999.

[24]

T. Okamoto. A digital multisignature scheme using bijective public-key cryptosystems. ACM Trans. Computer Systems, 6(4):432-441, 1998.

Digital Library

[25]

T. Okamoto and D. Pointcheval. The gap problems: A new class of problems for the security of cryptographic primitives. In Proceedings of PKC 2001, volume 1992 of LNCS, pages 104-118. Springer-Verlag, 2001.

Digital Library

[26]

G. Poupard and J. Stern. Fair encryption of RSA keys. In Proceedings of Eurocrypt 2000, volume 1807 of LNCS, pages 172-89. Springer-Verlag, 2000.

Digital Library

[27]

R. Rivest, A. Shamir, and Y. Tauman. How to leak a secret. In Proceedings of Asiacrypt 2001, volume 2248 of LNCS, pages 552-65. Springer-Verlag, 2001.

Digital Library

[28]

F. Zhang and K. Kim. ID-based blind signature and ring signature from pairings. In Proceedings of Asiacrypt 2002, volume 2501 of LNCS, pages 533-47. Springer-Verlag, 2002.

Digital Library

Cited By

Alhaddad NDas SDuan SRen LVaria MXiang ZZhang HMilani AWoelfel P(2022)Balanced Byzantine Reliable Broadcast with Near-Optimal Communication and Improved ComputationProceedings of the 2022 ACM Symposium on Principles of Distributed Computing10.1145/3519270.3538475(399-417)Online publication date: 20-Jul-2022
https://dl.acm.org/doi/10.1145/3519270.3538475
Khaburzaniya IChalkias KLewi KMalvai HSuga YSakurai KDing XSako K(2022)Aggregating and Thresholdizing Hash-based Signatures using STARKsProceedings of the 2022 ACM on Asia Conference on Computer and Communications Security10.1145/3488932.3524128(393-407)Online publication date: 30-May-2022
https://dl.acm.org/doi/10.1145/3488932.3524128
Suri-Payer FBurke MWang ZZhang YAlvisi LCrooks N(2021)BasilProceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles10.1145/3477132.3483552(1-17)Online publication date: 26-Oct-2021
https://dl.acm.org/doi/10.1145/3477132.3483552
Show More Cited By

Index Terms

Aggregate and verifiably encrypted signatures from bilinear maps

Index terms have been assigned to the content through auto-classification.

Recommendations

Identity-Based aggregate and verifiably encrypted signatures from bilinear pairing
ICCSA'05: Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part IV

Aggregate signatures are digital signatures that allown players to sign n different messages and all these signatures can be aggregated into a single signature. This single signature enables the verifier to determine whether then players have signed the ...
Read More
Sequential Aggregate Signatures, Multisignatures, and Verifiably Encrypted Signatures Without Random Oracles

We present the first aggregate signature, the first multisignature, and the first verifiably encrypted signature provably secure without random oracles. Our constructions derive from a novel application of a recent signature scheme due to Waters. ...
Read More
Certificate-based verifiably encrypted RSA signatures

The RSA signature scheme is one of the most popular signature schemes to date. This paper proposes a certificate-based verifiably encrypted RSA signature scheme that is the first to accomplish optimistic fair exchange of the standard RSA signatures. The ...
Read More

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

EUROCRYPT'03: Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques

May 2003

649 pages

ISBN:3540140395

Editor:
Eli Biham
Technion-Israel Institute of Technology, Computer Science Department, Haifa, Israel

Sponsors

IACR: International Association for Cryptologic Research

In-Cooperation

Institute of Mathematics and Cryptology
Military University of Technology

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 04 May 2003

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

295
Total Citations
View Citations
16
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Other Metrics

View Author Metrics

Citations

Cited By

Alhaddad NDas SDuan SRen LVaria MXiang ZZhang HMilani AWoelfel P(2022)Balanced Byzantine Reliable Broadcast with Near-Optimal Communication and Improved ComputationProceedings of the 2022 ACM Symposium on Principles of Distributed Computing10.1145/3519270.3538475(399-417)Online publication date: 20-Jul-2022
https://dl.acm.org/doi/10.1145/3519270.3538475
Khaburzaniya IChalkias KLewi KMalvai HSuga YSakurai KDing XSako K(2022)Aggregating and Thresholdizing Hash-based Signatures using STARKsProceedings of the 2022 ACM on Asia Conference on Computer and Communications Security10.1145/3488932.3524128(393-407)Online publication date: 30-May-2022
https://dl.acm.org/doi/10.1145/3488932.3524128
Suri-Payer FBurke MWang ZZhang YAlvisi LCrooks N(2021)BasilProceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles10.1145/3477132.3483552(1-17)Online publication date: 26-Oct-2021
https://dl.acm.org/doi/10.1145/3477132.3483552
Król MSonnino AAl-Bassam MTasiopoulos ARivière EPsaras I(2021)Proof-of-Prestige: A Useful Work Reward System for Unverifiable TasksACM Transactions on Internet Technology10.1145/341948321:2(1-27)Online publication date: 15-Jun-2021
https://dl.acm.org/doi/10.1145/3419483
Dauterman ECorrigan-Gibbs HMazières DLu SHowell J(2020)SafetyPinProceedings of the 14th USENIX Conference on Operating Systems Design and Implementation10.5555/3488766.3488829(1121-1138)Online publication date: 4-Nov-2020
https://dl.acm.org/doi/10.5555/3488766.3488829
Dauterman EFeng ELuo EPopa RStoica ILu SHowell J(2020)DORYProceedings of the 14th USENIX Conference on Operating Systems Design and Implementation10.5555/3488766.3488828(1101-1119)Online publication date: 4-Nov-2020
https://dl.acm.org/doi/10.5555/3488766.3488828
Li PWang GChen XLong FXu WFonseca RDelimitrou COoi B(2020)GosigProceedings of the 11th ACM Symposium on Cloud Computing10.1145/3419111.3421272(223-237)Online publication date: 12-Oct-2020
https://dl.acm.org/doi/10.1145/3419111.3421272
Wang JLuo FZhou ZLuo XWang Z(2019)Optimistic Fair Exchange in Cloud-Assisted Cyber-Physical SystemsSecurity and Communication Networks10.1155/2019/51750762019Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.1155/2019/5175076
Zhao YGalbraith SRussello GSusilo WGollmann DKirda ELiang Z(2019)Practical Aggregate Signature from General Elliptic Curves, and Applications to BlockchainProceedings of the 2019 ACM Asia Conference on Computer and Communications Security10.1145/3321705.3329826(529-538)Online publication date: 2-Jul-2019
https://dl.acm.org/doi/10.1145/3321705.3329826
Lin SPu FCui L(2019)Three attacks of certificateless aggregate signature schemeProceedings of the ACM Turing Celebration Conference - China10.1145/3321408.3326691(1-6)Online publication date: 17-May-2019
https://dl.acm.org/doi/10.1145/3321408.3326691
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents