, Volume 26, Issue 2, pp 340-373

Sequential Aggregate Signatures, Multisignatures, and Verifiably Encrypted Signatures Without Random Oracles

Purchase on Springer.com

$39.95 / €34.95 / £29.95*

Rent the article at a discount

Rent now

* Final gross prices may vary according to local VAT.

Get Access


We present the first aggregate signature, the first multisignature, and the first verifiably encrypted signature provably secure without random oracles. Our constructions derive from a novel application of a recent signature scheme due to Waters. Signatures in our aggregate signature scheme are sequentially constructed, but knowledge of the order in which messages were signed is not necessary for verification. The aggregate signatures obtained are shorter than Lysyanskaya et al.’s sequential aggregates and can be verified more efficiently than Boneh et al.’s aggregates. We also consider applications to secure routing and proxy signatures.

Communicated by Keneth G. Paterson
S. Lu was supported in part by NSF Grant DMS-0502315.
R. Ostrovsky was supported in part by a gift from Teradata, Intel Equipment Grant, NSF Cybertrust Grant No. 0430254, OKAWA Research Award, B. John Garrick Foundation and Xerox Innovation Group Award.
A. Sahai was supported in part by grants from the NSF ITR and Cybertrust programs, a generous Equipment Grant from Intel, and an Alfred P. Sloan Foundation Fellowship.
H. Shacham was supported by a MURI Grant administered by the Air Force Office of Scientific Research. Work done while at the Weizmann Institute of Science, supported by a Koshland Scholars Program Fellowship.
B. Waters was supported by DHS and DOI Contract No. NBCHF040146. Views expressed in this paper do not necessarily reflect those of DHS and DOI.