Sequential Aggregate Signatures, Multisignatures, and Verifiably Encrypted Signatures Without Random Oracles
 Steve Lu,
 Rafail Ostrovsky,
 Amit Sahai,
 Hovav Shacham,
 Brent Waters
 … show all 5 hide
Purchase on Springer.com
$39.95 / €34.95 / £29.95*
Rent the article at a discount
Rent now* Final gross prices may vary according to local VAT.
Abstract
We present the first aggregate signature, the first multisignature, and the first verifiably encrypted signature provably secure without random oracles. Our constructions derive from a novel application of a recent signature scheme due to Waters. Signatures in our aggregate signature scheme are sequentially constructed, but knowledge of the order in which messages were signed is not necessary for verification. The aggregate signatures obtained are shorter than Lysyanskaya et al.’s sequential aggregates and can be verified more efficiently than Boneh et al.’s aggregates. We also consider applications to secure routing and proxy signatures.
Inside
Within this Article
 Introduction
 Preliminaries
 Sequential Aggregate Signatures
 Multisignatures
 Verifiably Encrypted Signatures
 Comparison to Previous Work
 Conclusions and Open Problems
 References
 References
Other actions
 N. Asokan, V. Shoup, M. Waidner, Optimistic fair exchange of digital signatures. IEEE J. Sel. Areas Commun. 18(4), 593–610 (2000) CrossRef
 F. Bao, R. Deng, W. Mao, Efficient and practical fair exchange protocols with offline TTP, in Proceedings of IEEE Security & Privacy, ed. by P. Karger, L. Gong (1998), pp. 77–85
 P. Barreto, M. Naehrig, Pairingfriendly elliptic curves of prime order, in Proceedings of SAC 2005, ed. by B. Preneel, S. Tavares. LNCS, vol. 3897 (Springer, Berlin, 2006), pp. 319–331
 M. Bellare, C. Namprempre, G. Neven, Security proofs for identitybased identification and signature schemes, in Proceedings of Eurocrypt 2004, ed. by C. Cachin, J. Camenisch. LNCS, vol. 3027 (Springer, Berlin, 2004), pp. 268–286 CrossRef
 M. Bellare, C. Namprempre, G. Neven, Unrestricted aggregate signatures, in Proceedings of ICALP 2007, ed. by L. Arge, C. Cachin, T. Jurdziński, A. Tarlecki. LNCS, vol. 4596 (Springer, Berlin, 2007), pp. 411–422
 M. Bellare, T. Ristenpart, Simulation without the artificial abort: Simplified proof and improved concrete security for Waters’ IBE scheme, in Proceedings of Eurocrypt 2009, ed. by A. Joux. LNCS, vol. 5479 (Springer, Berlin, 2009), pp. 407–424 CrossRef
 A. Boldyreva, Threshold signature, multisignature and blind signature schemes based on the gapDiffie–Hellmangroup signature scheme, in Proceedings of PKC 2003, ed. by Y. Desmedt. LNCS, vol. 2567 (Springer, Berlin, 2003), pp. 31–46
 A. Boldyreva, A. Palacio, B. Warinschi, Secure proxy signature schemes for delegation of signing rights. Cryptology ePrint Archive, Report 2003/096 (2003). http://eprint.iacr.org/
 D. Boneh, X. Boyen, Efficient selectiveID secure identity based encryption without random oracles, in Proceedings of Eurocrypt 2004, ed. by C. Cachin, J. Camenisch. LNCS, vol. 3027 (Springer, Berlin, 2004), pp. 223–238 CrossRef
 D. Boneh, M. Franklin, Identitybased encryption from the Weil pairing. SIAM J. Comput. 32(3), 586–615 (2003). Extended abstract in Proceedings of Crypto 2001 CrossRef
 D. Boneh, C. Gentry, B. Lynn, H. Shacham, Aggregate and verifiably encrypted signatures from bilinear maps, in Proceedings of Eurocrypt 2003, ed. by E. Biham. LNCS, vol. 2656 (Springer, Berlin, 2003), pp. 416–432 CrossRef
 D. Boneh, B. Lynn, H. Shacham, Short signatures from the Weil pairing. J. Cryptol. 17(4), 297–319 (2004). Extended abstract in Proceedings of Asiacrypt 2001 CrossRef
 R. Canetti, O. Goldreich, S. Halevi, The random oracle methodology, revisited. J. ACM 51(4), 557–594 (2004) CrossRef
 S. Chatterjee, A. Menezes, On cryptographic protocols employing asymmetric pairings—the role of ψ revisited. Cryptology ePrint Archive, Report 2009/480 (2009). http://eprint.iacr.org/
 S. Chatterjee, P. Sarkar, Trading time for space: Towards an efficient IBE scheme with short(er) public parameters in the standard model, in Proceedings of ICISC 2005, ed. by D. Won, S. Kim. LNCS, vol. 3935 (Springer, Berlin, 2005), pp. 424–440
 J.S. Coron, D. Naccache, Boneh et al.’s kelement aggregate extraction assumption is equivalent to the Diffie–Hellman assumption, in Proceedings of Asiacrypt 2003, ed. by C.S. Laih. LNCS, vol. 2894 (Springer, Berlin, 2003), pp. 392–397 CrossRef
 S. Galbraith, Pairings, in Advances in Elliptic Curve Cryptography, ed. by I.F. Blake, G. Seroussi, N. Smart. London Mathematical Society Lecture Notes, vol. 317 (Cambridge University Press, Cambridge, 2005), pp. 183–213. Chapter IX CrossRef
 D. Galindo, J. Herranz, E. Kiltz, On the generic construction of identitybased signatures with additional properties, in Proceedings of Asiacrypt 2006, ed. by X. Lai, K. Chen. LNCS, vol. 4284 (Springer, Berlin, 2006), pp. 178–193 CrossRef
 C. Gentry, A. Silverberg, Hierarchical IDbased cryptography, in Proceedings of Asiacrypt 2002, ed. by Y. Zheng. LNCS, vol. 2501 (Springer, Berlin, 2002), pp. 548–566 CrossRef
 S. Goldwasser, S. Micali, R. Rivest, A digital signature scheme secure against adaptive chosenmessage attacks. SIAM J. Comput. 17(2), 281–308 (1988) CrossRef
 J. Groth, R. Ostrovsky, A. Sahai, Perfect noninteractive zero knowledge for NP, in Proceedings of Eurocrypt 2006, ed. by S. Vaudenay. LNCS, vol. 4004 (Springer, Berlin, 2006), pp. 339–358 CrossRef
 R. Hayashi, T. Okamoto, K. Tanaka, An RSA family of trapdoor permutations with a common domain and its applications, in Proceedings of PKC 2004, ed. by F. Bao, R.H. Deng, J. Zhou. LNCS, vol. 2947 (Springer, Berlin, 2004), pp. 291–304
 F. Hess, On the security of the verifiably encrypted signature scheme of Boneh, Gentry, Lynn and Shacham. Inf. Process. Lett. 89(3), 111–114 (2004) CrossRef
 K. Itakura, K. Nakamura, A publickey cryptosystem suitable for digital multisignatures. NEC J. Res. Dev. 71, 1–8 (1983)
 S. Kent, C. Lynn, K. Seo, Secure border gateway protocol (secureBGP). IEEE J. Sel. Areas Commun. 18(4), 582–592 (2000) CrossRef
 N. Koblitz, A. Menezes, Pairingbased cryptography at high security levels, in Proceedings of Cryptography and Coding 2005, ed. by N. Smart. LNCS, vol. 3796 (Springer, Berlin, 2005), pp. 13–36 CrossRef
 S. Lu, R. Ostrovsky, A. Sahai, H. Shacham, B. Waters, Sequential aggregate signatures and multisignatures without random oracles, in Proceedings of Eurocrypt 2006, ed. by S. Vaudenay. LNCS, vol. 4004 (Springer, Berlin, 2006), pp. 465–485 CrossRef
 A. Lysyanskaya, S. Micali, L. Reyzin, H. Shacham, Sequential aggregate signatures from trapdoor permutations, in Proceedings of Eurocrypt 2004, ed. by C. Cachin, J. Camenisch. LNCS, vol. 3027 (Springer, Berlin, 2004), pp. 74–90 CrossRef
 M. Mambo, K. Usuda, E. Okamoto, Proxy signatures for delegating signing operation, in Proceedings of CCS 1996, ed. by L. Gong, J. Stearn (ACM, New York, 1996), pp. 48–57
 A. Menezes, T. Okamoto, P. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Inf. Theory 39(5), 1639–1646 (1993) CrossRef
 S. Micali, K. Ohta, L. Reyzin, Accountablesubgroup multisignatures (extended abstract), in Proceedings of CCS 2001, ed. by P. Samarati (ACM, New York, 2001), pp. 245–254
 E. Mykletun, M. Narasimha, G. Tsudik, Signature bouquets: Immutability for aggregated/condensed signatures, in Proceedings of ESORICS 2004, ed. by P. Ryan, P. Samarati. LNCS, vol. 3193 (Springer, Berlin, 2004), pp. 160–176
 D. Naccache, Secure and practical identitybased encryption. Cryptology ePrint Archive, Report 2005/369 (2005). http://eprint.iacr.org/
 G. Neven, Efficient sequential aggregate signed data, in Proceedings of Eurocrypt 2008, ed. by N. Smart. LNCS, vol. 4965 (Springer, Berlin, 2008), pp. 52–69 CrossRef
 D. Nicol, S. Smith, M. Zhao, Evaluation of efficient security for BGP route announcements using parallel simulation. Simul. Model. Pract. Theory 12, 187–216 (2004) CrossRef
 K. Ohta, T. Okamoto, Multisignature schemes secure against active insider attacks. IEICE Trans. Fundam. E82A(1), 21–31 (1999)
 T. Okamoto, A digital multisignature scheme using bijective publickey cryptosystems. ACM Trans. Comput. Syst. 6(4), 432–441 (1988) CrossRef
 K. Paterson, Cryptography from pairings, in Advances in Elliptic Curve Cryptography, ed. by I.F. Blake, G. Seroussi, N. Smart. London Mathematical Society Lecture Notes, vol. 317 (Cambridge University Press, Cambridge, 2005), pp. 215–251. Chapter X CrossRef
 K. Paterson, J. Schuldt, Efficient identitybased signatures secure in the standard model, in Proceedings of ACISP 2006, ed. by L. Batten, R. SafaviNaini. LNCS, vol. 4058 (Springer, Berlin, 2006), pp. 207–222
 Y. Rekhter, T. Li, S. Hares, A Border Gateway Protocol 4 (BGP4). RFC 4271 (draft standard), Jan. 2006
 T. Ristenpart, S. Yilek, The power of proofsofpossession: securing multiparty signatures against roguekey attacks, in Proceedings of Eurocrypt 2007, ed. by M. Naor. LNCS, vol. 4515 (Springer, Berlin, 2007), pp. 228–245 CrossRef
 M. Rückert, D. Schröder, Security of verifiably encrypted signatures and a construction without random oracles, in Proceedings of Pairing 2009, ed. by H. Shacham, B. Waters. LNCS, vol. 5671 (Springer, Berlin, 2009), pp. 17–34 CrossRef
 H. Shacham, New paradigms in signature schemes. Ph.D. thesis, Stanford University, 2005
 B. Waters, Efficient identitybased encryption without random oracles, in Proceedings of Eurocrypt 2005, ed. by R. Cramer. LNCS, vol. 3494 (Springer, Berlin, 2005), pp. 114–127 CrossRef
 Title
 Sequential Aggregate Signatures, Multisignatures, and Verifiably Encrypted Signatures Without Random Oracles
 Journal

Journal of Cryptology
Volume 26, Issue 2 , pp 340373
 Cover Date
 20130401
 DOI
 10.1007/s0014501291265
 Print ISSN
 09332790
 Online ISSN
 14321378
 Publisher
 SpringerVerlag
 Additional Links
 Topics
 Keywords

 Waters signature
 Bilinear map
 Secure BGP
 Industry Sectors
 Authors

 Steve Lu ^{(1)}
 Rafail Ostrovsky ^{(1)}
 Amit Sahai ^{(1)}
 Hovav Shacham ^{(2)}
 Brent Waters ^{(3)}
 Author Affiliations

 1. Los Angeles, CA, USA
 2. La Jolla, CA, USA
 3. Austin, TX, USA