Journal of Cryptology

, Volume 26, Issue 2, pp 340-373

First online:

Sequential Aggregate Signatures, Multisignatures, and Verifiably Encrypted Signatures Without Random Oracles

  • Steve LuAffiliated with
  • , Rafail OstrovskyAffiliated with
  • , Amit SahaiAffiliated with
  • , Hovav ShachamAffiliated with Email author 
  • , Brent WatersAffiliated with

Rent the article at a discount

Rent now

* Final gross prices may vary according to local VAT.

Get Access


We present the first aggregate signature, the first multisignature, and the first verifiably encrypted signature provably secure without random oracles. Our constructions derive from a novel application of a recent signature scheme due to Waters. Signatures in our aggregate signature scheme are sequentially constructed, but knowledge of the order in which messages were signed is not necessary for verification. The aggregate signatures obtained are shorter than Lysyanskaya et al.’s sequential aggregates and can be verified more efficiently than Boneh et al.’s aggregates. We also consider applications to secure routing and proxy signatures.

Key words

Waters signature Bilinear map Secure BGP