Abstract
We introduce a short signature scheme based on the Computational Diffie–Hellman assumption on certain elliptic and hyperelliptic curves. For standard security parameters, the signature length is about half that of a DSA signature with a similar level of security. Our short signature scheme is designed for systems where signatures are typed in by a human or are sent over a low-bandwidth channel. We survey a number of properties of our signature scheme such as signature aggregation and batch verification.
Article PDF
Similar content being viewed by others
Author information
Authors and Affiliations
Corresponding authors
Rights and permissions
About this article
Cite this article
Boneh, D., Lynn, B. & Shacham, H. Short Signatures from the Weil Pairing. J Cryptology 17, 297–319 (2004). https://doi.org/10.1007/s00145-004-0314-9
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-004-0314-9