Fast Authentication from Aggregate Signatures with Improved Security

  • Muslum Ozgur OzmenEmail author
  • Rouzbeh Behnia
  • Attila A. Yavuz
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11598)


An attempt to derive signer-efficient digital signatures from aggregate signatures was made in a signature scheme referred to as Structure-free Compact Rapid Authentication (SCRA) (IEEE TIFS 2017). In this paper, we first mount a practical universal forgery attack against the NTRU instantiation of SCRA by observing only 8161 signatures. Second, we propose a new signature scheme (\(\texttt {FAAS}\)), which transforms any single-signer aggregate signature scheme into a signer-efficient scheme. We show two efficient instantiations of \(\texttt {FAAS}\), namely, \(\texttt {FAAS}\hbox {-}{} \texttt {NTRU}\) and \(\texttt {FAAS}\hbox {-}{} \texttt {RSA}\), both of which achieve high computational efficiency. Our experiments confirmed that \(\texttt {FAAS}\) schemes achieve up to 100\(\times \) faster signature generation compared to their underlying schemes. Moreover, \(\texttt {FAAS}\) schemes eliminate some of the costly operations such as Gaussian sampling, rejection sampling, and exponentiation at the signature generation that are shown to be susceptible to side-channel attacks. This enables \(\texttt {FAAS}\) schemes to enhance the security and efficiency of their underlying schemes. Finally, we prove that \(\texttt {FAAS}\) schemes are secure (in random oracle model), and open-source both our attack and \(\texttt {FAAS}\) implementations for public testing purposes.


Authentication Digital signatures Universal forgery NTRU-based signatures 



We would like to thank Zhenfei Zhang and the anonymous reviewers for their insightful comments and suggestions. This work is supported by the Department of Energy Award DE-OE0000780 and NSF Award #1652389.

Supplementary material


  1. 1.
    IEEE guide for wireless access in vehicular environments (wave) - architecture. IEEE Std 1609.0-2013, pp. 1–78, March 2014Google Scholar
  2. 2.
  3. 3.
    The cyber resilient energy delivery consortium (CREDC) (2018).
  4. 4.
    Post-quantum cryptography standardization conference (2018).
  5. 5.
    American Bankers Association: ANSI X9.62-1998: Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA) (1999)Google Scholar
  6. 6.
    Aumasson, J.P., Henzen, L., Meier, W., Phan, R.C.W.: SHA-3 proposal blake. Submission to NIST (Round 3) (2010).
  7. 7.
    Bellare, M., Garay, J.A., Rabin, T.: Fast batch verification for modular exponentiation and digital signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 236–250. Springer, Heidelberg (1998). Scholar
  8. 8.
    Bernstein, D.J., et al.: SPHINCS: practical stateless hash-based signatures. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 368–397. Springer, Heidelberg (2015). Scholar
  9. 9.
    Bernstein, D., Duif, N., Lange, T., Schwabe, P., Yang, B.Y.: High-speed high-security signatures. J. Cryptogr. Eng. 2(2), 77–89 (2012)CrossRefGoogle Scholar
  10. 10.
    Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 416–432. Springer, Heidelberg (2003). Scholar
  11. 11.
    Bos, J., et al.: Frodo: take off the ring! practical, quantum-secure key exchange from LWE. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 1006–1018. ACM, New York (2016).
  12. 12.
    Bos, J.N.E., Chaum, D.: Provably unforgeable signatures. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 1–14. Springer, Heidelberg (1993). Scholar
  13. 13.
    Brier, É., Joye, M.: Weierstraß elliptic curves and side-channel attacks. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 335–345. Springer, Heidelberg (2002). Scholar
  14. 14.
    Coron, J.-S., Naccache, D.: Boneh et al.’s k-element aggregate extraction assumption is equivalent to the diffie-hellman assumption. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 392–397. Springer, Heidelberg (2003). Scholar
  15. 15.
    Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal gaussians. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 40–56. Springer, Heidelberg (2013). Scholar
  16. 16.
    Ducas, L., Lepoint, T., Lyubashevsky, V., Schwabe, P., Seiler, G., Stehle, D.: Crystals - dilithium: digital signatures from module lattices. Cryptology ePrint Archive, Report 2017/633 (2017).
  17. 17.
    El Bansarkhani, R., Buchmann, J.: Towards lattice based aggregate signatures. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 336–355. Springer, Cham (2014). Scholar
  18. 18.
    Espitau, T., Fouque, P., Gérard, B., Tibouchi, M.: Side-channel attacks on BLISS lattice-based signatures: exploiting branch tracing against strongswan and electromagnetic emanations in microcontrollers. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, pp. 1857–1874 (2017)Google Scholar
  19. 19.
    Even, S., Goldreich, O., Micali, S.: On-line/off-line digital signatures. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 263–275. Springer, New York (1990). Scholar
  20. 20.
    Genkin, D., Valenta, L., Yarom, Y.: May the fourth be with you: a microarchitectural side channel attack on several real-world applications of curve25519. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, pp. 845–858. ACM, New York (2017).
  21. 21.
    Granlund, T.: GNU multiple precision arithmetic library 6.1.2.
  22. 22.
    Groot Bruinderink, L., Hülsing, A., Lange, T., Yarom, Y.: Flush, gauss, and reload – a cache attack on the BLISS lattice-based signature scheme. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 323–345. Springer, Heidelberg (2016). Scholar
  23. 23.
    Gungor, V.C., et al.: Smart grid technologies: communication technologies and standards. IEEE Trans. Industr. Inf. 7(4), 529–539 (2011)CrossRefGoogle Scholar
  24. 24.
    Harding, J., et al.: Vehicle-to-Vehicle Communications: Readiness of V2V Technology for Application. U.S, Department of Transportation National Highway Traffic Safety Administration (NHTSA), August 2014Google Scholar
  25. 25.
    Hoffstein, J., Pipher, J., Whyte, W., Zhang, Z.: A signature scheme from learning with truncation. Cryptology ePrint Archive, Report 2017/995 (2017).
  26. 26.
    Kalach, K., Safavi-Naini, R.: An efficient post-quantum one-time signature scheme. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 331–351. Springer, Cham (2016). Scholar
  27. 27.
    Katz, J., Lindell, Y.: Introduction to Modern Cryptography (Chapman & Hall/CRC Cryptography and Network Security Series). Chapman & Hall/CRC (2007)Google Scholar
  28. 28.
    Kelly, J.: A preview of bristlecone, Google’s new quantum processor (2018).
  29. 29.
    Kocher, P.C.: Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). Scholar
  30. 30.
    Ma, D., Tsudik, G.: A new approach to secure logging. ACM Trans. Storage (TOS) 5(1), 1–21 (2009)CrossRefGoogle Scholar
  31. 31.
    Mykletun, E., Narasimha, M., Tsudik, G.: Signature bouquets: immutability for aggregated/condensed signatures. In: Samarati, P., Ryan, P., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 160–176. Springer, Heidelberg (2004). Scholar
  32. 32.
    Mykletun, E., Tsudik, G.: Aggregation queries in the database-as-a-service model. In: Damiani, E., Liu, P. (eds.) DBSec 2006. LNCS, vol. 4127, pp. 89–103. Springer, Heidelberg (2006). Scholar
  33. 33.
    Naccache, D., M’Raïhi, D., Vaudenay, S., Raphaeli, D.: Can D.S.A. be improved?—complexity trade-offs with the digital signature standard. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, pp. 77–85. Springer, Heidelberg. Scholar
  34. 34.
    Nguyen, P.Q., Shparlinski, I.E.: The insecurity of the elliptic curve digital signature algorithm with partially known nonces. Des. Codes Crypt. 30(2), 201–217 (2003)MathSciNetCrossRefGoogle Scholar
  35. 35.
    Ozmen, M.O., Behnia, R., Yavuz, A.A.: Fast authentication from aggregate signatures with improved security. Cryptology ePrint Archive, Report 2018/1141 (2018).
  36. 36.
    Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetCrossRefGoogle Scholar
  37. 37.
    Schindler, W.: Exclusive exponent blinding may not suffice to prevent timing attacks on RSA. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 229–247. Springer, Heidelberg (2015). Scholar
  38. 38.
    Seo, S.H., Won, J., Bertino, E., Kang, Y., Choi, D.: A security framework for a drone delivery service. In: Proceedings of the 2nd Workshop on Micro Aerial Vehicle Networks, Systems, and Applications for Civilian Use, DroNet 2016, pp. 29–34. ACM (2016)Google Scholar
  39. 39.
    Shamir, A., Tauman, Y.: Improved online/offline signature schemes. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 355–367. Springer, Heidelberg (2001). Scholar
  40. 40.
    Shamus: Multiprecision integer and rational arithmetic C/C++ library (MIRACL). Accessed 30 Jan 2018
  41. 41.
    Song, W., Wang, B., Wang, Q., Peng, Z., Lou, W.: Tell me the truth: practically public authentication for outsourced databases with multi-user modification. Inf. Sci. 387, 221–237 (2017)CrossRefGoogle Scholar
  42. 42.
    Tesfay, T., Boudec, J.Y.L.: Experimental comparison of multicast authentication for wide area monitoring systems. IEEE Trans. Smart Grid 9(5), 4394–4404 (2017)CrossRefGoogle Scholar
  43. 43.
    Won, J., Seo, S.H., Bertino, E.: A secure communication protocol for drones and smart objects. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2015, pp. 249–260. ACM (2015)Google Scholar
  44. 44.
    Yavuz, A.A.: An efficient real-time broadcast authentication scheme for command and control messages. IEEE Trans. Inf. Forensics Secur. 9(10), 1733–1742 (2014)CrossRefGoogle Scholar
  45. 45.
    Yavuz, A.A., Mudgerikar, A., Singla, A., Papapanagiotou, I., Bertino, E.: Real-time digital signatures for time-critical networks. IEEE Trans. Inf. Forensics Secur. 12(11), 2627–2639 (2017)CrossRefGoogle Scholar

Copyright information

© International Financial Cryptography Association 2019

Authors and Affiliations

  • Muslum Ozgur Ozmen
    • 1
    Email author
  • Rouzbeh Behnia
    • 1
  • Attila A. Yavuz
    • 2
  1. 1.Oregon State UniversityCorvallisUSA
  2. 2.University of South FloridaTampaUSA

Personalised recommendations