Unique Aggregate Signatures with Applications to Distributed Verifiable Random Functions

  • Veronika Kuchta
  • Mark Manulis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8257)


The computation process of a Distributed Verifiable Random Function (DVRF) on some input specified by the user involves multiple, possibly malicious servers, and results in a publicly verifiable pseudorandom output to the user. Previous DVRF constructions assumed trusted generation of secret keys for the servers and imposed a threshold on the number of corrupted servers.

In this paper we propose the first generic approach for building DVRFs, under much weaker setup assumptions, where we only require existence of a shared random string. More precisely, we first aim at constructions of Distributed Verifiable Unpredictable Functions (DVUF) that can then be converted to DVRF using inner products with a random string as specified by Micali, Rabin, and Vadhan (FOCS’99) for the non-distributed VUF/VRF case.

Our main contribution are generic DVUF constructions from aggregate signatures that satisfy the property of uniqueness. We define uniqueness for two flavors of aggregate signatures (with public and sequential aggregation) and show that both flavors can be used to obtain DVUF. By proving uniqueness of existing pairing-based aggregate signature schemes we immediately obtain several concrete communication-efficient DVUF/DVRF instantiations.


Signature Scheme Random Oracle Security Parameter Aggregate Signature Signing Oracle 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abdalla, M., Catalano, D., Fiore, D.: Verifiable Random Functions from Identity-Based Key Encapsulation. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 554–571. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  2. 2.
    Bagherzandi, A., Cheon, J.H., Jarecki, S.: Multisignatures Secure under the Discrete Logarithm Assumption and a Generalized Forking Lemma. In: ACM CCS 2008, pp. 449–458. ACM (2008)Google Scholar
  3. 3.
    Bellare, M., Neven, G.: Multi-Signatures in the Plain Public-Key Model and a General Forking Lemma. In: ACM CCS 2006, pp. 390–399. ACM (2006)Google Scholar
  4. 4.
    Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: ACM CCS 1993, pp. 62–73. ACM (1993)Google Scholar
  5. 5.
    Boldyreva, A.: Threshold Signatures, Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Boldyreva, A., Gentry, C., O’Neill, A., Yum, D.H.: Ordered Multisignatures and Identity-Based Sequential Aggregate Signatures, with Applications to Secure Routing. In: ACM CCS 2007, pp. 276–285. ACM (2007)Google Scholar
  7. 7.
    Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and Verifiably Encrypted Signatures from Bilinear Maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 416–432. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Boneh, D., Lynn, B., Shacham, H.: Short Signatures from the Weil Pairing. Journal of Cryptology 17, 297–319 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Camenisch, J.L., Lysyanskaya, A.: Signature Schemes and Anonymous Credentials from Bilinear Maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Canetti, R., Goldreich, O., Halevi, S.: The Random Oracle Methodology, Revisited. In: ACM STOC 1998, pp. 209–218 (1998)Google Scholar
  11. 11.
    Dodis, Y.: Efficient Construction of (Distributed) Verifiable Random Functions. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 1–17. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Dodis, Y., Yampolskiy, A.: A Verifiable Random Function with Short Proofs and Keys. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 416–431. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Feige, U., Killian, J., Naor, M.: A Minimal Model for Secure Computation. In: ACM STOC 1994, pp. 554–563. ACM (1994)Google Scholar
  14. 14.
    Franklin, M., Zhang, H.: Unique Group Signatures. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 643–660. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  15. 15.
    Franklin, M., Zhang, H.: A Framework for Unique Ring Signatures. In: IACR Cryptology ePrint Archive, Report 2012/577 (2012)Google Scholar
  16. 16.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure Distributed Key Generation for Discrete-Log Based Cryptosystems. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 295–310. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  17. 17.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. Journal of ACM 33(4), 792–807 (1986)MathSciNetCrossRefGoogle Scholar
  18. 18.
    Goldreich, O., Levin, L.A.: A Hard-Core Predicate for All One-Way Functions. In: ACM STOC 1989, pp. 25–32. ACM (1989)Google Scholar
  19. 19.
    Goldwasser, S., Ostrovsky, R.: Invariant Signatures and Non-Interactive Zero-Knowledge Proofs are Equivalent. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 228–245. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  20. 20.
    Jarecki, S., Shmatikov, V.: Handcuffing Big Brother: An Abuse-Resilient Transaction Escrow Scheme. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 590–608. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  21. 21.
    Liskov, M.: Updatable Zero-Knowledge Databases. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 174–198. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  22. 22.
    Lu, S., Ostrovsky, R., Sahai, A., Shacham, H., Waters, B.: Sequential Aggregate Signatures and Multisignatures Without Random Oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 465–485. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  23. 23.
    Lysyanskaya, A., Micali, S., Reyzin, L., Shacham, H.: Sequential Aggregate Signatures from Trapdoor Permutations. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 74–90. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  24. 24.
    Lysyanskaya, A.: Unique Signatures and Verifiable Random Functions from the DH-DDH Separation. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 597–612. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  25. 25.
    Micali, S., Rabin, M., Vadhan, S.: Verifiable Random Functions. In: IEEE FOCS 1999, pp. 120–130. IEEE Computer Society (1999)Google Scholar
  26. 26.
    Micali, S., Reyzin, L.: Soundness in the Public-Key Model. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 542–565. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  27. 27.
    Micali, S., Ohta, K., Reyzin, L.: Accountable-subgroup multisignatures: extended abstract. In: ACM CCS 2001, pp. 245–254. ACM (2001)Google Scholar
  28. 28.
    Micali, S., Rivest, R.L.: Micropayments Revisited. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 149–163. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  29. 29.
    Ristenpart, T., Yilek, S.: The Power of Proofs-of-Possession: Securing Multiparty Signatures against Rogue-Key Attacks. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 228–245. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  30. 30.
    Shamir, A.: How to Share a Secret. Communications of the ACM 22(11), 612–613 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  31. 31.
    Schröder, D.: How to aggregate the CL signature scheme. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 298–314. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  32. 32.
    Waters, B.: Efficient Identity-Based Encryption without Random Oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  33. 33.
    Zhou, Y., Qian, H., Li, X.: Non-Interactive CDH-Based Multisignature Scheme in the Plain Public Key Model with Tighter Security. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 341–354. Springer, Heidelberg (2011)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2013

Authors and Affiliations

  • Veronika Kuchta
    • 1
  • Mark Manulis
    • 1
  1. 1.Department of ComputingUniversity of SurreyUnited Kingdom

Personalised recommendations