Aggregate and Verifiably Encrypted Signatures from Multilinear Maps without Random Oracles

  • Markus Rückert
  • Dominique Schröder
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5576)


Aggregate signatures provide bandwidth-saving aggregation of ordinary signatures. We present the first unrestricted instantiation without random oracles, based on the Boneh-Silverberg signature scheme. Moreover, our construction yields a multisignature scheme where a single message is signed by a number of signers. Our second result is an application to verifiably encrypted signatures. There, signers encrypt their signature under the public key of a trusted third party and output a proof that the signature is inside. Upon dispute between signer and verifier, the trusted third party is able to recover the signature. These schemes are provably secure in the standard model.


Signature Scheme Random Oracle Random Oracle Model Border Gateway Protocol Digital Signature Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Asokan, N., Shoup, V., Waidner, M.: Optimistic Fair Exchange of Digital Signatures. IEEE Journal on Selected Areas in Communications 18(4), 593–610 (2000)CrossRefzbMATHGoogle Scholar
  2. 2.
    Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and Verifiably Encrypted Signatures from Bilinear Maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 416–432. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Namprempre, C., Neven, G.: Unrestricted aggregate signatures. In: Arge, L., Cachin, C., Jurdziński, T., Tarlecki, A. (eds.) ICALP 2007. LNCS, vol. 4596, pp. 411–422. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  4. 4.
    Boldyreva, A.: Threshold Signatures, Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: Proceedings of the Annual Conference on Computer and Communications Security (CCS). ACM Press, New York (1993)Google Scholar
  6. 6.
    Boneh, D., Silverberg, A.: Applications of Multilinear Forms to Cryptography. Topics in Algebraic and Noncommutative Geometry, Contemporary Mathematics 324, 71–90 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. J. ACM 51(4), 557–594 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Coron, J.-S., Naccache, D.: Boneh et al’s k-Element Aggregate Extraction Assumption is Equivalent to the Diffie-Hellman Assumption. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 392–397. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Goldwasser, S., Micali, S., Rivest, R.L.: A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks. SIAM J. Comput. 17(2), 281–308 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Kent, S.T., Lynn, C., Mikkelson, J., Seo, K.: Secure Border Gateway Protocol (S-BGP) - Real World Performance and Deployment Issues. NDSS. Internet Society (2000)Google Scholar
  11. 11.
    Lysyanskaya, A., Micali, S., Reyzin, L., Shacham, H.: Sequential Aggregate Signatures from Trapdoor Permutations. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 74–90. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Lu, S., Ostrovsky, R., Sahai, A., Shacham, H., Waters, B.: Sequential Aggregate Signatures and Multisignatures Without Random Oracles. In: Fuhrmann, A., Morreau, M. (eds.) The Logic of Theory Change. LNCS, vol. 465, pp. 465–485. Springer, Heidelberg (1991)Google Scholar
  13. 13.
    Lysyanskaya, A.: Unique Signatures and Verifiable Random Functions from the DH-DDH Separation. In: Guesgen, H.W., Hertzberg, J. (eds.) A Perspective of Constraint-Based Reasoning. LNCS, vol. 597, pp. 597–612. Springer, Heidelberg (1992)Google Scholar
  14. 14.
    Neven, G.: Efficient Sequential Aggregate Signed Data. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 52–69. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Rückert, M., Schröder, D.: Security of Verifiably Encrypted Signatures. Number 2009/027 in Cryptology eprint archive. (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Markus Rückert
    • 1
  • Dominique Schröder
    • 2
  1. 1.Cryptography and ComputeralgebraGermany
  2. 2.Minicrypt, TU DarmstadtGermany

Personalised recommendations