Sequential Aggregate Signatures Working over Independent Homomorphic Trapdoor One-Way Permutation Domains

  • Huafei Zhu
  • Feng Bao
  • Robert H. Deng
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3783)


The contribution of this paper has two folds. In the first fold, we propose a generic construction of sequential aggregate signatures from families of certificated trapdoor one-way permutations. We show that our construction is provably secure in the random oracle model assuming that the underlying homomorphic permutations are trapdoor one-way. Compared to Lysyanskaya et al’s generic construction that is constructed from a trapdoor one-way permutation family working over the same domain [16], our scheme works over independent trapdoor one-way permutation domains. The flexible choice of the underlying permutation domains benefits our scheme to its applications in the real world where individual user may choose its working domain independently. In the second fold, we instantiate our generic construction with RSA so that the RSA moduli in our scheme can be chosen independently by individual user and thus the moduli is not required to be of the same length. Consequently, our proposed instantiation is the first scheme based on the RSA problem that works for any moduli – this is the most significant feature of our scheme different from the best results constructed from the RSA problem (say, Kawauchi et al’s scheme [14], and Lysyanskaya et al’s scheme [16]).


Homomorphic trapdoor one-way permutation sequential aggregate signature signature scheme 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Boldyreva, A.: Efficient threshold signature, multisignature and blind signature schemes based on the gap-Diffie-Hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Burmester, M., Desmedt, Y., Doi, H., Mambo, M., Okamoto, E., Tada, M., Yoshifuji, Y.: A Structured ElGamal-Type Multisignature Scheme. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 466–483. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and Verifiably Encrypted Signatures from Bilinear Maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 416–432. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Gentry, C., Lynn, B., Shacham, H.: A Survey of Two Signature Aggregation Techniques. CryptoBytes 6(2) (2003)Google Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Denning, D., Pyle, R., Ganesan, R., Sandhu, R., Ashby, V. (eds.) Proceedings of CCS 1993, pp. 62–73. ACM Press, New York (1993)CrossRefGoogle Scholar
  6. 6.
    Camenisch, J., Michels, M.: Proving in Zero-Knowledge that a Number Is the Product of Two Safe Primes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 107–122. Springer, Heidelberg (1999)Google Scholar
  7. 7.
    Coron, J.: On the Exact Security of Full Domain Hash. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 229–235. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    Doi, H., Mambo, M., Okamoto, E.: On the Security of the RSA-Based Multisignature Scheme for Various Group Structures. In: Clark, A., Boyd, C., Dawson, E.P. (eds.) ACISP 2000. LNCS, vol. 1841, pp. 352–367. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. 9.
    Doi, H., Okamoto, E., Mambo, M., Uyematsu, T.: Multisignature Scheme with Specified Order. In: Proc. of the 1994 Symposium on Cryptography and Information Security, SCIS94-2A, January 27 -29 (1994)Google Scholar
  10. 10.
    Goldwasser, S., Micali, S., Rivest, R.L.: A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks. SIAM J. Comput. 17(2), 281–308 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Horster, P., Michels, M., Petersen Meta-multisignature, H.: schemes based on the discrete logarithm problem, Information Security -the Next Decade. In: Proc. of IFIP Sec. 1995, pp. 128–142. Chapman-Hall, Boca Raton (1995)Google Scholar
  12. 12.
    Hardjono, T., Zheng, Y.: A practical digital multisignature scheme based on discrete logarithms. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 122–132. Springer, Heidelberg (1993)Google Scholar
  13. 13.
    Itakura, K., Nakamura, K.: A public key cryptographic suitable for digital multisignatures. NEC Rearch and Development (71), 1–8 (1983)Google Scholar
  14. 14.
    Kawauchi, K., Komano, Y., Ohta, K., Tada, M.: Probabilistic multi-signature schemes using a one-way trapdoor permutation. IEICE transactions on fundamentals E87-A(5), 1141–1153 (2004); Previous version: Kawauchi, K., Tada, M.: On the Extract Security of Multi-signature Schemes Based on RSA. ACISP 2003, pp. 336–349 (2003)Google Scholar
  15. 15.
    Kent, S., Lynn, C., Seo, K.: Secure Border Gateway Protocol (S-BGP). IEEE Journal on Selected Areas in Communicaitons 18(4) (April 2000)Google Scholar
  16. 16.
    Lysyanskaya, A., Micali, S., Reyzin, L., Shacham, H.: Sequential Aggregate Signatures from trapdoor one-way permutations. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 74–90. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  17. 17.
    Mitomi, S., Miyaji, A.: A general model of multisignature schemes with message flexibility, order flexibility, and order verifiability. IEICE Trans., Fundamentals E84-A(10), 2488–2499 (2001); Previous version: Mitomi, S., Miyaji, A.: A multisignature scheme with message flexibility, order flexibility and order verifiability, Information security and privacy-Proceedings of ACISP 2000. LNCS, vol. 1841, pp. 298–312. Springer, Heidelberg (2000) Google Scholar
  18. 18.
    Micali, S., Ohta, K., Reyzin, L.: Accountable-subgroup multisignatures (extended abstract). In: Proceedings of CCS 2001, pp. 245–254. ACM Press, New York (2001)CrossRefGoogle Scholar
  19. 19.
    Ohta, K., Okamoto, T.: A digital multisignature scheme based on the Fiat-Shamir scheme. In: Matsumoto, T., Imai, H., Rivest, R.L. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 139–148. Springer, Heidelberg (1993)Google Scholar
  20. 20.
    Ohta, K., Okamoto, T.: Multisignature schemes secure against active insider attacks. IEICE Trans. Fundamentals E82-A(1), 21–31 (1999)Google Scholar
  21. 21.
    Ohta, K., Okamoto, T.: Generic construction methods of multi-signature schemes. In: Proceedings of The 2001 Symposium on Cryptography and Information Security (SCIS 2001), vol. I, pp. 31–36 (2001)Google Scholar
  22. 22.
    Okamoto, T.: A digital multisignature scheme using bijective public-key cryptosystems. ACM Trans. Computer Systems 6(4), 432–441 (1988)CrossRefGoogle Scholar
  23. 23.
    Rivest, R., Shamir, A., Adleman, L.M.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  24. 24.
    Shimbo, A.: Multisignature Schemes Based on the ElGamal Scheme. In: Proc. of The 1994 Symposium on Cryptography and Information Security, January 27 - 29 (1994)Google Scholar
  25. 25.
    Tada, M.: A secure multisignature scheme with signing order Verifiability. IEICE transactions on fundamentals E86-A(1), 73–88 (2003); Previous version: M. Tada: An Order-Specified Multisignature Scheme Secure against Active Insider Attacks. In: ACISP 2002, pp. 328–345 (2002)MathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Huafei Zhu
    • 1
  • Feng Bao
    • 1
  • Robert H. Deng
    • 2
  1. 1.Department of Information SecurityI2R, A-StarSingapore
  2. 2.School of Information SystemsSingapore Management University 

Personalised recommendations