Sequential Aggregate Signatures and Multisignatures Without Random Oracles

  • Steve Lu
  • Rafail Ostrovsky
  • Amit Sahai
  • Hovav Shacham
  • Brent Waters
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4004)


We present the first aggregate signature, the first multisignature, and the first verifiably encrypted signature provably secure without random oracles. Our constructions derive from a novel application of a recent signature scheme due to Waters. Signatures in our aggregate signature scheme are sequentially constructed, but knowledge of the order in which messages were signed is not necessary for verification. The aggregate signatures obtained are shorter than Lysyanskaya et al. sequential aggregates and can be verified more efficiently than Boneh et al. aggregates. We also consider applications to secure routing and proxy signatures.


Signature Scheme Random Oracle Proxy Signature Aggregate Signature Signing Query 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Asokan, N., Shoup, V., Waidner, M.: Optimistic fair exchange of digital signatures. IEEE J. Selected Areas in Comm. 18(4), 593–610 (2000)CrossRefMATHGoogle Scholar
  2. 2.
    Bao, F., Deng, R., Mao, W.: Efficient and practical fair exchange protocols with offline TTP. In: Karger, P., Gong, L. (eds.) Proceedings of IEEE Security & Privacy, pp. 77–85 (May 1998)Google Scholar
  3. 3.
    Barreto, P., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: Formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614–629. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Bender, A., Katz, J., Morselli, R.: Ring signatures: Stronger definitions, and constructions without random oracles. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 60–79. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Boldyreva, A.: Threshold signature, multisignature and blind signature schemes based on the gap-Diffie-Hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Boldyreva, A., Palacio, A., Warinschi, B.: Secure proxy signature schemes for delegation of signing rights. Cryptology ePrint Archive, Report 2003/096 (2003),
  8. 8.
    Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 416–432. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the Weil pairing. J. Cryptology 17(4), 297–319 (2004) (extended abstract in Proceedings of Asiacrypt 2001)MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. J. ACM 51(4), 557–594 (2004)MathSciNetCrossRefMATHGoogle Scholar
  11. 11.
    Chatterjee, S., Sarkar, P.: Trading time for space: Towards an efficient IBE scheme with short(er) public parameters in the standard model. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 424–440. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Coron, J.-S., Naccache, D.: Boneh et al.’s k-element aggregate extraction assumption is equivalent to the Diffie-Hellman assumption. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 392–397. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Galbraith, S.: Pairings. In: Blake, I.F., Seroussi, G., Smart, N. (eds.) Advances in Elliptic Curve Cryptography. London Mathematical Society Lecture Notes, vol. ch. IX, vol. 317, pp. 183–213. Cambridge University Press, Cambridge (2005)CrossRefGoogle Scholar
  14. 14.
    Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Computing 17(2), 281–308 (1988)MathSciNetCrossRefMATHGoogle Scholar
  15. 15.
    Groth, J., Ostrovsky, R., Sahai, A.: Perfect non-interactive zero knowledge for NP. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 339–358. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  16. 16.
    Hayashi, R., Okamoto, T., Tanaka, K.: An RSA family of trap-door permutations with a common domain and its applications. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 291–304. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  17. 17.
    Itakura, K., Nakamura, K.: A public-key cryptosystem suitable for digital multisignatures. NEC J. Res. & Dev. 71, 1–8 (1983)Google Scholar
  18. 18.
    Kent, S., Lynn, C., Seo, K.: Secure border gateway protocol (Secure-BGP). IEEE J. Selected Areas in Comm. 18(4), 582–592 (2000)CrossRefGoogle Scholar
  19. 19.
    Koblitz, N., Menezes, A.: Pairing-based cryptography at high security levels. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 13–36. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. 20.
    Lysyanskaya, A., Micali, S., Reyzin, L., Shacham, H.: Sequential aggregate signatures from trapdoor permutations. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 74–90. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  21. 21.
    Mambo, M., Usuda, K., Okamoto, E.: Proxy signatures for delegating signing operation. In: Gong, L., Stearn, J. (eds.) Proceedings of CCS 1996, pp. 48–57. ACM Press, New York (1996)Google Scholar
  22. 22.
    Micali, S., Ohta, K., Reyzin, L.: Accountable-subgroup multisignatures (extended abstract). In: Samarati, P. (ed.) Proceedings of CCS 2001, pp. 245–254. ACM Press, New York (2001)Google Scholar
  23. 23.
    Naccache, D.: Secure and practical identity-based encryption. Cryptology ePrint Archive, Report 2005/369 (2005),
  24. 24.
    Nicol, D., Smith, S., Zhao, M.: Evaluation of efficient security for BGP route announcements using parallel simulation. Simulation Modelling Practice and Theory 12, 187–216 (2004)CrossRefGoogle Scholar
  25. 25.
    Ohta, K., Okamoto, T.: Multisignature schemes secure against active insider attacks. IEICE Trans. Fundamentals E82-A(1), 21–31 (1999)Google Scholar
  26. 26.
    Okamoto, T.: A digital multisignature scheme using bijective public-key cryptosystems. ACM Trans. Computer Systems 6(4), 432–441 (1988)CrossRefMATHGoogle Scholar
  27. 27.
    Paterson, K.: Cryptography from pairings. In: Blake, I.F., Seroussi, G., Smart, N. (eds.) Advances in Elliptic Curve Cryptography. London Mathematical Society Lecture Notes, ch. X, vol. 317, pp. 215–251. Cambridge University Press, Cambridge (2005)CrossRefGoogle Scholar
  28. 28.
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Steve Lu
    • 1
  • Rafail Ostrovsky
    • 1
  • Amit Sahai
    • 1
  • Hovav Shacham
    • 2
  • Brent Waters
    • 3
  1. 1.UCLAUSA
  2. 2.Weizmann Institute of ScienceIsrael
  3. 3.SRI InternationalUSA

Personalised recommendations