Advertisement

Identity-Based Multi-signatures from RSA

  • Mihir Bellare
  • Gregory Neven
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4377)

Abstract

Multi-signatures allow multiple signers to jointly authenticate a message using a single compact signature. Many applications however require the public keys of the signers to be sent along with the signature, partly defeating the effect of the compact signature. Since identity strings are likely to be much shorter than randomly generated public keys, the identity-based paradigm is particularly appealing for the case of multi-signatures. In this paper, we present and prove secure an identity-based multi-signature (IBMS) scheme based on RSA, which in particular does not rely on (the rather new and untested) assumptions related to bilinear maps. We define an appropriate security notion for interactive IBMS schemes and prove the security of our scheme under the one-wayness of RSA in the random oracle model.

Keywords

Signature Scheme Random Oracle Random Oracle Model Honest Signer Signature Query 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Barr, K., Asanovic, K.: Energy aware lossless data compression. In: MobiSys 2003, pp. 231–244. ACM Press, New York (2003)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Namprempre, C., Neven, G.: Security proofs for identity-based identification and signature schemes. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 268–286. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In: ACM CCS 2006. ACM Press, New York (2006)Google Scholar
  4. 4.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM CCS 1993, pp. 62–73. ACM Press, New York (1993)CrossRefGoogle Scholar
  5. 5.
    Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the gap-Diffie-Hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 416–432. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Castelluccia, C., Jarecki, S., Kim, J., Tsudik, G.: A robust multisignatures scheme with applications to acknowledgment aggregation. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 193–207. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Castelluccia, C., Jarecki, S., Kim, J., Tsudik, G.: Secure acknowledgment aggregation and multisignatures with limited robustness. Computer Networks 50(10), 1639–1652 (2006)MATHCrossRefGoogle Scholar
  9. 9.
    Cha, J.C., Cheon, J.H.: An identity-based signature from gap Diffie-Hellman groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Cheng, X., Liu, J., Wang, X.: Identity-based aggregate and verifiably encrypted signatures from bilinear pairing. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganá, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3483, pp. 1046–1054. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Coron, J.-S.: On the exact security of full domain hash. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 229–235. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. 12.
    Dodis, Y., Katz, J., Xu, S., Yung, M.: Strong key-insulated signature schemes. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 130–144. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Feige, U., Fiat, A., Shamir, A.: Zero knowledge proofs of identity. Journal of Cryptology 1(2), 77–94 (1988)MATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  15. 15.
    Galbraith, S.D., Paterson, K.G., Smart, N.P.: Pairings for cryptographers (2006), http://eprint.iacr.org/
  16. 16.
    Galindo, D., Herranz, J., Kiltz, E.: On the generic construction of identity-based signatures with additional properties. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    Gentry, C., Ramzan, Z.: Identity-based aggregate signatures. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T.G. (eds.) PKC 2006. LNCS, vol. 3958, pp. 257–273. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Guillou, L.C., Quisquater, J.-J.: A “paradoxical” indentity-based signature scheme resulting from zero-knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 216–231. Springer, Heidelberg (1990)Google Scholar
  19. 19.
    Hess, F.: Efficient identity based signature schemes based on pairings. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 310–324. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  20. 20.
    Itakura, K., Nakamura, K.: A public-key cryptosystem suitable for digital multisignatures. NEC Research & Development 71, 1–8 (1983)Google Scholar
  21. 21.
    Joux, A.: A one round protocol for tripartite Diffie-Hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 385–394. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  22. 22.
    Lu, S., Ostrovsky, R., Sahai, A., Shacham, H., Waters, B.: Sequential aggregate signatures and multisignatures without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  23. 23.
    Lysyanskaya, A., Micali, S., Reyzin, L., Shacham, H.: Sequential aggregate signatures from trapdoor permutations. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 74–90. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  24. 24.
    Micali, S., Ohta, K., Reyzin, L.: Accountable-subgroup multisignatures. In: ACM CCS 2001, pp. 245–254. ACM Press, New York (2001)CrossRefGoogle Scholar
  25. 25.
    Ohta, K., Okamoto, T.: A modification of the Fiat-Shamir scheme. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 232–243. Springer, Heidelberg (1990)Google Scholar
  26. 26.
    Ong, H., Schnorr, C.-P.: Fast signature generation with a Fiat Shamir–like scheme. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 432–440. Springer, Heidelberg (1991)Google Scholar
  27. 27.
    Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. Journal of Cryptology 13(3), 361–396 (2000)MATHCrossRefGoogle Scholar
  28. 28.
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  29. 29.
    Yi, X.: An identity-based signature scheme from the Weil pairing. IEEE Communications Letters 7(2), 76–78 (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Mihir Bellare
    • 1
  • Gregory Neven
    • 2
  1. 1.Department of Computer Science & EngineeringUniversity of California San Diego 
  2. 2.Department of Electrical EngineeringKatholieke Universiteit Leuven and Département d’Informatique Ecole Normale Supérieure 

Personalised recommendations