An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into a single short signature. This single signature (and the n original messages) will convince the verifier that the n users did indeed sign the n original messages (i.e., user i signed message M i for i = 1,..., n). In this paper we introduce the concept of an aggregate signature, present security models for such signatures, and give several applications for aggregate signatures. We construct an efficient aggregate signature from a recent short signature scheme based on bilinear maps due to Boneh, Lynn, and Shacham. Aggregate signatures are useful for reducing the size of certificate chains (by aggregating all signatures in the chain) and for reducing message size in secure routing protocols such as SBGP. We also show that aggregate signatures give rise to verifiably encrypted signatures. Such signatures enable the verifier to test that a given ciphertext C is the encryption of a signature on a given message M. Verifiably encrypted signatures are used in contract-signing protocols. Finally, we show that similar ideas can be used to extend the short signature scheme to give simple ring signatures.
- Signature Scheme
- Ring Signature
- Random Oracle
- Aggregate Signature
- Coin Toss
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
N. Asokan, V. Shoup, and M. Waidner. Optimistic fair exchange of digital signatures. IEEE J. Selected Areas in Comm., 18(4):593–610, April 2000.
F. Bao, R. Deng, and W. Mao. Efficient and practical fair exchange protocols with offline TTP. In Proceedings of IEEE Symposium on Security and Privacy, pages 77–85, 1998.
M. Bellare and P. Rogaway. The exact security of digital signatures: How to sign with RSA and Rabin. In Proceedings of Eurocrypt’ 96, volume 1070 of LNCS, pages 399–416. Springer-Verlag, 1996.
A. Boldyreva. Efficient threshold signature, multisignature and blind signature schemes based on the gap-Diffie-Hellman-group signature scheme. In Proceedings of PKC 2003, volume 2567 of LNCS, pages 31–46. Springer-Verlag, 2003.
D. Boneh and M. Franklin. Identity-based encryption from the Weil pairing. In Proceedings of Crypto 2001, volume 2139 of LNCS, pages 213–29. Springer-Verlag, 2001.
D. Boneh, C. Gentry, B. Lynn, and H. Shacham. Aggregate and verifiably encrypted signatures from bilinear maps. Cryptology ePrint Archive, Report 2002/175, 2002. http://eprint.iacr.org/.
D. Boneh, B. Lynn, and H. Shacham. Short signatures from the Weil pairing. In Proceedings of Asiacrypt 2001, volume 2248 of LNCS, pages 514–32. Springer-Verlag, 2001. Full paper: http://crypto.stanford.edu/~dabo/pubs.html.
Y. Dodis. Efficient construction of (distributed) verifiable random functions. In Proceedings of PKC 2003, volume 2567 of LNCS, pages 1–17. Springer-Verlag, 2003.
A. Fiat. Batch RSA. In Proceedings of Crypto’ 89, pages 175–185, 1989.
J. Garay, M. Jakobsson, and P. MacKenzie. Abuse-free optimistic contract signing. In Proceedings of Crypto’ 99, volume 1666 of LNCS, pages 449–466. Springer-Verlag, 1999.
P. Gemmel. An introduction to threshold cryptography. RSA CryptoBytes, 2(3):7–12, 1997.
R. Gennaro, T. Rabin, S. Jarecki, and H. Krawczyk. Robust and efficient sharing of RSA functions. J. Cryptology, 13(2):273–300, 2000.
C. Gentry and A. Silverberg. Hierarchical ID-based cryptography. In Proceedings of Asiacrypt 2002, volume 2501 of LNCS, pages 548–66. Springer-Verlag, 2002.
S. Goldwasser, S. Micali, and R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Computing, 17(2):281–308, 1988.
J. Horwitz and B. Lynn. Toward hierarchical identity-based encryption. In Proceedings of Eurocrypt 2002, volume 2332 of LNCS, pages 466–81. Springer-Verlag, 2002.
A. Joux. A one round protocol for tripartite Diffie-Hellman. In Proceedings of ANTS IV, volume 1838 of LNCS, pages 385–94. Springer-Verlag, 2000.
S. Kent, C. Lynn, and K. Seo. Secure border gateway protocol (Secure-BGP). IEEE J. Selected Areas in Comm., 18(4):582–92, April 2000.
A. Lysyanskaya. Unique signatures and verifiable random functions from the DHDDH separation. In Proceedings of Crypto 2002, volume 2442 of LNCS, pages 597–612. Springer-Verlag, 2002.
S. Micali, K. Ohta, and L. Reyzin. Accountable-subgroup multisignatures (extended abstract). In Proceedings of CCS 2001, pages 245–54. ACM Press, 2001.
S. Micali and R. Rivest. Transitive signature schemes. In Proceedings of RSA 2002, volume 2271 of LNCS, pages 236–43. Springer-Verlag, 2002.
A. Miyaji, M. Nakabayashi, and S. Takano. New explicit conditions of elliptic curve traces for FR-reduction. IEICE Trans. Fundamentals, E84-A(5):1234–43, May 2001.
M. Naor. Deniable ring authentication. In Proceedings of Crypto 2002, volume 2442 of LNCS, pages 481–98. Springer-Verlag, 2002.
K. Ohta and T. Okamoto. Multisignature schemes secure against active insider attacks. IEICE Trans. Fundamentals, E82-A(1):21–31, 1999.
T. Okamoto. A digital multisignature scheme using bijective public-key cryptosystems. ACM Trans. Computer Systems, 6(4):432–441, 1998.
T. Okamoto and D. Pointcheval. The gap problems: A new class of problems for the security of cryptographic primitives. In Proceedings of PKC 2001, volume 1992 of LNCS, pages 104–118. Springer-Verlag, 2001.
G. Poupard and J. Stern. Fair encryption of RSA keys. In Proceedings of Eurocrypt 2000, volume 1807 of LNCS, pages 172–89. Springer-Verlag, 2000.
R. Rivest, A. Shamir, and Y. Tauman. How to leak a secret. In Proceedings of Asiacrypt 2001, volume 2248 of LNCS, pages 552–65. Springer-Verlag, 2001.
F. Zhang and K. Kim. ID-based blind signature and ring signature from pairings. In Proceedings of Asiacrypt 2002, volume 2501 of LNCS, pages 533–47. Springer-Verlag, 2002.
Editors and Affiliations
© 2003 International Association for Cryptologic Research
About this paper
Cite this paper
Boneh, D., Gentry, C., Lynn, B., Shacham, H. (2003). Aggregate and Verifiably Encrypted Signatures from Bilinear Maps. In: Biham, E. (eds) Advances in Cryptology — EUROCRYPT 2003. EUROCRYPT 2003. Lecture Notes in Computer Science, vol 2656. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-39200-9_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-14039-9
Online ISBN: 978-3-540-39200-2
eBook Packages: Springer Book Archive