Multisignatures Using Proofs of Secret Key Possession, as Secure as the Diffie-Hellman Problem

  • Ali Bagherzandi
  • Stanisław Jarecki
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5229)


A multisignature scheme allows a group of n players to produce a short string which is equivalent to n separate signatures on the same message. Assuming the Random Oracle Model (ROM), the aggregate signature schemes of Boneh et al. [BGLS03] and Bellare and Neven [BN06] provide multisignatures secure in the standard public key setting, but their multisignature verification algorithms involve respectively O(n) bilinear maps and O(n) exponentiations. Ristenpart and Yilek [RY07] recently showed two multisignature schemes relying on groups with bilinear maps, with just O(1) bilinear maps in multisignature verification, which are secure if each public key is accompanied by so-called “proof of (secret key) possession” (POP). We show how to achieve secure multisignatures in the POP model using any group where CDH or DDH problems are hard. Both schemes have multisignature verification with O(1) exponentiations, and their POP messages take O(1) group elements and require O(1) exponentiations to verify. Moreover, the security of the proposed schemes is tightly related to the CDH and DDH problems, in ROM.


Signature Scheme Random Oracle Model Signature Query Multisignature Scheme Hash Query 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BGLS03]
    Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 416–432. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. [BJ08]
    Bagherzandi, A., Jarecki, S.: Multisignatures using proofs of secret key possession, as secure as the diffie-hellman problem. ePrint Archive (2008)Google Scholar
  3. [BLS04]
    Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. J. Cryptology 17(4), 297–319 (2004)zbMATHCrossRefMathSciNetGoogle Scholar
  4. [BN06]
    Bellare, M., Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In: ACM Conference on Computer and Communications Security, pp. 390–399 (2006)Google Scholar
  5. [BNN07]
    Bellare, M., Namprempre, C., Neven, G.: Unrestricted aggregate signatures. In: Arge, L., Cachin, C., Jurdziński, T., Tarlecki, A. (eds.) ICALP 2007. LNCS, vol. 4596, pp. 411–422. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. [Bol03]
    Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the gap-diffie-hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. [Bon98]
    Boneh, D.: The decision diffie-hellman problem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 48–63. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  8. [Fis05]
    Fischlin, M.: Communication-efficient non-interactive proofs of knowledge with online extractors. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 152–168. Springer, Heidelberg (2005)Google Scholar
  9. [GJ03]
    Goh, E.-J., Jarecki, S.: A signature scheme as secure as the diffie-hellman problem. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 401–415. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. [Har94]
    Harn, L.: Group-oriented (t,n) threshold digital signature scheme and digital multisignature. In: IEEE Proceedings on Computers and Digital Techniques, vol. 141(5), pp. 307–313 (1994)Google Scholar
  11. [KW03]
    Katz, J., Wang, N.: Efficiency improvements for signature schemes with tight security reductions. In: ACM Conference on Computer and Communications Security, pp. 155–164 (2003)Google Scholar
  12. [LHL94]
    Li, C.-M., Hwang, T., Lee, N.-Y.: Threshold-multisignature schemes where suspected forgery implies traceability of adversarial shareholders. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 194–204. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  13. [LOS+06]
    Lu, S., Ostrovsky, R., Sahai, A., Shacham, H., Waters, B.: Sequential aggregate signatures and multisignatures without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 465–485. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. [MOR01]
    Micali, S., Ohta, K., Reyzin, L.: Accountable-subgroup multisignatures: extended abstract. In: ACM Conference on Computer and Communications Security, pp. 245–254 (2001)Google Scholar
  15. [MW99]
    Maurer, U.M., Wolf, S.: The relationship between breaking the diffie-hellman protocol and computing discrete logarithms. SIAM J. Comput. 28(5), 1689–1721 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  16. [MW00]
    Maurer, U.M., Wolf, S.: The diffie-hellman protocol. Des. Codes Cryptography 19(2/3), 147–171 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  17. [OO91]
    Ohta, K., Okamoto, T.: A digital multisignature scheme based on the fiat-shamir scheme. In: Matsumoto, T., Imai, H., Rivest, R.L. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 139–148. Springer, Heidelberg (1993)Google Scholar
  18. [OO99]
    Ohta, K., Okamoto, T.: Multisignature schemes secure against active insider attacks. IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences E82-A(1), 21–31 (1999)Google Scholar
  19. [PKC00]
    PKCS#10. Certification request syntax standard. In: RSA Data Security, Inc. (2000)Google Scholar
  20. [PS00]
    Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptology 13(3), 361–396 (2000)zbMATHCrossRefGoogle Scholar
  21. [RY07]
    Ristenpart, T., Yilek, S.: The power of proofs-of-possession: Securing multiparty signatures against rogue-key attacks. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 228–245. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  22. [Sho00]
    Shoup, V.: Practical threshold signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Ali Bagherzandi
    • 1
  • Stanisław Jarecki
    • 1
  1. 1.Department of Computer ScienceUniversity of CaliforniaIrvine

Personalised recommendations