Abstract
Motivated by applications in anonymous reputation systems and blockchain governance, we initiate the study of predicate aggregate signatures (PAS), which is a new primitive that enables users to sign multiple messages, and these individual signatures can be aggregated by a combiner, preserving the anonymity of the signers. The resulting PAS discloses only a brief description of signers for each message and provides assurance that both the signers and their description satisfy the specified public predicate.
We formally define PAS and give a construction framework to yield a logarithmic size signature, and further reduce the verification time also to logarithmic. We also give several instantiations for several concrete predicates that may be of independent interest.
To showcase its power, we also demonstrate its applications to multiple settings including multi-signatures, aggregate signatures, threshold signatures, (threshold) ring signatures, attribute-based signatures, etc, and advance the state of the art in all of them.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
There are also other types of rating systems, such as Uber/Airbnb, that are based on accumulation on each transaction, so each user may rate on the same service provider more than once. We only consider the common version as a motivational example for our primitive.
- 2.
They are a kind of special threshold signature that supports the dynamic choice of thresholds for each time of signature generation.
- 3.
In later, we would use the dynamic threshold as an example of the description. It reveals the number of users who have signed on the message. We choose it as the example for three reasons: (1) For a simpler presentation that shows how we can get our final construction step by step; (2) the dynamic threshold is a natural feature of our motivated anonymous reputation system; (3) the dynamic threshold aggregate signature itself might be of independent interests, and indeed it already advances the state of the art of several relevant signatures.
- 4.
We pad ‘zeros’ in \(\boldsymbol{v}_1,\boldsymbol{v}_2\) since the dimension of commitment keys for \(\mathcal {L}_{\textsf{IPP}}\) is 2kn, which is a power of 2.
- 5.
Our dynamic threshold aggregate signature with transparent setup also offers a solution for multiverse threshold signature (MTS) [8]. For any subset of users interested in forming a universe with a specific threshold, the aggregation and verification keys can be computed from their public keys. Then run the \(\textsf{Combine}\) algorithm to get a PAS signature with the number of signers.
References
Quadratic moloch (2019). https://github.com/DemocracyEarth/dao
Quadratic voting in colorado: 2020, January 2021. https://www.radicalxchange.org/media/blog/quadratic-voting-in-colorado-2020/
Erc721 voting-power based on some property, February 2022. https://forum.openzeppelin.com/t/erc721-voting-power-based-on-some-property/24550
Daos (2023). https://ethereum.org/en/dao/
How to delegate votes in the unlock dao, May 2023. https://unlock-protocol.com/guides/delegation/
Abe, M., Fuchsbauer, G., Groth, J., Haralambiev, K., Ohkubo, M.: Structure-preserving signatures and commitments to group elements. J. Cryptol. 29, 363–421 (2016)
Attema, T., Cramer, R., Rambaud, M.: Compressed \(\sigma \)-protocols for bilinear group arithmetic circuits and application to logarithmic transparent threshold signatures. In: Advances in Cryptology-ASIACRYPT 2021: 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6–10, 2021, Proceedings, Part IV, pp. 526–556. Springer (2021)
Baird, L., et al.: Threshold signatures in the multiverse. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 2057–2073. IEEE Computer Society (2023)
Bellare, M., Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 390–399 (2006)
Bethencourt, J., Shi, E., Song, D.: Signatures of reputation. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 400–407. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14577-3_35
Blömer, J., Bobolz, J., Porzenheim, L.: A generic construction of an anonymous reputation system and instantiations from lattices. Cryptology ePrint Archive (2023)
Blömer, J., Juhnke, J., Kolb, C.: Anonymous and publicly linkable reputation systems. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 478–488. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47854-7_29
Boneh, D., Drijvers, M., Neven, G.: Compact multi-signatures for smaller blockchains. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 435–464. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03329-3_15
Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 416–432. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_26
Boneh, D., Komlo, C.: Threshold signatures with private accountability. In: Advances in Cryptology-CRYPTO 2022: 42nd Annual International Cryptology Conference, CRYPTO 2022, Santa Barbara, CA, USA, August 15–18, 2022, Proceedings, Part IV, pp. 551–581. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15985-5_19
Bootle, J., Cerulli, A., Chaidos, P., Groth, J., Petit, C.: Efficient zero-knowledge arguments for arithmetic circuits in the discrete log setting. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 327–357. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_12
Bootle, J., Elkhiyaoui, K., Hesse, J., Manevich, Y.: Dualdory: logarithmic-verifier linkable ring signatures through preprocessing. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds.) ESORICS 2022, Part II. LNCS, vol. 13555, pp. 427–446. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-17146-8_21
Bresson, E., Stern, J., Szydlo, M.: Threshold ring signatures and applications to ad-hoc groups. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 465–480. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_30
Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 315–334. IEEE, San Francisco, CA, May 2018. https://doi.org/10.1109/SP.2018.00020. https://ieeexplore.ieee.org/document/8418611/
Chaidos, P., Kiayias, A.: Mithril: Stake-based threshold multisignatures. Cryptology ePrint Archive (2021)
Chow, S.S., Ma, J.P., Yuen, T.H.: Scored anonymous credentials. In: International Conference on Applied Cryptography and Network Security. pp. 484–515. Springer (2023)
Das, S., Camacho, P., Xiang, Z., Nieto, J., Bunz, B., Ren, L.: Threshold signatures from inner product argument: Succinct, weighted, and multi-threshold. Cryptology ePrint Archive (2023)
Daza, V., Ràfols, C., Zacharakis, A.: Updateable inner product argument with logarithmic verifier and applications. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020. LNCS, vol. 12110, pp. 527–557. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45374-9_18
El Kaafarani, A., Katsumata, S., Solomon, R.: Anonymous reputation systems achieving full dynamicity from lattices. In: Meiklejohn, S., Sako, K. (eds.) FC 2018. LNCS, vol. 10957, pp. 388–406. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-662-58387-6_21
Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12
Fuchsbauer, G., Kiltz, E., Loss, J.: The algebraic group model and its applications. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 33–62. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_2
Garg, S., Jain, A., Mukherjee, P., Sinha, R., Wang, M., Zhang, Y.: hints: Threshold signatures with silent setup. Cryptology ePrint Archive (2023)
Kiayias, A., Osmanoglu, M., Tang, Q.: Graded signatures. In: Lopez, J., Mitchell, C.J. (eds.) ISC 2015. LNCS, vol. 9290, pp. 61–80. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-23318-5_4
Lai, R.W.F., Tai, R.K.H., Wong, H.W.H., Chow, S.S.M.: Multi-key homomorphic signatures unforgeable under insider corruption. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11273, pp. 465–492. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03329-3_16
Lee, J.: Dory: efficient, transparent arguments for generalised inner products and polynomial commitments. In: Nissim, K., Waters, B. (eds.) TCC 2021. LNCS, vol. 13043, pp. 1–34. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-90453-1_1
Liu, J.K., Wei, V.K., Wong, D.S.: Linkable spontaneous anonymous group signature for ad hoc groups. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 325–335. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-27800-9_28
Maji, H.K., Prabhakaran, M., Rosulek, M.: Attribute-based signatures. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 376–392. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19074-2_24
Micali, S., Reyzin, L., Vlachos, G., Wahby, R.S., Zeldovich, N.: Compact certificates of collective knowledge. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 626–641. IEEE (2021)
Ristenpart, T., Yilek, S.: The Power of Proofs-of-Possession: Securing Multiparty Signatures against Rogue-Key Attacks. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 228–245. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72540-4_13
Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret: theory and applications of ring signatures. Essays Memory Shimon Even 3895, 164–186 (2006)
Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_22
Shoup, V.: Practical threshold signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_15
Zhandry, M.: To label, or not to label (in generic groups). In: Advances in Cryptology-CRYPTO 2022: 42nd Annual International Cryptology Conference, CRYPTO 2022, Santa Barbara, CA, USA, August 15–18, 2022, Proceedings, Part III, pp. 66–96. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15982-4_3
Acknowledgments
We would like to thank anonymous reviewers of ASIACRYPT 2023 for their insightful feedbacks. We thank Dr. Hanwen Feng for valuable suggestions. This work was supported in part by research awards from Stellar Development Foundation, Ethereum Foundation, Protocol Labs, SOAR Prize and Digital Science Initiative Pilot Project from USYD.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Qiu, T., Tang, Q. (2023). Predicate Aggregate Signatures and Applications. In: Guo, J., Steinfeld, R. (eds) Advances in Cryptology – ASIACRYPT 2023. ASIACRYPT 2023. Lecture Notes in Computer Science, vol 14439. Springer, Singapore. https://doi.org/10.1007/978-981-99-8724-5_9
Download citation
DOI: https://doi.org/10.1007/978-981-99-8724-5_9
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-8723-8
Online ISBN: 978-981-99-8724-5
eBook Packages: Computer ScienceComputer Science (R0)