Sequential aggregate signatures with short public keys without random oracles

Kwangsu Lee, Dong Hoon Lee, Moti Yung

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

The notion of aggregate signature has been motivated by applications and it enables any user to compress different signatures signed by different signers on different messages into a short signature. Sequential aggregate signature, in turn, is a special kind of aggregate signature that only allows a signer to add his signature into an aggregate signature in sequential order. This latter scheme has applications in diversified settings such as in reducing bandwidth of certificate chains and in secure routing protocols. Lu, Ostrovsky, Sahai, Shacham, and Waters (EUROCRYPT 2006) presented the first sequential aggregate signature scheme in the standard model. The size of their public key, however, is quite large (i.e., the number of group elements is proportional to the security parameter), and therefore, they suggested as an open problem the construction of such a scheme with short keys.In this paper, we propose the first sequential aggregate signature schemes with short public keys (i.e., a constant number of group elements) in prime order (asymmetric) bilinear groups that are secure under static assumptions in the standard model. Furthermore, our schemes employ a constant number of pairing operations per message signing and message verification operation. Technically, we start with a public-key signature scheme based on the recent dual system encryption technique of Lewko and Waters (TCC 2010). This technique cannot directly provide an aggregate signature scheme since, as we observed, additional elements should be published in a public key to support aggregation. Thus, our constructions are careful augmentation techniques for the dual system technique to allow it to support sequential aggregate signature schemes. We also propose a multi-signature scheme with short public parameters in the standard model.

Original languageEnglish
Pages (from-to)100-125
Number of pages26
JournalTheoretical Computer Science
Volume579
DOIs
Publication statusPublished - 2015 May 10

Fingerprint

Random Oracle
Public key
Signature
Signature Scheme
Standard Model
Short Signature
Multisignature
Water
Augmentation
Certificate
Routing Protocol
Signed
Routing protocols
Pairing
Encryption
Cryptography
Open Problems
Aggregation
Agglomeration
Directly proportional

Keywords

  • Aggregate signature
  • Bilinear maps
  • Dual system encryption
  • Public-key signature
  • Sequential aggregate signature

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Sequential aggregate signatures with short public keys without random oracles. / Lee, Kwangsu; Lee, Dong Hoon; Yung, Moti.

In: Theoretical Computer Science, Vol. 579, 10.05.2015, p. 100-125.

Research output: Contribution to journalArticle

@article{0a0dca2ab47540969ee3939d89ef6fa4,
title = "Sequential aggregate signatures with short public keys without random oracles",
abstract = "The notion of aggregate signature has been motivated by applications and it enables any user to compress different signatures signed by different signers on different messages into a short signature. Sequential aggregate signature, in turn, is a special kind of aggregate signature that only allows a signer to add his signature into an aggregate signature in sequential order. This latter scheme has applications in diversified settings such as in reducing bandwidth of certificate chains and in secure routing protocols. Lu, Ostrovsky, Sahai, Shacham, and Waters (EUROCRYPT 2006) presented the first sequential aggregate signature scheme in the standard model. The size of their public key, however, is quite large (i.e., the number of group elements is proportional to the security parameter), and therefore, they suggested as an open problem the construction of such a scheme with short keys.In this paper, we propose the first sequential aggregate signature schemes with short public keys (i.e., a constant number of group elements) in prime order (asymmetric) bilinear groups that are secure under static assumptions in the standard model. Furthermore, our schemes employ a constant number of pairing operations per message signing and message verification operation. Technically, we start with a public-key signature scheme based on the recent dual system encryption technique of Lewko and Waters (TCC 2010). This technique cannot directly provide an aggregate signature scheme since, as we observed, additional elements should be published in a public key to support aggregation. Thus, our constructions are careful augmentation techniques for the dual system technique to allow it to support sequential aggregate signature schemes. We also propose a multi-signature scheme with short public parameters in the standard model.",
keywords = "Aggregate signature, Bilinear maps, Dual system encryption, Public-key signature, Sequential aggregate signature",
author = "Kwangsu Lee and Lee, {Dong Hoon} and Moti Yung",
year = "2015",
month = "5",
day = "10",
doi = "10.1016/j.tcs.2015.02.019",
language = "English",
volume = "579",
pages = "100--125",
journal = "Theoretical Computer Science",
issn = "0304-3975",
publisher = "Elsevier",

}

TY - JOUR

T1 - Sequential aggregate signatures with short public keys without random oracles

AU - Lee, Kwangsu

AU - Lee, Dong Hoon

AU - Yung, Moti

PY - 2015/5/10

Y1 - 2015/5/10

N2 - The notion of aggregate signature has been motivated by applications and it enables any user to compress different signatures signed by different signers on different messages into a short signature. Sequential aggregate signature, in turn, is a special kind of aggregate signature that only allows a signer to add his signature into an aggregate signature in sequential order. This latter scheme has applications in diversified settings such as in reducing bandwidth of certificate chains and in secure routing protocols. Lu, Ostrovsky, Sahai, Shacham, and Waters (EUROCRYPT 2006) presented the first sequential aggregate signature scheme in the standard model. The size of their public key, however, is quite large (i.e., the number of group elements is proportional to the security parameter), and therefore, they suggested as an open problem the construction of such a scheme with short keys.In this paper, we propose the first sequential aggregate signature schemes with short public keys (i.e., a constant number of group elements) in prime order (asymmetric) bilinear groups that are secure under static assumptions in the standard model. Furthermore, our schemes employ a constant number of pairing operations per message signing and message verification operation. Technically, we start with a public-key signature scheme based on the recent dual system encryption technique of Lewko and Waters (TCC 2010). This technique cannot directly provide an aggregate signature scheme since, as we observed, additional elements should be published in a public key to support aggregation. Thus, our constructions are careful augmentation techniques for the dual system technique to allow it to support sequential aggregate signature schemes. We also propose a multi-signature scheme with short public parameters in the standard model.

AB - The notion of aggregate signature has been motivated by applications and it enables any user to compress different signatures signed by different signers on different messages into a short signature. Sequential aggregate signature, in turn, is a special kind of aggregate signature that only allows a signer to add his signature into an aggregate signature in sequential order. This latter scheme has applications in diversified settings such as in reducing bandwidth of certificate chains and in secure routing protocols. Lu, Ostrovsky, Sahai, Shacham, and Waters (EUROCRYPT 2006) presented the first sequential aggregate signature scheme in the standard model. The size of their public key, however, is quite large (i.e., the number of group elements is proportional to the security parameter), and therefore, they suggested as an open problem the construction of such a scheme with short keys.In this paper, we propose the first sequential aggregate signature schemes with short public keys (i.e., a constant number of group elements) in prime order (asymmetric) bilinear groups that are secure under static assumptions in the standard model. Furthermore, our schemes employ a constant number of pairing operations per message signing and message verification operation. Technically, we start with a public-key signature scheme based on the recent dual system encryption technique of Lewko and Waters (TCC 2010). This technique cannot directly provide an aggregate signature scheme since, as we observed, additional elements should be published in a public key to support aggregation. Thus, our constructions are careful augmentation techniques for the dual system technique to allow it to support sequential aggregate signature schemes. We also propose a multi-signature scheme with short public parameters in the standard model.

KW - Aggregate signature

KW - Bilinear maps

KW - Dual system encryption

KW - Public-key signature

KW - Sequential aggregate signature

UR - http://www.scopus.com/inward/record.url?scp=84951845445&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84951845445&partnerID=8YFLogxK

U2 - 10.1016/j.tcs.2015.02.019

DO - 10.1016/j.tcs.2015.02.019

M3 - Article

VL - 579

SP - 100

EP - 125

JO - Theoretical Computer Science

JF - Theoretical Computer Science

SN - 0304-3975

ER -