Non-interactive multisignatures in the plain public-key model with efficient verification

Multisignatures extend standard digital signatures to allow an ad hoc set of users to jointly sign a message. Multisignature schemes are often evaluated from the following perspectives: (1) the cryptographic assumptions underlying the schemes; (2) the operational assumptions about the bootstrapping of the schemes in practice; (3) the number of communication rounds for signing a message; (4) the time complexity for signing a message; (5) the amount of communication for signing a message; (6) the time complexity for verifying a multisignature; (7) the length of the resulting multisignatures. Existing multisignature schemes achieve various trade-offs among these measures, but none of them can achieve simultaneously the desired properties with respect to all (or even most) of these measures. In this paper, we present a novel multisignature scheme that offers desired properties with respect to the above (1)-(7) simultaneously, except that it uses random oracles (which however are often required in order to design practical schemes). In particular, our scheme is featured by its weak operational (i.e., plain public-key) model, non-interactive signing, and efficient verification.

[1]  Jung Hee Cheon,et al.  Multisignatures secure under the discrete logarithm assumption and a generalized forking lemma , 2008, CCS.

[2]  Gene Tsudik,et al.  A Robust Multisignatures Scheme with Applications to Acknowledgment Aggregation , 2004, SCN.

[3]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[4]  Thomas Ristenpart,et al.  The Power of Proofs-of-Possession: Securing Multiparty Signatures against Rogue-Key Attacks , 2007, EUROCRYPT.

[5]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[6]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[7]  Krste Asanovic,et al.  Energy-aware lossless data compression , 2006, TOCS.

[8]  Robert H. Deng,et al.  Efficient discrete logarithm based multi-signature scheme in the plain public key model , 2010, Des. Codes Cryptogr..

[9]  Gene Tsudik,et al.  Secure acknowledgment aggregation and multisignatures with limited robustness , 2006, Comput. Networks.

[10]  Alexandra Boldyreva,et al.  Efficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme , 2002 .

[11]  Hovav Shacham,et al.  Sequential Aggregate Signatures from Trapdoor Permutations , 2004, EUROCRYPT.

[12]  Rafail Ostrovsky,et al.  Sequential Aggregate Signatures and Multisignatures Without Random Oracles , 2006, EUROCRYPT.

[13]  K. Itakura,et al.  A public-key cryptosystem suitable for digital multisignatures , 1983 .

[14]  Duc-Phong Le,et al.  Multisignatures as Secure as the Diffie-Hellman Problem in the Plain Public-Key Model , 2009, Pairing.

[15]  Mihir Bellare,et al.  Multi-signatures in the plain public-Key model and a general forking lemma , 2006, CCS '06.

[16]  Chanathip Namprempre,et al.  Unrestricted Aggregate Signatures , 2007, ICALP.

[17]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[18]  Stanislaw Jarecki,et al.  Multisignatures Using Proofs of Secret Key Possession, as Secure as the Diffie-Hellman Problem , 2008, SCN.

[19]  Tatsuaki Okamoto,et al.  A digital multisignature scheme using bijective public-key cryptosystems , 1988, TOCS.

[20]  Roberto Maria Avanzi The Complexity of Certain Multi-Exponentiation Techniques in Cryptography , 2004, Journal of Cryptology.

[21]  Silvio Micali,et al.  Accountable-subgroup multisignatures: extended abstract , 2001, CCS '01.

[22]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[23]  Bodo Möller Algorithms for Multi-exponentiation , 2001, Selected Areas in Cryptography.