Identity-Based Multisignature with Message Recovery

We present a new notion of short identity-based multisignature scheme with message recovery. We propose a concrete identity-based multisignature with message recovery scheme based on bilinear pairing in which multiple signers can generate a constant size multisignature on same message regardless of the number of signers. There is no requirement to transmit the original message to the verifier, since the original message can be recovered from the multisignature. Therefore, this scheme minimizes the total length of the original message and the appended multisignature. The proposed scheme is proven to be existentially unforgeable against adaptively chosen message attacks in the random oracle model under the assumption that the Computational Diffie-Hellman problem is hard.

[1]  Silvio Micali,et al.  Accountable-subgroup multisignatures: extended abstract , 2001, CCS '01.

[2]  Shafi Goldwasser,et al.  Advances in Cryptology — CRYPTO’ 88: Proceedings , 1990, Lecture Notes in Computer Science.

[3]  Ashutosh Saxena,et al.  Identity Based Multisignatures , 2006, Informatica.

[4]  K. Itakura,et al.  A public-key cryptosystem suitable for digital multisignatures , 1983 .

[5]  Jung Hee Cheon,et al.  An Identity-Based Signature from Gap Diffie-Hellman Groups , 2003, Public Key Cryptography.

[6]  Yvo Desmedt Public Key Cryptography — PKC 2003 , 2002, Lecture Notes in Computer Science.

[7]  S. Micali,et al.  Accountable-Subgroup Multisignatures , 2001 .

[8]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[9]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[10]  Rainer A. Rueppel,et al.  A new signature scheme based on the DSA giving message recovery , 1993, CCS '93.

[11]  Lein Harn,et al.  Efficient identity-based RSA multisignatures , 2008, Comput. Secur..

[12]  Andrew Odlyzko,et al.  Advances in Cryptology — CRYPTO’ 86 , 2000, Lecture Notes in Computer Science.

[13]  Walter M. Lioen,et al.  Factorization of RSA-140 Using the Number Field Sieve , 1999, CRYPTO 1999.

[14]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[15]  Tatsuaki Okamoto,et al.  A Signature Scheme with Message Recovery as Secure as Discrete Logarithm , 1999, ASIACRYPT.

[16]  Florian Hess,et al.  Efficient Identity Based Signature Schemes Based on Pairings , 2002, Selected Areas in Cryptography.

[17]  Jean-Jacques Quisquater,et al.  A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge , 1988, CRYPTO.

[18]  Aggelos Kiayias,et al.  BiTR: Built-in Tamper Resilience , 2011, IACR Cryptol. ePrint Arch..

[19]  Yi Mu,et al.  Identity-Based Partial Message Recovery Signatures (or How to Shorten ID-Based Signatures) , 2005, Financial Cryptography.

[20]  Alexandra Boldyreva,et al.  Efficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme , 2002 .

[21]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[22]  K. Ohta,et al.  Multi-Signature Schemes Secure against Active Insider Attacks (Special Section on Cryptography and Information Security) , 1999 .