Multisignature Scheme Based on Discrete Logarithms in the Plain Public Key Model

In this paper, we propose a new multisignature scheme based on discrete logarithms. We show that this new scheme can resist existential forgeries against adaptive chosen-message attacks in the random oracle model. The main contribution is that our security model gets rid of the special security requirement on the generation of the signers’ public keys. Adversaries are not required to reveal private keys corresponding to the public keys of its choice to the challenger in attack games. Thus the new multisignature scheme does not suffer from the problem identified by Micali et al., which is shared by many current multisignature schemes. Moreover, if the joint public key of a group of signers in this multisignature scheme is precomputed, the proposed multisignature scheme is optimal. Povzetek: Opisana je shema podpisov za zascito javnih kljucev.

[1]  Thomas Ristenpart,et al.  The Power of Proofs-of-Possession: Securing Multiparty Signatures against Rogue-Key Attacks , 2007, EUROCRYPT.

[2]  Jim Schaad,et al.  Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF) , 2005, RFC.

[3]  Stephen Farrell,et al.  Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP) , 2005, RFC.

[4]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[5]  Narn-Yih Lee,et al.  Threshold-Multisignature Schemes where Suspected Forgery Implies Traceability of Adversarial Shareholders , 1994, EUROCRYPT.

[6]  Zuhua Shao Dynamic and efficient joint encryption scheme in the plain public key model , 2009, Comput. Electr. Eng..

[7]  Lein Harn,et al.  Digital multisignature with distinguished signing authorities , 1999 .

[8]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[9]  Mihir Bellare,et al.  Multi-signatures in the plain public-Key model and a general forking lemma , 2006, CCS '06.

[10]  Silvio Micali,et al.  Improving the exact security of digital signature schemes , 2001, Journal of Cryptology.

[11]  Zuhua Shao,et al.  Self-certified signature scheme from pairings , 2007, J. Syst. Softw..

[12]  L. Harn Group-oriented (t, n) threshold digital signature scheme and digital multisignature , 1994 .

[13]  Rafail Ostrovsky,et al.  Sequential Aggregate Signatures and Multisignatures Without Random Oracles , 2006, EUROCRYPT.

[14]  Yvo Desmedt,et al.  Society and Group Oriented Cryptography: A New Concept , 1987, CRYPTO.

[15]  Silvio Micali,et al.  Accountable-subgroup multisignatures: extended abstract , 2001, CCS '01.

[16]  Stephen Farrell,et al.  Internet X.509 Public Key Infrastructure Certificate Management Protocols , 1999, RFC.

[17]  Min-Shiang Hwang,et al.  A New Digital Multisignature Scheme With Distinguished Signing Authorities , 2003, J. Inf. Sci. Eng..

[18]  K. Ohta,et al.  Multi-Signature Schemes Secure against Active Insider Attacks (Special Section on Cryptography and Information Security) , 1999 .

[19]  Alexandra Boldyreva,et al.  Efficient threshold signature , multisignature and blind signature schemes based on the Gap-Diffie-Hellman-group signature scheme , 2002 .

[20]  Alexandra Boldyreva,et al.  Efficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme , 2002 .

[21]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[22]  K. Itakura,et al.  A public-key cryptosystem suitable for digital multisignatures , 1983 .

[23]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure - Certificate Image , 2011, RFC.

[24]  Zuhua Shao,et al.  Self-certified Signatures Based on Discrete Logarithms , 2007, WAIFI.