Sequential Aggregate Signatures, Multisignatures, and Verifiably Encrypted Signatures Without Random Oracles

We present the first aggregate signature, the first multisignature, and the first verifiably encrypted signature provably secure without random oracles. Our constructions derive from a novel application of a recent signature scheme due to Waters. Signatures in our aggregate signature scheme are sequentially constructed, but knowledge of the order in which messages were signed is not necessary for verification. The aggregate signatures obtained are shorter than Lysyanskaya et al.’s sequential aggregates and can be verified more efficiently than Boneh et al.’s aggregates. We also consider applications to secure routing and proxy signatures.

[1]  Gregory Neven,et al.  Efficient Sequential Aggregate Signed Data , 2008, IEEE Transactions on Information Theory.

[2]  Florian Hess,et al.  On the security of the verifiably-encrypted signature scheme of Boneh, Gentry, Lynn and Shacham , 2004, Inf. Process. Lett..

[3]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[4]  K. Ohta,et al.  Multi-Signature Schemes Secure against Active Insider Attacks (Special Section on Cryptography and Information Security) , 1999 .

[5]  Charles Lynn,et al.  Secure Border Gateway Protocol (Secure-BGP) , 2000 .

[6]  Alfred Menezes,et al.  Pairing-Based Cryptography at High Security Levels , 2005, IMACC.

[7]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[8]  Dona Schwartz Pairings , 2010 .

[9]  Kenneth G. Paterson,et al.  Efficient Identity-Based Signatures Secure in the Standard Model , 2006, ACISP.

[10]  David Naccache,et al.  Secure and Practical Identity-based Encryption , 2005 .

[11]  Hovav Shacham,et al.  New paradigms in signature schemes , 2005 .

[12]  Sean W. Smith,et al.  Evaluation of efficient security for BGP route announcements using parallel simulation , 2004, Simul. Model. Pract. Theory.

[13]  Alexandra Boldyreva,et al.  Efficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme , 2002 .

[14]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[15]  K. Paterson Advances in Elliptic Curve Cryptography: Cryptography from Pairings , 2005 .

[16]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[17]  Robert H. Deng,et al.  Efficient and practical fair exchange protocols with off-line TTP , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[18]  Hovav Shacham,et al.  Sequential Aggregate Signatures from Trapdoor Permutations , 2004, EUROCRYPT.

[19]  Sanjit Chatterjee,et al.  Trading Time for Space: Towards an Efficient IBE Scheme with Short(er) Public Parameters in the Standard Model , 2005, ICISC.

[20]  N. Asokan,et al.  Optimistic fair exchange of digital signatures , 1998, IEEE Journal on Selected Areas in Communications.

[21]  Chanathip Namprempre,et al.  Security Proofs for Identity-Based Identification and Signature Schemes , 2008, Journal of Cryptology.

[22]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[23]  Silvio Micali,et al.  Accountable-subgroup multisignatures: extended abstract , 2001, CCS '01.

[24]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[25]  Eiji Okamoto,et al.  Proxy signatures for delegating signing operation , 1996, CCS '96.

[26]  Gene Tsudik,et al.  Signature Bouquets: Immutability for Aggregated/Condensed Signatures , 2004, ESORICS.

[27]  Sanjit Chatterjee,et al.  On cryptographic protocols employing asymmetric pairings - The role of Ψ revisited , 2011, Discret. Appl. Math..

[28]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[29]  Thomas Ristenpart,et al.  The Power of Proofs-of-Possession: Securing Multiparty Signatures against Rogue-Key Attacks , 2007, EUROCRYPT.

[30]  S. Galbraith,et al.  Advances in Elliptic Curve Cryptography: Pairings , 2005 .

[31]  Jean-Sébastien Coron,et al.  Boneh et al.'s k-Element Aggregate Extraction Assumption Is Equivalent to the Diffie-Hellman Assumption , 2003, ASIACRYPT.

[32]  Mihir Bellare,et al.  Simulation without the Artificial Abort: Simplified Proof and Improved Concrete Security for Waters' IBE Scheme , 2009, EUROCRYPT.

[33]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[34]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[35]  K. Itakura,et al.  A public-key cryptosystem suitable for digital multisignatures , 1983 .

[36]  Rafail Ostrovsky,et al.  Sequential Aggregate Signatures and Multisignatures Without Random Oracles , 2006, EUROCRYPT.

[37]  Keisuke Tanaka,et al.  An RSA Family of Trap-Door Permutations with a Common Domain and Its Applications , 2004, Public Key Cryptography.

[38]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[39]  Chanathip Namprempre,et al.  Unrestricted Aggregate Signatures , 2007, ICALP.

[40]  Kenneth G. Paterson,et al.  Cryptography from Pairings: A Snapshot of Current Research , 2008 .

[41]  Markus Rückert,et al.  Security of Verifiably Encrypted Signatures and a Construction without Random Oracles , 2009, Pairing.

[42]  Tatsuaki Okamoto,et al.  A digital multisignature scheme using bijective public-key cryptosystems , 1988, TOCS.

[43]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[44]  Bennian Dou,et al.  On the Security of the Verifiably Encrypted Signature Scheme of Boneh, Gentry, Lynn and Shacham Revisited , 2013, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[45]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[46]  Javier Herranz,et al.  On the Generic Construction of Identity-Based Signatures with Additional Properties , 2006, ASIACRYPT.

[47]  Rafail Ostrovsky,et al.  Perfect Non-Interactive Zero Knowledge for NP , 2006, IACR Cryptol. ePrint Arch..

[48]  Ian F. Blake,et al.  Advances in Elliptic Curve Cryptography: Frontmatter , 2005 .

[49]  Bogdan Warinschi,et al.  Secure Proxy Signature Schemes for Delegation of Signing Rights , 2010, Journal of Cryptology.