Tightly-Secure Identity-Based Structured Aggregate Signature Scheme under the Computational Diffie-Hellman Assumption

An aggregate signature scheme is a primitive whereby each signer signs an individual document and combines them to compress data size. We propose an aggregate signature scheme which is an extension in two standpoints of structured signatures and ID-based signatures, i.e., we construct an identity-based structured aggregate signature scheme. The proposed scheme is expected to be used with consumer-generated media services. We prove the security of the proposed scheme with tight reduction under the computational Diffie-Hellman (CDH) assumption in the random oracle model. Tight reduction means that the cost of a reduction algorithm is independent of an adversary's capability, i.e., security is not downgraded by the adversary's capability. To the best of our knowledge, no structured signature scheme with tight reduction has been proposed to date because it contains complicated structures that make the reduction inefficient. Note that the security of our scheme captures the switching attack (CCS 2007, Boldyreva et al.) and the re-ordering attack (ISPEC 2007, Shao), which break several famous schemes.

[1]  Tzong-Chen Wu,et al.  A Structured Multisignature Scheme from the Gap Diffie-Hellman Group , 2003, IACR Cryptol. ePrint Arch..

[2]  Brent Waters,et al.  Universal Signature Aggregators , 2015, EUROCRYPT.

[3]  Craig Gentry,et al.  Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing , 2007, CCS '07.

[4]  Jonathan Katz,et al.  Efficiency improvements for signature schemes with tight security reductions , 2003, CCS '03.

[5]  Takeshi Okamoto,et al.  An ID-SP-M4M Scheme and Its Security Analysis , 2007, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[6]  Brent Waters,et al.  Full Domain Hash from (Leveled) Multilinear Maps and Identity-Based Aggregate Signatures , 2013, CRYPTO.

[7]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[8]  Yvo Desmedt,et al.  A Structured ElGamal-Type Multisignature Scheme , 2000, Public Key Cryptography.

[9]  Mitsuru Tada A Secure Multisignature Scheme with Signing Order Verifiability , 2003, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[10]  Wakaha Ogata,et al.  A General Model of Structured Multisignatures with Message Flexibility , 2007, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[11]  Dong Hoon Lee,et al.  Sequential Aggregate Signatures with Short Public Keys: Design, Analysis and Implementation Studies , 2013, Public Key Cryptography.

[12]  Dengguo Feng,et al.  ID-Based Aggregate Signatures from Bilinear Pairings , 2005, CANS.

[13]  Naoto Yanai,et al.  A Secure Structured Multisignature Scheme Based on a Non-commutative Ring Homomorphism , 2011, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[14]  Jinyong Chang,et al.  The Generic Transformation from Standard Signatures to Identity-Based Aggregate Signatures , 2015, ISC.

[15]  Hovav Shacham,et al.  Sequential Aggregate Signatures from Trapdoor Permutations , 2004, EUROCRYPT.

[16]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[17]  Zuhua Shao,et al.  On the Sequentiality of Three Optimal Structured Multisignature Schemes , 2007, ISPEC.

[18]  Masaki Inamura,et al.  Content Approval Systems with Expansions of a New Pair-Connected-Structured Aggregate Signature Scheme , 2013, Int. J. E Entrepreneurship Innov..

[19]  Rafail Ostrovsky,et al.  Sequential Aggregate Signatures and Multisignatures Without Random Oracles , 2006, EUROCRYPT.

[20]  Craig Gentry,et al.  Identity-Based Aggregate Signatures , 2006, Public Key Cryptography.

[21]  Kefei Chen,et al.  Proxy Structured Multisignature Scheme from Bilinear Pairings , 2004, ISPA.