Aggregate and Verifiably Encrypted Signatures from Multilinear Maps Without Random Oracles

Aggregate signatures provide bandwidth-saving aggregation of ordinary signatures. We present the first unrestricted instantiation without random oracles, based on the Boneh-Silverberg signature scheme. Moreover, our construction yields a multisignature scheme where a single message is signed by a number of signers. Our second result is an application to verifiably encrypted signatures. There, signers encrypt their signature under the public key of a trusted third party and output a proof that the signature is inside. Upon dispute between signer and verifier, the trusted third party is able to recover the signature. These schemes are provably secure in the standard model.

[1]  Chanathip Namprempre,et al.  Unrestricted Aggregate Signatures , 2007, ICALP.

[2]  Markus Rückert,et al.  Security of Verifiably Encrypted Signatures , 2009, IACR Cryptol. ePrint Arch..

[3]  Jean-Sébastien Coron,et al.  Boneh et al.'s k-Element Aggregate Extraction Assumption Is Equivalent to the Diffie-Hellman Assumption , 2003, ASIACRYPT.

[4]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[5]  Dan Boneh,et al.  Applications of Multilinear Forms to Cryptography , 2002, IACR Cryptol. ePrint Arch..

[6]  Gregory Neven,et al.  Efficient Sequential Aggregate Signed Data , 2008, IEEE Transactions on Information Theory.

[7]  Anna Lysyanskaya,et al.  Unique Signatures and Verifiable Random Functions from the DH-DDH Separation , 2002, CRYPTO.

[8]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) - Real World Performance and Deployment Issues , 2000, NDSS.

[9]  N. Asokan,et al.  Optimistic fair exchange of digital signatures , 1998, IEEE Journal on Selected Areas in Communications.

[10]  Hovav Shacham,et al.  Sequential Aggregate Signatures from Trapdoor Permutations , 2004, EUROCRYPT.

[11]  Craig Gentry,et al.  Candidate Multilinear Maps from Ideal Lattices and Applications , 2012, IACR Cryptol. ePrint Arch..

[12]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[13]  Alexandra Boldyreva,et al.  Efficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme , 2002 .

[14]  Dominique Schröder,et al.  How to Aggregate the CL Signature Scheme , 2011, ESORICS.

[15]  Rafail Ostrovsky,et al.  Sequential Aggregate Signatures and Multisignatures Without Random Oracles , 2006, EUROCRYPT.

[16]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[17]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[18]  Markus Rückert,et al.  Security of Verifiably Encrypted Signatures and a Construction without Random Oracles , 2009, Pairing.