Sequential Aggregate Signatures Working over Independent Homomorphic Trapdoor One-Way Permutation Domains

The contribution of this paper has two folds. In the first fold, we propose a generic construction of sequential aggregate signatures from families of certificated trapdoor one-way permutations. We show that our construction is provably secure in the random oracle model assuming that the underlying homomorphic permutations are trapdoor one-way. Compared to Lysyanskaya et al’s generic construction that is constructed from a trapdoor one-way permutation family working over the same domain [16], our scheme works over independent trapdoor one-way permutation domains. The flexible choice of the underlying permutation domains benefits our scheme to its applications in the real world where individual user may choose its working domain independently. In the second fold, we instantiate our generic construction with RSA so that the RSA moduli in our scheme can be chosen independently by individual user and thus the moduli is not required to be of the same length. Consequently, our proposed instantiation is the first scheme based on the RSA problem that works for any moduli – this is the most significant feature of our scheme different from the best results constructed from the RSA problem (say, Kawauchi et al’s scheme [14], and Lysyanskaya et al’s scheme [16]).

[1]  Jennifer Seberry,et al.  Advances in Cryptology — AUSCRYPT '92 , 1992, Lecture Notes in Computer Science.

[2]  Mitsuru Tada A Secure Multisignature Scheme with Signing Order Verifiability , 2003, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[3]  Atsuko Miyaji,et al.  A Multisignature Scheme with Message Flexibility, Order Flexibility and Order Verifiability , 2000, ACISP.

[4]  Kazuo Ohta,et al.  A Digital Multisignature Scheme Based on the Fiat-Shamir Scheme , 1991, ASIACRYPT.

[5]  Silvio Micali,et al.  Accountable-subgroup multisignatures: extended abstract , 2001, CCS '01.

[6]  Yvo Desmedt Public Key Cryptography — PKC 2003 , 2002, Lecture Notes in Computer Science.

[7]  Thomas Hardjono,et al.  A Practical Digital Multisignature Scheme Based on Discrete Logarithms , 1992, AUSCRYPT.

[8]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[9]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[10]  Yuichi Komano,et al.  Probabilistic Multi-Signature Schemes Using a One-Way Trapdoor Permutation , 2004 .

[11]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[12]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[13]  Eiji Okamoto,et al.  On the Security of the RSA-Based Multisignature Scheme for Various Group Structures , 2000, ACISP.

[14]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[15]  Alexandra Boldyreva,et al.  Efficient threshold signature , multisignature and blind signature schemes based on the Gap-Diffie-Hellman-group signature scheme , 2002 .

[16]  Tatsuaki Okamoto,et al.  A digital multisignature scheme using bijective public-key cryptosystems , 1988, TOCS.

[17]  K. Ohta,et al.  Generic construction methods of multi-signature schemes , 2001 .

[18]  Alexandra Boldyreva,et al.  Efficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme , 2002 .

[19]  Mitsuru Tada,et al.  On the Extract Security of Multi-signature Schemes Based on RSA , 2003, ACISP.

[20]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[21]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[22]  Hideki Imai,et al.  Advances in Cryptology — ASIACRYPT '91 , 1991, Lecture Notes in Computer Science.

[23]  K. Itakura,et al.  A public-key cryptosystem suitable for digital multisignatures , 1983 .

[24]  Hovav Shacham,et al.  Sequential Aggregate Signatures from Trapdoor Permutations , 2004, EUROCRYPT.

[25]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[26]  Atsuko Miyaji,et al.  A general model of multisignature schemes with message flexibility, order flexibility, and order verifiability , 2001 .

[27]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[28]  Yvo Desmedt,et al.  A Structured ElGamal-Type Multisignature Scheme , 2000, Public Key Cryptography.

[29]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[30]  Mitsuru Tada,et al.  An Order-Specified Multisignature Scheme Secure against Active Insider Attacks , 2002, ACISP.

[31]  Jan Camenisch,et al.  Proving in Zero-Knowledge that a Number Is the Product of Two Safe Primes , 1998, EUROCRYPT.

[32]  Jean-Sébastien Coron,et al.  On the Exact Security of Full Domain Hash , 2000, CRYPTO.