Identity-Based Aggregate and Multi-Signature Schemes Based on RSA

We propose new identity-based multi-signature (IBMS) and aggregate signature (IBAS) schemes, secure under RSA assumption. Our schemes reduce round complexity of previous RSA-based IBMS scheme of Bellare and Neven [BN07] from three to two rounds. Surprisingly, this improvement comes at virtually no cost, as the computational efficiency and exact security of the new scheme are almost identical to those of [BN07]. The new scheme is enabled by a technical tool of independent interest, a class of zero-knowledge proofs of knowledge of preimages of one-way functions which is straight-line simulatable, enabling concurrency and good exact security, and aggregatable, enabling aggregation of parallel instances of such proofs into short multi/aggregate signatures.

[1]  Masayuki Abe,et al.  Topics in Cryptology CT-RSA 2007 , 2007 .

[2]  S. Micali,et al.  Accountable-Subgroup Multisignatures , 2001 .

[3]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[4]  Javier Herranz,et al.  Deterministic Identity-Based Signatures for Partial Aggregation , 2006, Comput. J..

[5]  Javier Herranz,et al.  On the Generic Construction of Identity-Based Signatures with Additional Properties , 2006, ASIACRYPT.

[6]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[7]  Kefei Chen,et al.  Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3-7, 2006, Proceedings , 2006, ASIACRYPT.

[8]  Nigel P. Smart,et al.  Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.

[9]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[10]  Gene Tsudik,et al.  SRDP: securing route discovery in DSR , 2005, The Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services.

[11]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[12]  Ivan Damgård,et al.  Efficient Concurrent Zero-Knowledge in the Auxiliary String Model , 2000, EUROCRYPT.

[13]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[14]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[15]  Silvio Micali,et al.  Accountable-subgroup multisignatures: extended abstract , 2001, CCS '01.

[16]  Craig Gentry,et al.  Identity-Based Aggregate Signatures , 2006, Public Key Cryptography.

[17]  Jung Hee Cheon,et al.  Multisignatures secure under the discrete logarithm assumption and a generalized forking lemma , 2008, CCS.

[18]  Gregory Neven,et al.  Efficient Sequential Aggregate Signed Data , 2008, IEEE Transactions on Information Theory.

[19]  Jean-Sébastien Coron,et al.  On the Exact Security of Full Domain Hash , 2000, CRYPTO.

[20]  Yvo Desmedt,et al.  Advances in Cryptology — CRYPTO ’94 , 2001, Lecture Notes in Computer Science.

[21]  Aggelos Kiayias,et al.  Public Key Cryptography - PKC 2006 , 2006, Lecture Notes in Computer Science.

[22]  Jean-Jacques Quisquater,et al.  A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge , 1988, CRYPTO.

[23]  Mihir Bellare,et al.  Multi-signatures in the plain public-Key model and a general forking lemma , 2006, CCS '06.

[24]  Mihir Bellare,et al.  Identity-Based Multi-signatures from RSA , 2007, CT-RSA.

[25]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[26]  Craig Gentry,et al.  Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing , 2007, CCS '07.

[27]  Aggelos Kiayias,et al.  BiTR: Built-in Tamper Resilience , 2011, IACR Cryptol. ePrint Arch..

[28]  Krste Asanovic,et al.  Energy Aware Lossless Data Compression , 2003, MobiSys.