Sequential aggregate signatures with short public keys: design, analysis and implementation studies. (English) Zbl 1290.94153
Kurosawa, Kaoru (ed.) et al., Public-key cryptography – PKC 2013. 16th international conference on practice and theory in public-key cryptography, Nara, Japan, February 26–March 1, 2013. Proceedings. Berlin: Springer (ISBN 978-3-642-36361-0/pbk). Lecture Notes in Computer Science 7778, 423-442 (2013).
Summary: The notion of aggregate signature has been motivated by applications and it enables any user to compress different signatures signed by different signers on different messages into a short signature. Sequential aggregate signature, in turn, is a special kind of aggregate signature that only allows a signer to add his signature into an aggregate signature in sequential order. This latter scheme has applications in diversified settings, such as in reducing bandwidth of a certificate chains, and in secure routing protocols. Lu, Ostrovsky, Sahai, Shacham, and Waters presented the first sequential aggregate signature scheme in the standard (non idealized ROM) model. The size of their public key, however, is quite large (i.e., the number of group elements is proportional to the security parameter), and therefore they suggested as an open problem the construction of such a scheme with short keys. Schröder recently proposed a sequential aggregate signature (SAS) with short public keys using the Camenisch-Lysyanskaya signature scheme, but the security is only proven under an interactive assumption (which is considered a relaxed notion of security). In this paper, we propose the first sequential aggregate signature scheme with short public keys (i.e., a constant number of group elements) in prime order (asymmetric) bilinear groups which is secure under static assumptions in the standard model. Technically, we start with a public key signature scheme based on the recent dual system encryption technique of Lewko and Waters. This technique cannot give directly an aggregate signature scheme since, as we observed, additional elements should be published in the public key to support aggregation. Thus, our construction is a careful augmentation technique for the dual system technique to allow it to support a sequential aggregate signature scheme. We further implemented our scheme and conducted a performance study and implementation optimization.
For the entire collection see [Zbl 1258.94004].
For the entire collection see [Zbl 1258.94004].
Software:
PBC LibraryReferences:
| [1] | Ahn, J.H., Green, M., Hohenberger, S.: Synchronized aggregate signatures: new definitions, constructions and applications. In: ACM Conference on Computer and Communications Security, pp. 473-484 (2010) |
| [2] | Bagherzandi, A.; Jarecki, S.; Nguyen, P. Q.; Pointcheval, D., Identity-Based Aggregate and Multi-Signature Schemes Based on RSA, Public Key Cryptography - PKC 2010, 480-498 (2010), Heidelberg: Springer, Heidelberg · Zbl 1281.94071 · doi:10.1007/978-3-642-13013-7_28 |
| [3] | Bellare, M.; Namprempre, C.; Neven, G.; Arge, L.; Cachin, C.; Jurdziński, T.; Tarlecki, A., Unrestricted Aggregate Signatures, Automata, Languages and Programming, 411-422 (2007), Heidelberg: Springer, Heidelberg · Zbl 1171.94363 · doi:10.1007/978-3-540-73420-8_37 |
| [4] | Bellare, M.; Neven, G.; Abe, M., Identity-Based Multi-signatures from RSA, Topics in Cryptology - CT-RSA 2007, 145-162 (2006), Heidelberg: Springer, Heidelberg · Zbl 1177.94181 · doi:10.1007/11967668_10 |
| [5] | Boldyreva, A.; Desmedt, Y. G., Threshold Signatures, Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme, Public Key Cryptography - PKC 2003, 31-46 (2002), Heidelberg: Springer, Heidelberg · Zbl 1033.94552 · doi:10.1007/3-540-36288-6_3 |
| [6] | Boldyreva, A., Gentry, C., O’Neill, A., Yum, D.H.: Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing. In: Ning, P., di Vimercati, S.D.C., Syverson, P.F. (eds.) ACM Conference on Computer and Communications Security, pp. 276-285. ACM (2007) |
| [7] | Boldyreva, A., Gentry, C., O’Neill, A., Yum, D.H.: Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing. Cryptology ePrint Archive, Report 2007/438 (2010), http://eprint.iacr.org/2007/438 |
| [8] | Boneh, D.; Franklin, M.; Kilian, J., Identity-Based Encryption from the Weil Pairing, Advances in Cryptology - CRYPTO 2001, 213-229 (2001), Heidelberg: Springer, Heidelberg · Zbl 1002.94023 · doi:10.1007/3-540-44647-8_13 |
| [9] | Boneh, D.; Gentry, C.; Lynn, B.; Shacham, H.; Biham, E., Aggregate and Verifiably Encrypted Signatures from Bilinear Maps, Advances in Cryptology - EUROCRPYT 2003, 416-432 (2003), Heidelberg: Springer, Heidelberg · Zbl 1038.94553 · doi:10.1007/3-540-39200-9_26 |
| [10] | Boneh, D.; Lynn, B.; Shacham, H.; Boyd, C., Short Signatures from the Weil Pairing, Advances in Cryptology - ASIACRYPT 2001, 514-532 (2001), Heidelberg: Springer, Heidelberg · Zbl 1064.94554 · doi:10.1007/3-540-45682-1_30 |
| [11] | Brogle, K.; Goldberg, S.; Reyzin, L.; Wang, X.; Sako, K., Sequential Aggregate Signatures with Lazy Verification from Trapdoor Permutations (Extended Abstract), Advances in Cryptology - ASIACRYPT 2012, 644-662 (2012), Heidelberg: Springer, Heidelberg · Zbl 1292.94039 · doi:10.1007/978-3-642-34961-4_39 |
| [12] | Chatterjee, S.; Sarkar, P.; Won, D. H.; Kim, S., Trading Time for Space: Towards an Efficient IBE Scheme with Short(er) Public Parameters in the Standard Model, Information Security and Cryptology - ICISC 2005, 424-440 (2006), Heidelberg: Springer, Heidelberg · Zbl 1184.94235 · doi:10.1007/11734727_33 |
| [13] | Galbraith, S. D.; Paterson, K. G.; Smart, N. P., Pairings for cryptographers, Discrete Applied Mathematics, 156, 16, 3113-3121 (2008) · Zbl 1156.94347 · doi:10.1016/j.dam.2007.12.010 |
| [14] | Gentry, C.; Ramzan, Z.; Yung, M.; Dodis, Y.; Kiayias, A.; Malkin, T., Identity-Based Aggregate Signatures, Public Key Cryptography - PKC 2006, 257-273 (2006), Heidelberg: Springer, Heidelberg · Zbl 1151.94511 · doi:10.1007/11745853_17 |
| [15] | Gerbush, M.; Lewko, A.; O’Neill, A.; Waters, B.; Wang, X.; Sako, K., Dual Form Signatures: An Approach for Proving Security from Static Assumptions, Advances in Cryptology - ASIACRYPT 2012, 25-42 (2012), Heidelberg: Springer, Heidelberg · Zbl 1290.94149 · doi:10.1007/978-3-642-34961-4_4 |
| [16] | Herranz, J., Deterministic identity-based signatures for partial aggregation, Comput. J., 49, 3, 322-330 (2006) · doi:10.1093/comjnl/bxh153 |
| [17] | Hwang, J.Y., Lee, D.H., Yung, M.: Universal forgery of the identity-based sequential aggregate signature scheme. In: Li, W., Susilo, W., Tupakula, U.K., Safavi-Naini, R., Varadharajan, V. (eds.) ASIACCS, pp. 157-160. ACM (2009) |
| [18] | Katz, J.; Lindell, A. Y.; Malkin, T., Aggregate Message Authentication Codes, Topics in Cryptology - CT-RSA 2008, 155-169 (2008), Heidelberg: Springer, Heidelberg · Zbl 1153.94398 · doi:10.1007/978-3-540-79263-5_10 |
| [19] | Lee, K., Lee, D.H., Yung, M.: Sequential aggregate signatures with short public keys: Design, analysis, and implementation studies. Cryptology ePrint Archive, Report 2012/518 (2012), http://eprint.iacr.org/2012/518 · Zbl 1290.94153 |
| [20] | Lewko, A.; Pointcheval, D.; Johansson, T., Tools for Simulating Features of Composite Order Bilinear Groups in the Prime Order Setting, Advances in Cryptology - EUROCRYPT 2012, 318-335 (2012), Heidelberg: Springer, Heidelberg · Zbl 1297.94086 · doi:10.1007/978-3-642-29011-4_20 |
| [21] | Lewko, A.; Waters, B.; Micciancio, D., New Techniques for Dual System Encryption and Fully Secure HIBE with Short Ciphertexts, Theory of Cryptography, 455-479 (2010), Heidelberg: Springer, Heidelberg · Zbl 1274.94092 · doi:10.1007/978-3-642-11799-2_27 |
| [22] | Lu, S.; Ostrovsky, R.; Sahai, A.; Shacham, H.; Waters, B.; Vaudenay, S., Sequential Aggregate Signatures and Multisignatures Without Random Oracles, Advances in Cryptology - EUROCRYPT 2006, 465-485 (2006), Heidelberg: Springer, Heidelberg · Zbl 1140.94358 · doi:10.1007/11761679_28 |
| [23] | Lynn, B.: The pairing-based cryptography library, http://crypto.stanford.edu/pbc/ |
| [24] | Lysyanskaya, A.; Micali, S.; Reyzin, L.; Shacham, H.; Cachin, C.; Camenisch, J., Sequential Aggregate Signatures from Trapdoor Permutations, Advances in Cryptology - EUROCRYPT 2004, 74-90 (2004), Heidelberg: Springer, Heidelberg · Zbl 1122.94385 · doi:10.1007/978-3-540-24676-3_5 |
| [25] | Neven, G.; Smart, N. P., Efficient Sequential Aggregate Signed Data, Advances in Cryptology - EUROCRYPT 2008, 52-69 (2008), Heidelberg: Springer, Heidelberg · Zbl 1149.94326 · doi:10.1007/978-3-540-78967-3_4 |
| [26] | NIST: Recommendation for key management (2011), http://csrc.nist.gov/publications/PubsSPs.html |
| [27] | Schröder, D.; Atluri, V.; Diaz, C., How to Aggregate the CL Signature Scheme, Computer Security - ESORICS 2011, 298-314 (2011), Heidelberg: Springer, Heidelberg · Zbl 1481.94149 · doi:10.1007/978-3-642-23822-2_17 |
| [28] | Waters, B.; Cramer, R., Efficient Identity-Based Encryption Without Random Oracles, Advances in Cryptology - EUROCRYPT 2005, 114-127 (2005), Heidelberg: Springer, Heidelberg · Zbl 1137.94360 · doi:10.1007/11426639_7 |
| [29] | Waters, B.; Halevi, S., Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions, Advances in Cryptology - CRYPTO 2009, 619-636 (2009), Heidelberg: Springer, Heidelberg · Zbl 1252.94101 · doi:10.1007/978-3-642-03356-8_36 |
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.
