Alexandra Boldyreva
Abstract
We construct two new multiparty digital signature schemes that allow multiple signers to sequentially and non-interactively produce a compact, fixed-length signature. First, we introduce a new primitive that we call ordered multisignature (OMS) scheme, which allows signers to attest to a common message as well as the order in which they signed. Our OMS construction substantially improves computational efficiency and scalability over any existing scheme with suitable functionality. Second, we design a new identity-based sequential aggregate signature scheme, where signers can attest to different messages and signature verification does not require knowledge of traditional public keys. The latter property permits savings on bandwidth and storage as compared to public-key solutions. In contrast to the only prior scheme to provide this functionality, ours offers improved security that does not rely on synchronized clocks or a trusted first signer. We provide formal security definitions and support the proposed schemes with security proofs under appropriate computational assumptions. We focus on applications of our schemes to secure network routing, but we believe that they will find other applications as well.
- <scp>Au, M.-H., Susilo, W., and Mu, Y.</scp> 2007. Practical compact e-cash. Information Security and Privacy, 431--445. Google Scholar
Digital Library
- <scp>Bellare, M., Namprempre, C., and Neven, G.</scp> 2007. Unrestricted aggregate signatures. In Proceedings of the International Colloquium on Automata, Languages, and Programming (ICALP'07). Lecture Notes in Computer Science, vol. 4596. Springer, 411--422. Google ScholarDigital Library
- <scp>Bellare, M. and Neven, G.</scp> 2007. Identity-based multi-signatures from RSA. In CT-RSA. LNCS, vol. 4377. Springer, 145--162. Google ScholarDigital Library
- <scp>Bellare, M. and Rogaway, P.</scp> 1993. Random oracles are practical: A paradigm for designing efficient protocols. In Conference on Computer and Communications Security (CCS'93). ACM, 62--73. Google ScholarDigital Library
- <scp>Bellovin, S.</scp> 2006. Position paper: Workable routing security. WIRED.Google Scholar
- <scp>Boldyreva, A.</scp> 2003. Threshold signatures, multisignatures and blind signatures based on the Gap-Diffie-Hellman-Group signature scheme. In Proceedings of the 6th International Workshop on Practice and Theory in Public Key Cryptography (PKC'03), LNCS, vol. 2567. Springer, 31--46. Google ScholarDigital Library
- <scp>Boldyreva, A., Gentry, C., O'Neill, A., and Yum, D.-H.</scp> 2007. Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing. In Conference on Computer and Communications Security (CCS'07). ACM, 276--285. Google ScholarDigital Library
- <scp>Boneh, D. and Boyen, X.</scp> 2004a. Efficient selective-ID secure identity-based encryption without random oracles. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT'04). Lecture Notes in Computer Science. Springer, 223--238.Google Scholar
- <scp>Boneh, D. and Boyen, X.</scp> 2004b. Short signatures without random oracles. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT'04). Lecture Notes in Computer Science, vol. 3027. Springer, 56--73.Google Scholar
- <scp>Boneh, D. and Franklin, M. K.</scp> 2001. Identity-based encryption from the Weil pairing. In Proceedings of the Annual International Cryptology Conference (CRYPTO'01). Lecture Notes in Computer Science, vol. 2139. Springer, 213--229. Google ScholarDigital Library
- <scp>Boneh, D., Gentry, C., Shacham, H., and Lynn, B.</scp> 2003. Aggregate and verifiably encrypted signatures from bilinear maps. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT'03). Lecture Notes in Computer Science, vol. 2656. Google ScholarDigital Library
- <scp>Boneh, D., Lynn, B., and Shacham, H.</scp> 2001. Short signatures from the weil pairing. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT'01). Lecture Notes in Computer Science, vol. 2248. Google ScholarDigital Library
- <scp>Burmester, M., Desmedt, Y., Doi, H., Mambo, M., Okamoto, E., Tada, M., and Yoshifuji, Y.</scp> 2000. A structured ElGamal-type multisignature scheme. In Proceedings of the 3rd International Workshop on Practice and Theory in Public Key Cryptography (PKC'00). Springer, 466--483. Google ScholarDigital Library
- <scp>Butler, K., Farley, F., McDaniel, P., and Rexford, J.</scp> 2005. A survey of BGP security. http://www.research.att.com/jrex/.Google Scholar
- <scp>Camenisch, J. and Lysyanskaya, A.</scp> 2004. Signature schemes and anonymous credentials from bilinear maps. In Proceedings of the Annual International Cryptology Conference (CRYPTO'04). Lecture Notes in Computer Science, vol. 3152. Springer, 56--72.Google Scholar
- <scp>Coron, J.-S.</scp> 2000. On the exact security of full domain hash. In Proceedings of the Annual International Cryptology Conference (CRYPTO'00). Lecture Notes in Computer Science. Springer, 229--235. Google ScholarDigital Library
- <scp>Doi, H., Mambo, M., Okamoto, E.</scp>, , <scp>and Uyematsu, T.</scp> 1994. Multisignature scheme with specified order. In Proceedings of the Conference on Communication, Control, and Computing (CCCM'94).Google Scholar
- <scp>Doi, H., Mambo, M., and Okamoto, E.</scp> 1994. Multisignature schemes for various group structures. In Proceedings of the Symposium on Cryptography and Information Security (CIS'94).Google Scholar
- <scp>Galindo, D., Herranz, J., and Kiltz, E.</scp> 2006. On the generic construction of identity-based signatures with additional properties. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT'06). Lecture Notes in Computer Science, vol. 4284. Springer, 178--193. Google ScholarDigital Library
- <scp>Gentry, C. and Ramzan, Z.</scp> 2006. Identity-based aggregate signatures. In Proceedings of the International Workshop on Practice and Theory in Public Key Cryptography (PKC'06). Lecture Notes in Computer Science, vol. 3958. Springer, 257--273. Google ScholarDigital Library
- <scp>Gentry, C. and Silverberg, A.</scp> 2002. Hierarchical ID-based cryptography. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT'02). Springer, 548--566. Google ScholarDigital Library
- <scp>Granger, R. and Smart, N.</scp> 2006. On computing products of pairings. Cryptology ePrint Archive, Report 2006/172.Google Scholar
- <scp>Herranz, J.</scp> 2006. Deterministic identity-based signatures for partial aggregation. Comput. J. 49, 3, 322--330. Google ScholarDigital Library
- <scp>Kent, S. T., Lynn, C., Mikkelson, J., and Seo, K.</scp> 2000. Secure border gateway protocol (S-BGP) - real world performance and deployment issues. In Proceedings of the Network and Distribution System Security Symposium (NDSS'00).Google Scholar
- <scp>Kiltz, E., Mityagin, A., Panjwani, S., and Raghavan, B.</scp> 2005. Append-only signatures. In Proceedings of the International Colloquium on Automata, Languages, and Programming (ICALP'05). Lecture Notes in Computer Science, vol. 3580. Springer, 434--445. Google ScholarDigital Library
- <scp>Lin, C.-Y., Wu, T.-C., and Zhang, F.</scp> 2003. A structured multisignature scheme from the Gap Diffie-Hellman group. Cryptology ePrint Archive, Report 2003/090.Google Scholar
- <scp>Lu, S., Ostrovsky, R., Sahai, A., Shacham, H., and Waters, B.</scp> 2006. Sequential aggregate signatures and multisignatures without random oracles. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT'06). Lecture Notes in Computer Science, vol. 4004. Springer, 465--485. Google ScholarDigital Library
- <scp>Lynn, B.</scp> The pairing-based crypto library. http://crypto.stanford.edu/pbc.Google Scholar
- <scp>Lysyanskaya, A., Micali, S., Reyzin, L., and Shacham, H.</scp> 2004. Sequential aggregate signatures from trapdoor permutations. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT'04). Lecture Notes in Computer Science, vol. 3027. Springer, 74--90.Google Scholar
- <scp>Lysyanskaya, A., Rivest, R. L., Sahai, A., and Wolf, S.</scp> 2000. Pseudonym systems. In Proceedings of the ACM Symposium on Applied Computing (SAC'00). Vol. 1758. Google ScholarDigital Library
- <scp>Mitomi, S. and Miyaji, A.</scp> 2000. A multisignature scheme with message flexibility, order flexibility and order verifiability. In Proceedings of the Australasian Conference on Information Security and Privacy (ACISP'00). Springer, London, UK, 298--312. Google ScholarDigital Library
- <scp>Motiwala, M. and Feamster, N.</scp> 2006. Position paper: Network troubleshooting on data plane coattails. WIRED.Google Scholar
- <scp>Motiwala, M., Bavier, A., and Feamster, N.</scp> 2007. In-band network path diagnosis. Georgia Tech Technical Report GT-CS-07-07 3.Google Scholar
- <scp>Mykletun, E. and Tsudik, G.</scp> 2006. Aggregation queries in the database-as-a-service model. In Proceedings of the Conference on Database and Applications Security (DBSEC'06).Google Scholar
- <scp>N. Feamster, H. B. and Rexford, J.</scp> 2004. Some foundational problems in interdomain routing. HotNets.Google Scholar
- <scp>Neven, G.</scp> 2008. Efficient sequential aggregate signed data. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT'08). Lecture Notes in Computer Science, vol. 4965. Springer, 52--69. Google ScholarDigital Library
- <scp>Saxena, A. and Soh, B.</scp> 2005. One-way signature chaining - a new paradigm for group cryptosystems. Cryptology ePrint Archive, Report 2005/335.Google Scholar
- <scp>Schwartz, J. T.</scp> 1980. Fast probabilistic algorithms for verification of polynomial identities. Journal of the ACM 27, 4, 701--717. Google ScholarDigital Library
- <scp>Shamir, A.</scp> 1984. Identity-based cryptosystems and signature schemes. In Proceedings of the Annual International Cryptology Conference (CRYPTO'84). Springer, 47--53. Google ScholarDigital Library
- <scp>Shoup, V.</scp> 1997. Lower bounds for discrete logarithms and related problems. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT'97). Lecture Notes in Computer Science, vol. 1233. Springer, 256--266. Google ScholarDigital Library
- <scp>Tada, M.</scp> 2002. An order-specified multisignature scheme secure against active insider attacks. In Proceedings of the Australasian Conference on Information Security and Privacy (ACISP'02). Springer, 328--345. Google ScholarDigital Library
- <scp>Xu, S., Mu, Y., and Susilo, W.</scp> 2006. Online/offline signatures and multisignatures for AODV and DSR routing security. In Proceedings of the Australasian Conference on Information Security and Privacy (ACISP'06). LNCS, vol. 4058. Springer, 99--110. Google ScholarDigital Library
- <scp>Zhao, M., Smith, S. W., and Nicol, D. M.</scp> 2005. Aggregated path authentication for efficient BGP security. In Proceedings of the Conference on Computer and Communications Security (CCS'05). ACM, 128--138. Google ScholarDigital Library
Index Terms
- New Multiparty Signature Schemes for Network Routing Applications
Recommendations
New multi-proxy multi-signature schemes
A new kind of proxy signature schemes is first proposed: multi-proxy multi-signature schemes. In multi-proxy multi-signature schemes, an original group of signers can authorize a group of proxy signers under the agreement of all singers both in the ...
Improvement of identity-based proxy multi-signature scheme
A proxy signature scheme allows a proxy signer to sign messages on behalf of an original signer, a company or an organization. A proxy multi-signature scheme is an extension of the basic proxy signature scheme, and permits two or more original signers ...
Forgery attacks on Kang et al.'s identity-based strong designated verifier signature scheme and its improvement with security proof
Recently, Kang et al. proposed a new identity-based strong designated verifier signature scheme (ID-SDVS) and identity-based designated verifier proxy signature scheme (ID-DVPS). They claimed that their schemes are unforgeable. However, we found out ...
Reviews
Amos O Olagunju
Every day, the Internet links millions of people worldwide to vast amounts of information. Although there exist solutions for a widespread forgery attack on two threshold group signature schemes with secret signers [1], data packet transmissions on the global computer network are vulnerable to misuse, thrashing, piracy, corruption, and theft, due to inadequate secure authentication and troubleshooting on autonomous system paths. How should scalable, efficient multisignature algorithms be designed to possibly muddle through network fault diagnosis and data plane security among routers__?__ Boldyreva et al. present a method to confirm a systematically signed communal message by multiple parties, and a technique to successively accrue and authenticate the identities of the signers of alternative messages, with no dependency on public keys, harmonized clocks, or a trusted foremost signer. They prescribe a secure ordered multisignature (OMS) scheme, where the order of the signers is impervious to falsification, and a scheme to aggregate identity-based signatures that travel chronologically in routing-based applications. The secure OMS scheme consists of: an algorithm that produces global information by reliable third parties; a procedure that generates private- and public-key pairs associated with global information for users; a technique for signing messages with secret keys; and a deterministic method for corroborating signed messages. The scalable and efficient secure OMS scheme impartially doles out processing time to routers. The identity-based signature scheme includes algorithms used by trustworthy private-key generators (PKG) to produce master public and private keys, to generate private keys for users, and to aggregate and verify messages signed with secret keys, in order, by users. This scheme is amenable in secure-border gateway protocols (S-BGPs), where PKGs can be organized into hierarchies with higher-level PKGs entrusting private-key generation and authentication to lower-level domains. It maintains the identity-based signatures of small hierarchical S-BGP settings, given that the verification of an aggregated signature at a leaf in the hierarchy requires the public keys of all PKGs on the pathway from the root. The authors convincingly present novel ceremonial cryptographic security schemes for network routing applications. The computational effectiveness and scalability of the secure OMS scheme are superior to the existing digital multiparty signature schemes. Both schemes save storage and bandwidth, compared to well-known public-key cryptographic schemes. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments