Abstract
We construct two new multiparty digital signature schemes that allow multiple signers to sequentially and non-interactively produce a compact, fixed-length signature. First, we introduce a new primitive that we call ordered multisignature (OMS) scheme, which allows signers to attest to a common message as well as the order in which they signed. Our OMS construction substantially improves computational efficiency and scalability over any existing scheme with suitable functionality. Second, we design a new identity-based sequential aggregate signature scheme, where signers can attest to different messages and signature verification does not require knowledge of traditional public keys. The latter property permits savings on bandwidth and storage as compared to public-key solutions. In contrast to the only prior scheme to provide this functionality, ours offers improved security that does not rely on synchronized clocks or a trusted first signer. We provide formal security definitions and support the proposed schemes with security proofs under appropriate computational assumptions. We focus on applications of our schemes to secure network routing, but we believe that they will find other applications as well.
- <scp>Au, M.-H., Susilo, W., and Mu, Y.</scp> 2007. Practical compact e-cash. Information Security and Privacy, 431--445. Google ScholarDigital Library
- <scp>Bellare, M., Namprempre, C., and Neven, G.</scp> 2007. Unrestricted aggregate signatures. In Proceedings of the International Colloquium on Automata, Languages, and Programming (ICALP'07). Lecture Notes in Computer Science, vol. 4596. Springer, 411--422. Google ScholarDigital Library
- <scp>Bellare, M. and Neven, G.</scp> 2007. Identity-based multi-signatures from RSA. In CT-RSA. LNCS, vol. 4377. Springer, 145--162. Google ScholarDigital Library
- <scp>Bellare, M. and Rogaway, P.</scp> 1993. Random oracles are practical: A paradigm for designing efficient protocols. In Conference on Computer and Communications Security (CCS'93). ACM, 62--73. Google ScholarDigital Library
- <scp>Bellovin, S.</scp> 2006. Position paper: Workable routing security. WIRED.Google Scholar
- <scp>Boldyreva, A.</scp> 2003. Threshold signatures, multisignatures and blind signatures based on the Gap-Diffie-Hellman-Group signature scheme. In Proceedings of the 6th International Workshop on Practice and Theory in Public Key Cryptography (PKC'03), LNCS, vol. 2567. Springer, 31--46. Google ScholarDigital Library
- <scp>Boldyreva, A., Gentry, C., O'Neill, A., and Yum, D.-H.</scp> 2007. Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing. In Conference on Computer and Communications Security (CCS'07). ACM, 276--285. Google ScholarDigital Library
- <scp>Boneh, D. and Boyen, X.</scp> 2004a. Efficient selective-ID secure identity-based encryption without random oracles. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT'04). Lecture Notes in Computer Science. Springer, 223--238.Google Scholar
- <scp>Boneh, D. and Boyen, X.</scp> 2004b. Short signatures without random oracles. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT'04). Lecture Notes in Computer Science, vol. 3027. Springer, 56--73.Google Scholar
- <scp>Boneh, D. and Franklin, M. K.</scp> 2001. Identity-based encryption from the Weil pairing. In Proceedings of the Annual International Cryptology Conference (CRYPTO'01). Lecture Notes in Computer Science, vol. 2139. Springer, 213--229. Google ScholarDigital Library
- <scp>Boneh, D., Gentry, C., Shacham, H., and Lynn, B.</scp> 2003. Aggregate and verifiably encrypted signatures from bilinear maps. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT'03). Lecture Notes in Computer Science, vol. 2656. Google ScholarDigital Library
- <scp>Boneh, D., Lynn, B., and Shacham, H.</scp> 2001. Short signatures from the weil pairing. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT'01). Lecture Notes in Computer Science, vol. 2248. Google ScholarDigital Library
- <scp>Burmester, M., Desmedt, Y., Doi, H., Mambo, M., Okamoto, E., Tada, M., and Yoshifuji, Y.</scp> 2000. A structured ElGamal-type multisignature scheme. In Proceedings of the 3rd International Workshop on Practice and Theory in Public Key Cryptography (PKC'00). Springer, 466--483. Google ScholarDigital Library
- <scp>Butler, K., Farley, F., McDaniel, P., and Rexford, J.</scp> 2005. A survey of BGP security. http://www.research.att.com/jrex/.Google Scholar
- <scp>Camenisch, J. and Lysyanskaya, A.</scp> 2004. Signature schemes and anonymous credentials from bilinear maps. In Proceedings of the Annual International Cryptology Conference (CRYPTO'04). Lecture Notes in Computer Science, vol. 3152. Springer, 56--72.Google Scholar
- <scp>Coron, J.-S.</scp> 2000. On the exact security of full domain hash. In Proceedings of the Annual International Cryptology Conference (CRYPTO'00). Lecture Notes in Computer Science. Springer, 229--235. Google ScholarDigital Library
- <scp>Doi, H., Mambo, M., Okamoto, E.</scp>, , <scp>and Uyematsu, T.</scp> 1994. Multisignature scheme with specified order. In Proceedings of the Conference on Communication, Control, and Computing (CCCM'94).Google Scholar
- <scp>Doi, H., Mambo, M., and Okamoto, E.</scp> 1994. Multisignature schemes for various group structures. In Proceedings of the Symposium on Cryptography and Information Security (CIS'94).Google Scholar
- <scp>Galindo, D., Herranz, J., and Kiltz, E.</scp> 2006. On the generic construction of identity-based signatures with additional properties. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT'06). Lecture Notes in Computer Science, vol. 4284. Springer, 178--193. Google ScholarDigital Library
- <scp>Gentry, C. and Ramzan, Z.</scp> 2006. Identity-based aggregate signatures. In Proceedings of the International Workshop on Practice and Theory in Public Key Cryptography (PKC'06). Lecture Notes in Computer Science, vol. 3958. Springer, 257--273. Google ScholarDigital Library
- <scp>Gentry, C. and Silverberg, A.</scp> 2002. Hierarchical ID-based cryptography. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT'02). Springer, 548--566. Google ScholarDigital Library
- <scp>Granger, R. and Smart, N.</scp> 2006. On computing products of pairings. Cryptology ePrint Archive, Report 2006/172.Google Scholar
- <scp>Herranz, J.</scp> 2006. Deterministic identity-based signatures for partial aggregation. Comput. J. 49, 3, 322--330. Google ScholarDigital Library
- <scp>Kent, S. T., Lynn, C., Mikkelson, J., and Seo, K.</scp> 2000. Secure border gateway protocol (S-BGP) - real world performance and deployment issues. In Proceedings of the Network and Distribution System Security Symposium (NDSS'00).Google Scholar
- <scp>Kiltz, E., Mityagin, A., Panjwani, S., and Raghavan, B.</scp> 2005. Append-only signatures. In Proceedings of the International Colloquium on Automata, Languages, and Programming (ICALP'05). Lecture Notes in Computer Science, vol. 3580. Springer, 434--445. Google ScholarDigital Library
- <scp>Lin, C.-Y., Wu, T.-C., and Zhang, F.</scp> 2003. A structured multisignature scheme from the Gap Diffie-Hellman group. Cryptology ePrint Archive, Report 2003/090.Google Scholar
- <scp>Lu, S., Ostrovsky, R., Sahai, A., Shacham, H., and Waters, B.</scp> 2006. Sequential aggregate signatures and multisignatures without random oracles. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT'06). Lecture Notes in Computer Science, vol. 4004. Springer, 465--485. Google ScholarDigital Library
- <scp>Lynn, B.</scp> The pairing-based crypto library. http://crypto.stanford.edu/pbc.Google Scholar
- <scp>Lysyanskaya, A., Micali, S., Reyzin, L., and Shacham, H.</scp> 2004. Sequential aggregate signatures from trapdoor permutations. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT'04). Lecture Notes in Computer Science, vol. 3027. Springer, 74--90.Google Scholar
- <scp>Lysyanskaya, A., Rivest, R. L., Sahai, A., and Wolf, S.</scp> 2000. Pseudonym systems. In Proceedings of the ACM Symposium on Applied Computing (SAC'00). Vol. 1758. Google ScholarDigital Library
- <scp>Mitomi, S. and Miyaji, A.</scp> 2000. A multisignature scheme with message flexibility, order flexibility and order verifiability. In Proceedings of the Australasian Conference on Information Security and Privacy (ACISP'00). Springer, London, UK, 298--312. Google ScholarDigital Library
- <scp>Motiwala, M. and Feamster, N.</scp> 2006. Position paper: Network troubleshooting on data plane coattails. WIRED.Google Scholar
- <scp>Motiwala, M., Bavier, A., and Feamster, N.</scp> 2007. In-band network path diagnosis. Georgia Tech Technical Report GT-CS-07-07 3.Google Scholar
- <scp>Mykletun, E. and Tsudik, G.</scp> 2006. Aggregation queries in the database-as-a-service model. In Proceedings of the Conference on Database and Applications Security (DBSEC'06).Google Scholar
- <scp>N. Feamster, H. B. and Rexford, J.</scp> 2004. Some foundational problems in interdomain routing. HotNets.Google Scholar
- <scp>Neven, G.</scp> 2008. Efficient sequential aggregate signed data. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT'08). Lecture Notes in Computer Science, vol. 4965. Springer, 52--69. Google ScholarDigital Library
- <scp>Saxena, A. and Soh, B.</scp> 2005. One-way signature chaining - a new paradigm for group cryptosystems. Cryptology ePrint Archive, Report 2005/335.Google Scholar
- <scp>Schwartz, J. T.</scp> 1980. Fast probabilistic algorithms for verification of polynomial identities. Journal of the ACM 27, 4, 701--717. Google ScholarDigital Library
- <scp>Shamir, A.</scp> 1984. Identity-based cryptosystems and signature schemes. In Proceedings of the Annual International Cryptology Conference (CRYPTO'84). Springer, 47--53. Google ScholarDigital Library
- <scp>Shoup, V.</scp> 1997. Lower bounds for discrete logarithms and related problems. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT'97). Lecture Notes in Computer Science, vol. 1233. Springer, 256--266. Google ScholarDigital Library
- <scp>Tada, M.</scp> 2002. An order-specified multisignature scheme secure against active insider attacks. In Proceedings of the Australasian Conference on Information Security and Privacy (ACISP'02). Springer, 328--345. Google ScholarDigital Library
- <scp>Xu, S., Mu, Y., and Susilo, W.</scp> 2006. Online/offline signatures and multisignatures for AODV and DSR routing security. In Proceedings of the Australasian Conference on Information Security and Privacy (ACISP'06). LNCS, vol. 4058. Springer, 99--110. Google ScholarDigital Library
- <scp>Zhao, M., Smith, S. W., and Nicol, D. M.</scp> 2005. Aggregated path authentication for efficient BGP security. In Proceedings of the Conference on Computer and Communications Security (CCS'05). ACM, 128--138. Google ScholarDigital Library
Index Terms
- New Multiparty Signature Schemes for Network Routing Applications
Recommendations
New multi-proxy multi-signature schemes
A new kind of proxy signature schemes is first proposed: multi-proxy multi-signature schemes. In multi-proxy multi-signature schemes, an original group of signers can authorize a group of proxy signers under the agreement of all singers both in the ...
Improvement of identity-based proxy multi-signature scheme
A proxy signature scheme allows a proxy signer to sign messages on behalf of an original signer, a company or an organization. A proxy multi-signature scheme is an extension of the basic proxy signature scheme, and permits two or more original signers ...
Forgery attacks on Kang et al.'s identity-based strong designated verifier signature scheme and its improvement with security proof
Recently, Kang et al. proposed a new identity-based strong designated verifier signature scheme (ID-SDVS) and identity-based designated verifier proxy signature scheme (ID-DVPS). They claimed that their schemes are unforgeable. However, we found out ...
Comments