Jae Hyun Ahn
ABSTRACT
An aggregate signature scheme is a digital signature scheme where anyone given n signatures on n messages from n users can aggregate all these signatures into a single short signature. Unfortunately, no "fully non-interactive" aggregate signature schemes are known outside of the random oracle heuristic; that is, signers must pass messages between themselves, sequentially or otherwise, to generate the signature. Interaction is too costly for some interesting applications.
In this work, we consider the task of realizing aggregate signatures in the model of Gentry and Ramzan (PKC 2006) when all signers share a synchronized clock, but do not need to be aware of or interactive with one another. Each signer may issue at most one signature per time period and signatures aggregate only if they were created during the same time period. We call this synchronized aggregation.
We present a surprisingly efficient synchronized aggregate signature scheme secure under the Computational Diffie-Hellman assumption in the standard model. Our construction is based on the stateful signatures of Hohenberger and Waters (Eurocrypt 2009). Those signatures do not aggregate since each signature includes unique randomness for a chameleon hash and those random values do not compress. To overcome this challenge, we remove the chameleon hash from their scheme and find an alternative method for moving from weak to full security that enables aggregation. We conclude by discussing applications of this construction to sensor networks and software authentication.
- }}Jae Hyun Ahn, Matthew Green, and Susan Hohenberger. Synchronized aggregate signatures: New definitions, constructions and applications, 2010. Full version available at http://eprint.iacr.org.Google Scholar
- }}I. F. Akyildiz, Weilian Su, Y. Sankarasubramaniam, and E. Cayirci. A survey on sensor networks. Communications Magazine, IEEE, 40(8):102--114, 2002. Google ScholarDigital Library
- }}Ali Bagherzandi and Stanislaw Jarecki. Identity-Based Multi-Signatures based on RSA. In PKC '10, volume 6056 of LNCS, pages 480--498, 2010. Google ScholarDigital Library
- }}Boaz Barak, Ran Canetti, Jesper Buus Nielsen, and Rafael Pass. Universally composable protocols with relaxed set-up assumptions. In FOCS '04, pages 186--195, 2004. Google ScholarDigital Library
- }}Mihir Bellare, Juan A. Garay, and Tal Rabin. Fast batch verification for modular exponentiation and digital signatures. In Advances in Cryptology -- EUROCRYPT '98, volume 1403 of LNCS, pages 236--250, 1998.Google Scholar
- }}Mihir Bellare, Chanathip Namprempre, and Gregory Neven. Unrestricted aggregate signatures. In ICALP '07, volume 4596 of LNCS, pages 411--422, 2007. Google ScholarDigital Library
- }}Mihir Bellare and Gregory Neven. Identity-Based Multi-signatures from RSA. In CT-RSA '07, volume 4377 of LNCS, pages 145--162, 2007. Google ScholarDigital Library
- }}Alexandra Boldyreva, Craig Gentry, Adam O'Neill, and Dae Hyun Yum. Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing. In ACM Conference on Computer and Communications Security (CCS), pages 276--285, 2007. Google ScholarDigital Library
- }}Alexandra Boldyreva, Craig Gentry, Adam O'Neill, and Dae Hyun Yum. Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing, 2010. Full version available at http://www.cc.gatech.edu/ amoneill/bgoy.html.Google Scholar
- }}Dan Boneh and Xavier Boyen. Efficient selective-ID secure identity-based encryption without random oracles. In Advances in Cryptology -- EUROCRYPT '04, volume 3027, pages 223--238, 2004.Google Scholar
- }}Dan Boneh, Craig Gentry, Ben Lynn, and Hovav Shacham. Aggregate and verifiably encrypted signatures from bilinear maps. In EUROCRYPT '03, volume 2656 of LNCS, pages 416--432, 2003. Google ScholarDigital Library
- }}Car 2 Car. Communication consortium. http://car-to-car.org.Google Scholar
- }}Whitfield Diffie and Martin Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22:644--654, 1976.Google ScholarDigital Library
- }}David Freeman, Michael Scott, and Edlyn Teske. A taxonomy of pairing-friendly elliptic curves. Journal of Cryptology, 23:224--280, 2010. Google ScholarDigital Library
- }}Steven D. Galbraith, Kenneth G. Paterson, and Nigel P. Smart. Pairings for cryptographers. Discrete Applied Mathematics, 156(16):3113--3121, 2008. Google ScholarDigital Library
- }}Craig Gentry and Zulfikar Ramzan. Identity-based aggregate signatures. In Public Key Cryptography '06, volume 3958 of LNCS, pages 257--273, 2006. Google ScholarDigital Library
- }}Shafi Goldwasser, Silvio Micali, and Ronald L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal of Computing, 17(2):281--308, 1988. Google ScholarDigital Library
- }}Susan Hohenberger and Brent Waters. Realizing hash-and-sign signatures under standard assumptions. In EUROCRYPT '09, volume 5479 of LNCS, pages 333--350, 2009. Google ScholarDigital Library
- }}Jung Yeon Hwang, Dong Hoon Lee, and Moti Yung. Universal forgery of the identity-based sequential aggregate signature scheme. In ASIACCS '09, pages 157--160, 2009. Google ScholarDigital Library
- }}Stephen Kent, Charles Lynn, and Karen Seo. Secure Border Gateway Protocol (S-BGP). IEEE Journal on Selected Areas in Communications, 18(4):582--592, 2000. Google ScholarDigital Library
- }}JeongGil Ko, Tia Gao, Richard Rothman, and Andreas Terzis. Wireless sensing systems in clinical environments: Improving the efficiency of the patient monitoring process. IEEE Engineering in Medicine and Biology (EMB) Magazine, 29(2):103--109, 2010.Google Scholar
- }}Chieh-Jan Mike Liang, Jie Liu, Liqian Luo, Andreas Terzis, and Feng Zhao. RACNet: A high-fidelity data center sensing network. In ACM Conference on Embedded Networked Sensor Systems (SenSys) '09, pages 15--28, 2009. Google ScholarDigital Library
- }}Steve Lu, Rafail Ostrovsky, Amit Sahai, Hovav Shacham, and Brent Waters. Sequential aggregate signatures and multisignatures without random oracles. In EUROCRYPT '06, volume 4004 of LNCS, pages 465--85, 2006. Full version at http://cseweb.ucsd.edu/ hovav/dist/agg-sig.pdf. Google ScholarDigital Library
- }}Anna Lysyanskaya, Silvio Micali, Leonid Reyzin, and Hovav Shacham. Sequential aggregate signatures from trapdoor permutations. In EUROCRYPT '04, volume 3027 of LNCS, pages 74--90, 2004.Google Scholar
- }}David Naccache. Secure and practical identity-based encryption, 2005. Cryptology ePrint Archive: Report 2005/369.Google Scholar
- }}Gregory Neven. Efficient sequential aggregate signed data. In EUROCRYPT '08, volume 4965 of LNCS, pages 52--69, 2008. Google ScholarDigital Library
- }}Adrian Perrig, Ran Canetti, Dawn Song, and J. D. Tygar. Efficient and secure source authentication for multicast. In NDSS '01, pages 35--46, February 2001.Google Scholar
- }}Harald Vogt. Exploring message authentication in sensor networks. In Security in Ad-hoc and Sensor Networks, volume 3313 of LNCS, pages 19--30. Springer, 2005. Google ScholarDigital Library
- }}Brent Waters. Efficient identity-based encryption without random oracles. In EUROCRYPT '05, volume 3494, pages 320--329, 2005. Google ScholarDigital Library
Index Terms
- Synchronized aggregate signatures: new definitions, constructions and applications
Recommendations
Improved security for linearly homomorphic signatures: a generic framework
PKC'12: Proceedings of the 15th international conference on Practice and Theory in Public Key CryptographyWe propose a general framework that converts (ordinary) signature schemes having certain properties into linearly homomorphic signature schemes, i.e., schemes that allow authentication of linear functions on signed data. The security of the homomorphic ...
Generic constructions for verifiably encrypted signatures without random oracles or NIZKs
ACNS'10: Proceedings of the 8th international conference on Applied cryptography and network securityVerifiably encrypted signature schemes (VES) allow a signer to encrypt his or her signature under the public key of a trusted third party, while maintaining public signature verifiability. With our work, we propose two generic constructions based on ...
Short Signatures from Diffie---Hellman: Realizing Almost Compact Public Key
In this paper, we present a new digital signature scheme based on the computational Diffie---Hellman (CDH) assumption in the standard model. The proposed signature scheme is not only asymptotically almost compact but also practical for concrete ...
Comments