Cryptology ePrint Archive: Report 2003/091

Sequential Aggregate Signatures from Trapdoor Permutations

Anna Lysyanskaya and Silvio Micali and Leonid Reyzin and Hovav Shacham

Abstract: An aggregate signature scheme (recently proposed by Boneh, Gentry, Lynn and Shacham) is a method for combining $n$ signatures from $n$ different signers on $n$ different messages into one signature of unit length. We propose \emph{sequential aggregate signatures}, in which the set of signers is ordered. The aggregate signature is computed by having each signer, in turn, add his signature to it. We show how to realize this in such a way that the size of the aggregate signature is independent of $n$. This makes sequential aggregate signatures a natural primitive for certificate chains, whose length can be reduced by aggregating all signatures in a chain. We give a construction based on families of certified trapdoor permutations, and show how to instantiate our scheme based on RSA.

Category / Keywords: public-key cryptography / RSA, signature schemes, aggregate signatures

Publication Info: Extended abstract in Proceedings of Eurocrypt 2004, pp. 74-90

Date: received 7 May 2003, last revised 9 Jun 2004

Contact author: hovav at cs stanford edu

Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20040609:223427 (All versions of this report)

Discussion forum: Show discussion | Start new discussion