Paper 2011/231
History-Free Sequential Aggregate Signatures
Marc Fischlin, Anja Lehmann, and Dominique Schröder
Abstract
Aggregation schemes allow to combine several cryptographic values like message authentication codes or signatures into a shorter value such that, despite compression, some notion of unforgeability is preserved. Recently, Eikemeier et al. (SCN 2010) considered the notion of history-free sequential aggregation for message authentication codes, where the sequentially-executed aggregation algorithm does not need to receive the previous messages in the sequence as input. Here we discuss the idea for signatures where the new aggregate does not rely on the previous messages and public keys either, thus inhibiting the costly verifications in each aggregation step as in previous schemes by Lysyanskaya et al. (Eurocrypt 2004) and Neven (Eurocrypt 2008). Analogously to MACs we argue about new security definitions for such schemes and compare them to previous notions for history-dependent schemes. We finally give a construction based on the BLS signature scheme which satisfies our notion.
Note: A preliminary version appears in: Security and Cryptography for Networks (SCN) 2012, Lecture Notes in Computer Science, Vol.7485, pp.113-130, Springer-Verlag, 2012.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- AggregationSignatureHistory-Freeness
- Contact author(s)
- marc fischlin @ gmail com
- History
- 2012-08-14: last of 3 revisions
- 2011-05-17: received
- See all versions
- Short URL
- https://ia.cr/2011/231
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2011/231,
author = {Marc Fischlin and Anja Lehmann and Dominique Schröder},
title = {History-Free Sequential Aggregate Signatures},
howpublished = {Cryptology ePrint Archive, Paper 2011/231},
year = {2011},
note = {\url{https://eprint.iacr.org/2011/231}},
url = {https://eprint.iacr.org/2011/231}
}
