### Sequential Aggregate Signatures with Short Public Keys: Design, Analysis and Implementation Studies

Kwangsu Lee, Dong Hoon Lee, and Moti Yung

##### Abstract

The notion of aggregate signature has been motivated by applications and it enables any user to compress different signatures signed by different signers on different messages into a short signature. Sequential aggregate signature, in turn, is a special kind of aggregate signature that only allows a signer to add his signature into an aggregate signature in sequential order. This latter scheme has applications in diversified settings, such as in reducing bandwidth of a certificate chains, and in secure routing protocols. Lu, Ostrovsky, Sahai, Shacham, and Waters presented the first sequential aggregate signature scheme in the standard (non idealized ROM) model. The size of their public key, however, is quite large (i.e., the number of group elements is proportional to the security parameter), and therefore they suggested as an open problem the construction of such a scheme with short keys. Schröder recently proposed a sequential aggregate signature (SAS) with short public keys using the Camenisch-Lysyanskaya signature scheme, but the security is only proven under an interactive assumption (which is considered a relaxed notion of security). In this paper, we propose the first sequential aggregate signature scheme with short public keys (i.e., a constant number of group elements) in prime order (asymmetric) bilinear groups which is secure under static assumptions in the standard model. Further, our scheme employs constant number of pairing operation per message signing and message verification operation. Technically, we start with a public key signature scheme based on the recent dual system encryption technique of Lewko and Waters. This technique cannot give directly an aggregate signature scheme since, as we observed, additional elements should be published in the public key to support aggregation. Thus, our construction is a careful augmentation technique for the dual system technique to allow it to support a sequential aggregate signature scheme via randomized verification. We further implemented our scheme and conducted a performance study and implementation optimization.

Available format(s)
Category
Public-key cryptography
Publication info
Published elsewhere. PKC 2013
Keywords
Public key signatureAggregate signatureDual system encryptionBilinear pairing
Contact author(s)
guspin lee @ gmail com
History
2012-12-17: last of 2 revisions
See all versions
Short URL
https://ia.cr/2012/518

CC BY

BibTeX

@misc{cryptoeprint:2012/518,
author = {Kwangsu Lee and Dong Hoon Lee and Moti Yung},
title = {Sequential Aggregate Signatures with Short Public Keys: Design, Analysis and Implementation Studies},
howpublished = {Cryptology ePrint Archive, Paper 2012/518},
year = {2012},
note = {\url{https://eprint.iacr.org/2012/518}},
url = {https://eprint.iacr.org/2012/518}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.