Paper 2020/1484

Cryptanalysis of Aggregate $\Gamma$-Signature and Practical Countermeasures in Application to Bitcoin

Goichiro Hanaoka, Kazuo Ohta, Yusuke Sakai, Bagus Santoso, Kaoru Takemure, and Yunlei Zhao


We present a sub-exponential forger by using a $k$-sum algorithm against the aggregate $\Gamma$-signature, which was proposed at AsiaCCS 2019 by Zhao. Our forger is a universal forger under a key-only attack and effective in the knowledge of secret key model. We also discuss the real impact of this attack in reality with Bitcoin applications. The discussions on the real impact of the attack also highlight the significant differences between the usage of individual signatures like EC-DSA and that of aggregate signatures in the blockchain systems like Bitcoin, which might be of independent interest and could bring forth interesting questions for future investigations.

Available format(s)
Public-key cryptography
Publication info
Preprint. MINOR revision.
k-sum algorithmaggregate signatureuniversal forgeryblockchain
Contact author(s)
takemure @ uec ac jp
yusuke sakai @ aist go jp
santoso bagus @ uec ac jp
kazuo ohta @ uec ac jp
hanaoka-goichiro @ aist go jp
ylzhao @ fudan edu cn
2020-12-15: last of 2 revisions
2020-11-29: received
See all versions
Short URL
Creative Commons Attribution


      author = {Goichiro Hanaoka and Kazuo Ohta and Yusuke Sakai and Bagus Santoso and Kaoru Takemure and Yunlei Zhao},
      title = {Cryptanalysis of Aggregate $\Gamma$-Signature and Practical Countermeasures in Application to Bitcoin},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1484},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.