## Cryptology ePrint Archive: Report 2022/018

Pairing-based Accountable Subgroup Multi-signatures with Verifiable Group Setup

Ahmet Ramazan Ağırtaş and Oğuz Yayla

Abstract: An accountable subgroup multi-signature is a kind of multi-signature scheme in which any subgroup S of the group G of potential signers jointly sign a message $m$, ensuring that each member of S is accountable for the resulting signature. In this paper we propose three novel pairing-based accountable subgroup multi-signature (ASM) schemes. In the first one, we use Feldman's verifiable secret sharing scheme as an implicit authentication and proof-of-possession for setting up the group G. In the second one, the members participating in authentication is decided by the subgroup itself. In the third one, we consider a designated combiner managing the authentication process. All schemes that we propose here require fewer computations in signature generation, signature aggregation and verification phases than the pairing-based ASM scheme proposed by Boneh, Drijvers and Neven. Moreover, our first and the third ones solve the open problem of constructing an ASM scheme in which the subgroup S of signers is not known before the signature generation. Besides, we give a method of eliminating the combiner in case of knowing the subgroup of signers S in advance. Further we extend our proposed schemes to aggregated versions. For $n$ accountable subgroup multi-signatures, aggregated versions of our proposed schemes output an aggregated signature with size of a single group element and require $n+1$ pairings in aggregated signature verification, whereas the partial aggregated ASM scheme of Boneh, Drijvers and Neven gives an aggregated signature with size of $n+1$ group elements and requires $2n+1$ pairings in aggregated signature verification.

Category / Keywords: public-key cryptography / multi-signature, accountable subgroup multi-signature, pairing-based cryptography