### The State of the Union: Union-Only Signatures for Data Aggregation

##### Abstract

A union-only signature (UOS) scheme (informally introduced by Johnson et al. at CT-RSA 2002) allows signers to sign sets of messages in such a way that (1) any third party can merge two signatures to derive a signature on the union of the message sets, and (2) no adversary, given a signature on some set, can derive a valid signature on any strict subset of that set (unless it has seen such a signature already). Johnson et al. originally posed building a UOS as an open problem. In this paper, we make two contributions: we give the first formal definition of a UOS scheme, and we give the first UOS constructions. Our main construction uses hashing, regular digital signatures, Pedersen commitments and signatures of knowledge. We provide an implementation that demonstrates its practicality. Our main construction also relies on the hardness of the short integer solution (SIS) problem; we show how that this assumption can be replaced with the use of groups of unknown order. Finally, we sketch a UOS construction using SNARKs; this additionally gives the property that the size of the signature does not grow with the number of merges.

Available format(s)
Category
Public-key cryptography
Publication info
Published elsewhere. SCN 2022
Keywords
homomorphic signaturesunion-only signature schemes anonymity software implementation
Contact author(s)
dfaranha @ cs au dk
fe-research @ nlogn org
sk @ cs au dk
sophia yakoubov @ cs au dk
History
2022-07-04: approved
See all versions
Short URL
https://ia.cr/2022/867

CC BY

BibTeX

@misc{cryptoeprint:2022/867,
author = {Diego F. Aranha and Felix Engelmann and Sebastian Kolby and Sophia Yakoubov},
title = {The State of the Union: Union-Only Signatures for Data Aggregation},
howpublished = {Cryptology ePrint Archive, Paper 2022/867},
year = {2022},
note = {\url{https://eprint.iacr.org/2022/867}},
url = {https://eprint.iacr.org/2022/867}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.