Paper 2025/2198
Putting Multi into Multi-Signatures: Tight Security for Multiple Signers
Abstract
Multi-signatures enable multiple parties to create a joint signature on the same message. Such schemes aggregate several individual signatures and public keys into a short signature and aggregated public key, and verification is performed on these combined values. Interestingly, all existing notions of unforgeability for multi-signatures are designed with a single honest user in mind, overlooking the multi-user setting that multi-signatures are built for. While multi-user security can be bootstrapped from any single-user secure scheme, the straightforward adoption implies a security loss that is linear in the number of signers n. In this work we therefore start the investigation of multi-signatures with tight multi-user security. We show that none of the existing multi-signatures with tight single-user security seems amendable to the multi-user setting, as all their proofs and design choices exploit the fact that there is only a single honest user. Based on this insight, we then propose two new constructions built from scratch with multi-user security in mind: Skewer-NI, a non-interactive and pairing-based scheme, and Skewer-PF, a pairing-free and two-round construction. We prove both schemes tightly secure under the DDH assumption in the ROM. Both schemes also improve the state-of-the-art in another aspect: they support the feature of key aggregation. Skewer-NI is the first non-interactive tightly secure multi-signature with this feature. In the pairing-free two-round setting, Skewer-PF is the first to combine tight multi-user security with key aggregation where the only prior result, due to Bacho and Wagner (CRYPTO’25), achieved aggregation but only in the single-user case.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- A major revision of an IACR publication in EUROCRYPT 2026
- Contact author(s)
-
anja lehmann @ hpi de
cavit oezbay @ hpi de - History
- 2026-02-24: revised
- 2025-12-04: received
- See all versions
- Short URL
- https://ia.cr/2025/2198
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2025/2198,
author = {Anja Lehmann and Cavit Özbay},
title = {Putting Multi into Multi-Signatures: Tight Security for Multiple Signers},
howpublished = {Cryptology {ePrint} Archive, Paper 2025/2198},
year = {2025},
url = {https://eprint.iacr.org/2025/2198}
}