Paper 2025/2198

Putting Multi into Multi-Signatures: Tight Security for Multiple Signers

Anja Lehmann, Hasso Plattner Institute, University of Potsdam
Cavit Özbay, Hasso Plattner Institute, University of Potsdam
Abstract

Multi-signatures enable multiple parties to create a joint signature on the same message. Such schemes aggregate several individual signatures and public keys into a short signature and aggregated public key, and verification is performed on these combined values. Interestingly, all existing notions of unforgeability for multi-signatures are designed with a single honest user in mind, overlooking the multi-user setting that multi-signatures are built for. While multi-user security can be bootstrapped from any single-user secure scheme, the straightforward adoption implies a security loss that is linear in the number of signers n. In this work we therefore start the investigation of multi-signatures with tight multi-user security. We show that none of the existing multi-signatures with tight single-user security seems amendable to the multi-user setting, as all their proofs and design choices exploit the fact that there is only a single honest user. Based on this insight, we then propose two new constructions built from scratch with multi-user security in mind: Skewer-NI, a non-interactive and pairing-based scheme, and Skewer-PF, a pairing-free and two-round construction. We prove both schemes tightly secure under the DDH assumption in the ROM. Both schemes also improve the state-of-the-art in another aspect: they support the feature of key aggregation. Skewer-NI is the first non-interactive tightly secure multi-signature with this feature. In the pairing-free two-round setting, Skewer-PF is the first to combine tight multi-user security with key aggregation where the only prior result, due to Bacho and Wagner (CRYPTO’25), achieved aggregation but only in the single-user case.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
A major revision of an IACR publication in EUROCRYPT 2026
Contact author(s)
anja lehmann @ hpi de
cavit oezbay @ hpi de
History
2026-02-24: revised
2025-12-04: received
See all versions
Short URL
https://ia.cr/2025/2198
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2025/2198,
      author = {Anja Lehmann and Cavit Özbay},
      title = {Putting Multi into Multi-Signatures: Tight Security for Multiple Signers},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/2198},
      year = {2025},
      url = {https://eprint.iacr.org/2025/2198}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.