Skip to main content
SpringerLink
Log in

Achieving Pairing-Free Aggregate Signatures using Pre-Communication between Signers

  • Conference paper
  • First Online:
Book cover Provable and Practical Security (ProvSec 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12505))

Included in the following conference series:

Abstract

Most aggregate signature schemes are relying on pairings, but high computational and storage costs of pairings limit the feasibility of those schemes in practice. Zhao proposed the first pairing-free aggregate signature scheme (AsiaCCS 2019). However, the security of Zhao’s scheme is based on the hardness of a newly introduced non-standard computational problem. The recent impossibility results of Drijvers et al. (IEEE S&P 2019) on two-round pairing-free multi-signature schemes whose security based on the standard discrete logarithm (DL) problem has strengthened the view that constructing a pairing-free aggregate signature scheme which is proven secure based on standard problems such as DL problem is indeed a challenging open problem.

In this paper, we offer a novel solution to this open problem. We introduce a new paradigm of aggregate signatures, i.e., aggregate signatures with an additional pre-communication stage. In the pre-communication stage, each signer interacts with the aggregator to agree on a specific random value before deciding messages to be signed. We also discover that the impossibility results of Drijvers et al. apply if the adversary can decide the whole randomness part of any individual signature. Based on the new paradigm and our discovery of the applicability of the impossibility result, we propose a pairing-free aggregate signature scheme such that any individual signature includes a random nonce which can be freely generated by the signer. We prove the security of our scheme based on the hardness of the standard DL problem. As a trade-off, in contrast to the plain public-key model, which Zhao’s scheme uses, we employ a more restricted key setup model, i.e., the knowledge of secret-key model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    It should be noted that an aggregate signature schemes or a multi-signature do not have to have all the three stages.

  2. 2.

    The KOSK model is essential because there is a sub-exponential attack against this scheme in the plain PK model by using k-sum algorithm as in  [10]. For more detail of this attack, see the full version of this paper.

  3. 3.

    For the convenience of considering multiple users, we added the public key to the input of the hash function.

  4. 4.

    If we set \(m_1=m_2=\cdots =m_n\), then we can see it as multi-signatures.

  5. 5.

    In [5], Bellare and Neven consider the case where there are several public keys with the same values.

  6. 6.

    Here, we implicitly assumed the same restriction as we assumed in Sect. 1.3 for discussing Bellare-Neven’s approach to the difficulty (III). However, this restriction can be removed in the actual proof of this proposed scheme. For detail, see the security model in Sect. 3.1.

  7. 7.

    This restriction is essential. If this restriction is omitted, there is an attack against our proposed scheme. See Remark 1 for more detail.

References

  1. Ahn, J.H., Green, M., Hohenberger, S.: Synchronized aggregate signatures: new definitions, constructions and applications. In: CCS 2010, pp. 473–484 (2010)

    Google Scholar 

  2. Bagherzandi, A., Cheon, J.H., Jarecki, S.: Multisignatures secure under the discrete logarithm assumption and a generalized forking lemma. In: CCS 2008, pp. 449–458 (2008)

    Google Scholar 

  3. El Bansarkhani, R., Mohamed, M.S.E., Petzoldt, A.: MQSAS - a multivariate sequential aggregate signature scheme. In: Bishop, M., Nascimento, A.C.A. (eds.) ISC 2016. LNCS, vol. 9866, pp. 426–439. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45871-7_25

    Chapter  Google Scholar 

  4. Bellare, M., Namprempre, C., Neven, G.: Unrestricted aggregate signatures. In: Arge, L., Cachin, C., Jurdziński, T., Tarlecki, A. (eds.) ICALP 2007. LNCS, vol. 4596, pp. 411–422. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73420-8_37

    Chapter  Google Scholar 

  5. Bellare, M., Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In: CCS 2006, pp. 390–399 (2006)

    Google Scholar 

  6. Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the gap-diffie-hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36288-6_3

    Chapter  Google Scholar 

  7. Boldyreva, A., Gentry, C., O’Neill, A., Yum, D.H.: Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing. In: CCS 2007, pp. 276–285 (2007)

    Google Scholar 

  8. Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 416–432. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_26

    Chapter  Google Scholar 

  9. Brogle, K., Goldberg, S., Reyzin, L.: Sequential aggregate signatures with lazy verification from trapdoor permutations. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 644–662. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_39

    Chapter  Google Scholar 

  10. Drijvers, M., et al.: On the security of two-round multi-signatures. In: IEEE S&P 2019, pp. 1084–1101 (2019)

    Google Scholar 

  11. Drijvers, M., Gorbunov, S., Neven, G., Wee, H.: Pixel: multi-signatures for consensus. In: IACR Cryptology ePrint Archive 2019, p. 514 (2019)

    Google Scholar 

  12. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: CRYPTO 1986, pp. 186–194 (1986)

    Google Scholar 

  13. Fischlin, M., Lehmann, A., Schröder, D.: History-free sequential aggregate signatures. In: Visconti, I., De Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 113–130. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32928-9_7

    Chapter  Google Scholar 

  14. Gentry, C., Ramzan, Z.: Identity-based aggregate signatures. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 257–273. Springer, Heidelberg (2006). https://doi.org/10.1007/11745853_17

    Chapter  Google Scholar 

  15. Guillevic, A.: A short-list of pairing-friendly curves resistant to special TNFS at the 128-bit security level. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020. LNCS, vol. 12111, pp. 535–564. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45388-6_19

    Chapter  Google Scholar 

  16. Hohenberger, S., Koppula, V., Waters, B.: Universal signature aggregators. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 3–34. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_1

    Chapter  Google Scholar 

  17. Hohenberger, S., Sahai, A., Waters, B.: Full domain hash from (leveled) multilinear maps and identity-based aggregate signatures. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 494–512. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_27

    Chapter  Google Scholar 

  18. Hohenberger, S., Waters, B.: Synchronized aggregate signatures from the RSA assumption. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 197–229. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_7

    Chapter  Google Scholar 

  19. Kim, T., Barbulescu, R.: Extended tower number field sieve: a new complexity for the medium prime case. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 543–571. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_20

    Chapter  Google Scholar 

  20. Lee, K., Lee, D.H., Yung, M.: Sequential aggregate signatures made shorter. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 202–217. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38980-1_13

    Chapter  Google Scholar 

  21. Lu, S., Ostrovsky, R., Sahai, A., Shacham, H., Waters, B.: Sequential aggregate signatures and multisignatures without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 465–485. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_28

    Chapter  Google Scholar 

  22. Lysyanskaya, A., Micali, S., Reyzin, L., Shacham, H.: Sequential aggregate signatures from trapdoor permutations. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 74–90. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_5

    Chapter  Google Scholar 

  23. Ma, D., Tsudik, G.: Extended abstract: forward-secure sequential aggregate authentication. In: S&P 2007, pp. 86–91 (2007)

    Google Scholar 

  24. Maurer, U.M.: Abstract models of computation in cryptography. In: IMA 2005, pp. 1–12 (2005)

    Google Scholar 

  25. Micali, S., Ohta, K., Reyzin, L.: Accountable-subgroup multisignatures: extended abstract. In: CCS 2001, pp. 245–254 (2001)

    Google Scholar 

  26. Neven, G.: Efficient sequential aggregate signed data. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 52–69. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_4

    Chapter  Google Scholar 

  27. Ristenpart, T., Yilek, S.: The power of proofs-of-possession: securing multiparty signatures against rogue-key attacks. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 228–245. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72540-4_13

    Chapter  Google Scholar 

  28. Schnorr, C.: Efficient identification and signatures for smart cards. In: CRYPTO 1989, pp. 239–252 (1989)

    Google Scholar 

  29. Syta, E., et al.: Keeping authorities “honest or bust” with decentralized witness cosigning. In: S&P 2016, pp. 526–545 (2016)

    Google Scholar 

  30. Xu, J., Zhang, Z., Feng, D.: ID-based aggregate signatures from bilinear pairings. In: Desmedt, Y.G., Wang, H., Mu, Y., Li, Y. (eds.) CANS 2005. LNCS, vol. 3810, pp. 110–119. Springer, Heidelberg (2005). https://doi.org/10.1007/11599371_10

    Chapter  Google Scholar 

  31. Yao, A.C., Zhao, Y.: Online/offline signatures for low-power devices. IEEE Trans. Inf. Forensics Secur. 8(2), 283–294 (2013)

    Article  MathSciNet  Google Scholar 

  32. Zhao, Y.: Practical aggregate signature from general elliptic curves, and applications to blockchain. In: AsiaCCS, 2019, pp. 529–538 (2019)

    Google Scholar 

Download references

Acknowledgments

This paper is based on results obtained from a project commissioned by the New Energy and Industrial Technology Development Organization (NEDO). This work was supported by JST CREST Grant Number JPMJCR19F6, Japan. This work was supported by JSPS KAKENHI Grant Numbers JP18H01438, JP18H03238, JP18H05289, JP18K11292, JP18K11293, JP18K18055, JP19H01109. We are grateful to an anonymous reviewer, who pointed out subtleties in the security definition of aggregate signatures with pre-communication.

Author information

Authors and Affiliations

  1. The University of Electro-Communications, Tokyo, Japan

    Kaoru Takemure, Bagus Santoso & Kazuo Ohta

  2. National Institute of Advanced Industrial Science and Technology (AIST), Tokyo, Japan

    Kaoru Takemure, Yusuke Sakai, Goichiro Hanaoka & Kazuo Ohta

Authors
  1. Kaoru Takemure
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yusuke Sakai
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bagus Santoso
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Goichiro Hanaoka
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Kazuo Ohta
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Nanyang Technological University, Singapore, Singapore

    Khoa Nguyen

  2. Chinese Academy of Sciences, Beijing, China

    Wenling Wu

  3. Nanyang Technological University, Singapore, Singapore

    Kwok Yan Lam

  4. Nanyang Technological University, Singapore, Singapore

    Huaxiong Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Takemure, K., Sakai, Y., Santoso, B., Hanaoka, G., Ohta, K. (2020). Achieving Pairing-Free Aggregate Signatures using Pre-Communication between Signers. In: Nguyen, K., Wu, W., Lam, K.Y., Wang, H. (eds) Provable and Practical Security. ProvSec 2020. Lecture Notes in Computer Science(), vol 12505. Springer, Cham. https://doi.org/10.1007/978-3-030-62576-4_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-62576-4_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-62575-7

  • Online ISBN: 978-3-030-62576-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation