Abstract
A union-only signature (UOS) scheme (informally introduced by Johnson et al. at CT-RSA 2002) allows signers to sign sets of messages in such a way that (1) any third party can merge two signatures to derive a signature on the union of the message sets, and (2) no adversary, given a signature on some set, can derive a valid signature on any strict subset of that set (unless it has seen such a signature already).
Johnson et al. originally posed building a UOS as an open problem. In this paper, we make two contributions: we give the first formal definition of a UOS scheme, and we give the first UOS constructions. Our main construction uses hashing, regular digital signatures, Pedersen commitments and signatures of knowledge. We provide an implementation that demonstrates its practicality. Our main construction also relies on the hardness of the short integer solution (SIS) problem; we show how that this assumption can be replaced with the use of groups of unknown order. Finally, we sketch a UOS construction using SNARKs; this additionally gives the property that the size of the signature does not grow with the number of merges. (A full version of this paper, with all proofs and preliminaries, is available on the ePrint Archive).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Global Biodiversity Information Facility: https://www.gbif.org/.
- 2.
A signer might want to sign an empty message set, if she is contributing the signature solely for the purposes of expanding the others’ anonymity set. If this is the case, and the message set is empty, a placeholder message \(\bot \) outside of the message space is added.
- 3.
If the order of the group \(\mathbb {G}\) is known, the sum can be computed modulo that order.
References
Abiteboul, S., Cautis, B., Fiat, A., Milo, T.: Digital signatures for modifiable collections. In: ARES, pp. 390–399. IEEE Computer Society (2006)
Ahn, J.H., Boneh, D., Camenisch, J., Hohenberger, S., shelat, A., Waters, B.: Computing on authenticated data. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 1–20. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28914-9_1
Ajtai, M.: Generating hard instances of lattice problems (extended abstract). In: 28th ACM STOC, pp. 99–108. ACM Press, May 1996. https://doi.org/10.1145/237814.237838
Albrecht, M.R., Cid, C., Faugère, J.-C., Fitzpatrick, R., Perret, L.: On the complexity of the BKW algorithm on LWE. Cryptology ePrint Archive, Report 2012/636(2012). https://eprint.iacr.org/2012/636
Altuğ, S.A., Chen, Y.: Hard isogeny problems over RSA moduli and groups with infeasible inversion. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11922, pp. 293–322. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34621-8_11
Aranha, D.F., Hall-Andersen, M., Nitulescu, A., Pagnin, E., Yakoubov, S.: Count me in! extendability for threshold ring signatures. Cryptology ePrint Archive, Report 2021/1240 (2021). https://ia.cr/2021/1240
Aranha, D.F., Pagnin, E.: The simplest multi-key linearly homomorphic signature scheme. In: Schwabe, P., Thériault, N. (eds.) LATINCRYPT 2019. LNCS, vol. 11774, pp. 280–300. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30530-7_14
Barbulescu, R., Duquesne, S.: Updating key size estimations for pairings. J. Cryptol. 32(4), 1298–1336 (2018). https://doi.org/10.1007/s00145-018-9280-5
Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 124–142. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_9
Boneh, D., Freeman, D., Katz, J., Waters, B.: Signing a linear subspace: signature schemes for network coding. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 68–87. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00468-1_5
Catalano, D., Fiore, D.: Using linearly-homomorphic encryption to evaluate degree-2 functions on encrypted data. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015, pp. 1518–1529. ACM Press, October 2015. https://doi.org/10.1145/2810103.2813624
Dobson, S., Galbraith, S.D., Smith, B.: Trustless unknown-order groups. Math. Cryptol. 1(2), 25–39 (2021). https://journals.flvc.org/mathcryptology/issue/view/6013
Engelmann, F., Müller, L., Peter, A., Kargl, F., Bösch, C.: SwapCT: swap confidential transactions for privacy-preserving multi-token exchanges. PoPETs 2021(4), 270–290 (2021). https://doi.org/10.2478/popets-2021-0070
Hohenberger, S.R.: The cryptographic impact of groups with infeasible inversion. Master’s thesis, Massachusetts Institute of Technology (2003). http://hdl.handle.net/1721.1/87357
Johnson, R., Molnar, D., Song, D., Wagner, D.: Homomorphic signature schemes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 244–262. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45760-7_17
Kaaniche, N., Jung, E., Gehani, A.: Efficiently validating aggregated IoT data integrity. In: BigDataService, pp. 260–265. IEEE Computer Society (2018)
Kosba, A., et al.: C \(\emptyset \) c \(\emptyset \): a framework for building composable zero-knowledge proofs. Cryptology ePrint Archive (2015)
Micciancio, D., Regev, O.: Worst-case to average-case reductions based on Gaussian measures. In: 45th FOCS, pp. 372–381. IEEE Computer Society Press, October 2004. https://doi.org/10.1109/FOCS.2004.72
Molnar, D.: Homomorphic signature schemes (2003). BSc. Senior thesis. Harvard College. https://www.dmolnar.com/papers/papers.html
Pöhls, H.C., Samelin, K., Posegga, J., de Meer, H.: Transparent mergeable redactable signatures with signer commitment and applications. Inst. IT-Security Security-Law, Univ. Passau, Passau, Germany (2012)
Pöhls, H.C., Samelin, K.: On updatable redactable signatures. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 457–475. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07536-5_27
Rabi, M., Sherman, A.T.: Associative one-way functions: a new paradigm for secret-key agreement and digital signatures. Technical report, University of Maryland Institute for Advanced Studies (1993). cS-TR-3183/UMIACS-/R-93-124
Traverso, G., Demirel, D., Buchmann, J.: Homomorphic Signature Schemes - A Survey. Springer Briefs in Computer Science, Springer, Cham (2016). https://doi.org/10.1007/978-3-319-32115-8
Yamakawa, T., Yamada, S., Hanaoka, G., Kunihiro, N.: Self-bilinear map on unknown order groups from indistinguishability obfuscation and its applications. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 90–107. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44381-1_6
Acknowledgements
This work was partially funded by the Carlsberg Foundation under the Semper Ardens Research Project CF18-112 (BCM), the Sapere Aude: DFF-Starting Grant number 0165-00079B “Foundations of Privacy Preserving and Accountable Decentralized Protocols” and by the European Research Council (ERC) under the European Unions’s Horizon 2020 research and innovation programme under grant agreement No. 669255 (MPCPRO) and No. 803096 (SPEC). The first author acknowledges support from the Concordium Blockchain Research Center (COBRA) and the DIGIT Centre for Digitalisation, Big Data and Data Analytics at Aarhus University.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Aranha, D.F., Engelmann, F., Kolby, S., Yakoubov, S. (2022). The State of the Union: Union-Only Signatures for Data Aggregation. In: Galdi, C., Jarecki, S. (eds) Security and Cryptography for Networks. SCN 2022. Lecture Notes in Computer Science, vol 13409. Springer, Cham. https://doi.org/10.1007/978-3-031-14791-3_17
Download citation
DOI: https://doi.org/10.1007/978-3-031-14791-3_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-14790-6
Online ISBN: 978-3-031-14791-3
eBook Packages: Computer ScienceComputer Science (R0)