Compact Multi-signatures for Smaller Blockchains

Boneh, Dan; Drijvers, Manu; Neven, Gregory

doi:10.1007/978-3-030-03329-3_15

Cited by 199 publications

(143 citation statements)

References 39 publications

Supporting

Mentioning

143

Contrasting

Order By: Relevance

“…Moreover, transactions marked as "Payments" also include the address of the transacting merchant τ m , a monotonically 1 Boneh et al's scheme utilises specific bilinear pairings where there is an efficiently computable isomorphism between G and H which are not implemented over Ethereum. However, Boneh et al [36] observed that the proof of security does still apply with respect to the more commonly used pairings under a stronger cryptographic assumption. We assume the signature scheme is implemented with regards to bilinear groups with no known isomorphism.…”

Section: B Data Structuresmentioning

confidence: 99%

Snappy: Fast On-chain Payments with Practical Collaterals

Mavroudis¹,

Wüst²,

Dhar³

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Permissionless blockchains offer many advantages but also have significant limitations including high latency. This prevents their use in important scenarios such as retail payments, where merchants should approve payments fast. Prior works have attempted to mitigate this problem by moving transactions off the chain. However, such Layer-2 solutions have their own problems: payment channels require a separate deposit towards each merchant and thus significant locked-in funds from customers; payment hubs require very large operator deposits that depend on the number of customers; and side-chains require trusted validators.In this paper, we propose Snappy, a novel solution that enables recipients, like merchants, to safely accept fast payments. In Snappy, all payments are on the chain, while small customer collaterals and moderate merchant collaterals act as payment guarantees. Besides receiving payments, merchants also act as statekeepers who collectively track and approve incoming payments using majority voting. In case of a double-spending attack, the victim merchant can recover lost funds either from the collateral of the malicious customer or a colluding statekeeper (merchant). Snappy overcomes the main problems of previous solutions: a single customer collateral can be used to shop with many merchants; merchant collaterals are independent of the number of customers; and validators do not have to be trusted. Our Ethereum prototype shows that safe, fast (<2 seconds) and cheap payments are possible on existing blockchains.

show abstract

Section: B Data Structuresmentioning

confidence: 99%

Snappy: Fast On-chain Payments with Practical Collaterals

Mavroudis¹,

Wüst²,

Dhar³

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…When a delay is not acceptable, the signatures of different parties can be combined to a shorter one, generated by aggregate signature schemes [12]. When the aggregate signature is valid, it means that all servers authenticated it.…”

Section: B Related Workmentioning

confidence: 99%

Repeat-Authenticate Scheme for Multicasting of Blockchain Information in IoT Systems

Danzi

Kalør

Stefanović

et al. 2019

2019 IEEE Globecom Workshops (GC Wkshps)

View full text Add to dashboard Cite

We study the problem of efficiently disseminating authenticated blockchain information from blockchain nodes (servers) to Internet of Things (IoT) devices, through a wireless base station (BS). In existing blockchain protocols, upon generation of a new block, each IoT device receives a copy of the block header, authenticated via digital signature by one or more trusted servers. Since it relies on unicast transmissions, the required communication resources grow linearly with the number of IoT devices. We propose a more efficient scheme, in which a single copy of each block header is multicasted, together with the signatures of servers. In addition, if IoT devices tolerate a delay, we exploit the blockchain structure to amortize the authentication in time, by transmitting only a subset of signature in each block period. Finally, the BS sends redundant information, via a repetition code, to deal with the unreliable wireless channel, with the aim of decreasing the amount of feedback required from IoT devices. Our analysis shows the trade-off between timely authentication of blocks and reliability of the communication, depending on the packet loss rate offered by the channel. The numerical results show that the performance benefits of the proposed scheme makes it a viable starting point for designing new lightweight protocols for blockchains.

show abstract

“…In contrast to aggregate signature, multisignature scheme allows multisigners to jointly sign only one message. This scheme was first introduced in [36], and then it has been the topic of many other works such as [25,[37][38][39][40][41][42][43], to name a few. At ACM CCS'01, Micali el al.…”

Section: Signaturementioning

confidence: 99%

“…In [25], the authors defined a multisignature scheme with public key aggregation, for which all public keys of signers in the aggregating set are aggregated into a short aggregate public key through a new additional Key Aggregation algorithm. The advantage of this scheme is that the verifier can only take a constant-size of input (multisignature and aggregate public key) to verify the multisignature, which were showed in [25,43] that this type of scheme can be applied well to the Bitcoin blockchain application. However, the downside of this scheme is that each aggregating set of signers needs to publish in advance its aggregate public key.…”

Section: Signaturementioning

confidence: 99%

See 1 more Smart Citation

A Short Server-Aided Certificateless Aggregate Multisignature Scheme in the Standard Model

Trinh

2019

Security and Communication Networks

View full text Add to dashboard Cite

Aggregate signature scheme allows each signer to sign a different message and then all those signatures are aggregated into a single short signature. In contrast, multisignature scheme allows multisigners to jointly sign only one message. Aggregate multisignature scheme is a combination of both aforementioned signature schemes, where signers can choose to generate either a multisignature or an aggregate signature. This combination scheme has many concrete application scenarios such as Bitcoin blockchain, Healthcare, Multicast Acknowledgment Aggregation, and so on. On the other hand, to deal with the problems of expensive certificates in certified public key cryptography and key escrow in identity-based cryptography, the notion of certificateless public key cryptography has been introduced by Riyami and Paterson at Asiacrypt'03. In this paper, we propose the first certificateless aggregate multisignature scheme that achieves the constant-size of signature and is secure in the standard model under a generalization of the Diffie-Hellman exponent assumption. In our scheme, however, the signature is generated with the help of the authority.

show abstract

Compact Multi-signatures for Smaller Blockchains

Cited by 199 publications

References 39 publications

Snappy: Fast On-chain Payments with Practical Collaterals

Snappy: Fast On-chain Payments with Practical Collaterals

Repeat-Authenticate Scheme for Multicasting of Blockchain Information in IoT Systems

A Short Server-Aided Certificateless Aggregate Multisignature Scheme in the Standard Model

Contact Info

Product

Resources

About