Identity-Based Aggregate Signatures

Gentry, Craig; Ramzan, Zulfikar

doi:10.1007/11745853_17

Cited by 236 publications

(176 citation statements)

References 27 publications

Supporting

Mentioning

166

Contrasting

Order By: Relevance

“…Furthermore, our scheme allows signatures on the same message from x signers to be aggregated into an IB-B-MS of t + 1 group elements. We notice that, when t = 1, our scheme degenerates into the multi-signature of Gentry and Ramzan [17].…”

Section: Building Blockmentioning

confidence: 98%

Identity-Based Authenticated Asymmetric Group Key Agreement Protocol

Zhang

Qin

et al. 2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In identity-based public-key cryptography, an entity's public key can be easily derived from its identity. The direct derivation of public keys in identity-based public-key cryptography eliminates the need for certificates and solves certain public key management problems in traditional public-key cryptosystems. Recently, the notion of asymmetric group key agreement was introduced, in which the group members merely negotiate a common encryption key which is accessible to any entity, but they hold respective secret decryption keys. In this paper, we first propose a security model for identity-based authenticated asymmetric group key agreement (IB-AAGKA) protocols. We then propose an IB-AAGKA protocol which is proven secure under the Bilinear Diffie-Hellman Exponent assumption. Our protocol is also efficient, and readily adaptable to provide broadcast encryption.

show abstract

Section: Building Blockmentioning

confidence: 98%

Identity-Based Authenticated Asymmetric Group Key Agreement Protocol

Zhang

Qin

et al. 2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…The concept of synchronized aggregate signature was introduced by Gentry and Ramzan [22]. In synchronized aggregate signature, all signers have synchronized time information and individual signatures generated by different signers within the same time period can be aggregated into a short aggregate signature.…”

Section: Related Workmentioning

confidence: 99%

“…Boneh et al proposed the first full aggregate signature scheme in bilinear groups and proved its security in the random oracle model under the CDH assumption. After the introduction of aggregate signatures, various types of aggregate signatures such as sequential aggregate signatures [8,9,15,20,23,[27][28][29]32] and synchronized aggregate signatures [1,22] were proposed. PKAS has numerous applications.…”

Section: Introductionmentioning

confidence: 99%

“…An ideal solution for this problem is to use identity-based aggregate signature (IBAS) that represents the public key of a signer as an identity string. However, IBAS requires a trust structure different from public key infrastructure, namely, the existence of an additional trusted authority, (the current IBAS schemes are in [9,22,23] and are all secure in the random oracle model.) To construct a PKAS scheme with short public keys, Schröder proposed a sequential aggregate signature scheme with short public keys based on the CL signature scheme [33].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Aggregating CL-Signatures Revisited: Extended Functionality and Better Efficiency

Lee

Yung

2013

Financial Cryptography and Data Security

View full text Add to dashboard Cite

Aggregate signature is public-key signature that allows anyone to aggregate different signatures generated by different signers on different messages into a short (called aggregate) signature. The notion has many applications where compressing the signature space is important: secure routing protocols, compressed certificate chain signature, software module authentications, and secure high-scale repositories and logs for financial transactions. In spite of its importance, the state of the art of the primitive is that it has not been easy to devise a suitable aggregate signature scheme that satisfies the conditions of real applications, with reasonable parameters: short public key size, short aggregate signatures size, and efficient aggregate signing/verification. In this paper, we propose aggregate signature schemes based on the Camenisch-Lysyanskaya (CL) signature scheme (Crypto 2004) whose security is reduced to that of CL signature which substantially improve efficiency conditions for real applications.• We first propose an efficient sequential aggregate signature scheme with the shortest size public key, to date, and very efficient aggregate verification requiring only a constant number of pairing operations and l number of exponentiations (l being the number of signers).• Next, we propose an efficient synchronized aggregate signature scheme with a very short public key size, and with the shortest (to date) size of aggregate signatures among synchronized aggregate signature schemes. Signing and aggregate verification are very efficient: they take constant number of pairing operations and l number of exponentiations, as well.• Finally, we introduce a new notion of aggregate signature named combined aggregate signature that allows a signer to dynamically use two modes of aggregation "sequential" and "synchronized," employing the same private/public key. We also present an efficient combined aggregate signature based on our previous two aggregate signature schemes. This combined-mode scheme allows for application flexibility depending on real world scenario: For example, it can be used sequentially to sign incrementally generated legal documents, and synchronously to aggregate the end-of-day logs of all branches of an institute into a single location with a single aggregate signature.

show abstract

“…In 2001, Boneh and Franklin [2] proposed a secure and efficient ID-based encryption scheme on the random oracle model. At present, there are many types of ID-based signature schemes, such as ID-based ring signature [3], ID-based aggregate signature [4].…”

Section: Introductionmentioning

confidence: 99%

A New ID-based Designated Verifier Proxy Multi-Signature Scheme

Cui¹,

Wen²

2011

IJCTE

View full text Add to dashboard Cite

Abstract-Proxy multi-signature allows a proxy signer to generate signatures on behalf of a group of original signers. In a designated verifier signature scheme, the signature only can be verified by a designated person. In this paper, we give the model of ID-based designated verifier proxy multi-signature and present a new ID-based designated verifier proxy multisignature scheme. Its security is based on the computational Diffie-Hellman (CDH) problem and it is highly efficient.Index Terms-proxy multi-signature, designated verifier, ID-based I. INTRODUCTIONThe concept of identity(ID)-based cryptosystem was first introduced by Shamir [1] in 1984 where, a user's public key is derived from his/her identity such as his/her name, address or E-mail, etc. The user's private key is generated by a private key generator (PKG). Application of identity-based crypto-system can avoid the use of public key certificates, so it can save system resources and improve the efficiency. In 1996, Jakobasson et al. [5] presented the concept of designated verifier signature. In designated verifier signature, only the designated verifier specified by the signer can check the validity of the signature. This kind of signature mechanism can be widely used in e-commerce and e-government, because it can solve the collision of the authen-tication and the privacy effectively. Sadeenia et al. [6] proposed the strong designated verifier signature scheme, which forces the designated verifier to use his/her private key in verification phase. Then, many designated verifier signature schemes were proposed where many ID-based signature schemes [7][8][9]. Recently, Kang et al. [10] pointed out Zhang-Mao's scheme [9] can not satisfy the strong property.The proxy signature primitive and first efficient solution were first introduced by Mambo et al. [11] in 1996, which allows the original signer to delegate his/her signing right to the proxy signer. Afterwards, a lot of proxy signature

show abstract

Identity-Based Aggregate Signatures

Cited by 236 publications

References 27 publications

Identity-Based Authenticated Asymmetric Group Key Agreement Protocol

Identity-Based Authenticated Asymmetric Group Key Agreement Protocol

Aggregating CL-Signatures Revisited: Extended Functionality and Better Efficiency

A New ID-based Designated Verifier Proxy Multi-Signature Scheme

Contact Info

Product

Resources

About