Linear Lossy Identification Scheme derives Tightly-Secure Multisignature

Fukumitsu, Masayuki; Hasegawa, Shingo

doi:10.1109/asiajcis50894.2020.00016

Cited by 2 publications

(1 citation statement)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thus a tight security proof makes the parameter of the scheme be compact as that of the underlying cryptographic assumption. Although several multisignature schemes with tight security have been proposed in [1,19,8,9,21], none of them support the public-key aggregation. Therefore, constructing a multisignature with public-key aggregation having a tight security proof is an important open question.…”

Section: Introductionmentioning

confidence: 99%

A Tightly Secure DDH-based Multisignature with Public-Key Aggregation

Fukumitsu

Hasegawa

2021

IJNC

Self Cite

View full text Add to dashboard Cite

From the birth of the blockchain technology, multisignatures attract much attention as a tool for handling blockchain transactions. Concerning the application to the blockchain, multisignatures with public-key aggregation, which can compress public keys of signers to a single public key, is preferable to the standard multisignature because the public keys and the signature used in a transaction are stored to verify the transaction later. Several multisignature schemes with public key aggregation are proposed, however, there are no known schemes having a tight security reduction.We propose a first multisignature with public-key aggregation whose security is proven to be tightly secure under the DDH assumption in the random oracle model. Our multisignature is based on the DDH-based multisignature by Le, Yang, and Ghorbani, however, our security proof is different from theirs. The idea of our security proof originates from another DDH-based multisignature by Le, Bonnecaze, and Gabillon whose security proof is tightly one. By tailoring their security proof to a setting which admits the public-key aggregation, we can prove the tight security of our multisignature.

show abstract