Alexandra Boldyreva
ABSTRACT
We construct new multiparty signature schemes that allow multiple signers to sequentially produce a compact, fixed-length signature simultaneously attesting to the message(s) they want to sign. First, we introduce a new primitive that we call ordered multisignatures (OMS), which allow signers to attest to a common message as well as the order in which they signed. Our OMS construction substantially improves computational efficiency over any existing scheme with comparable functionality. Second, we design a new identity-based sequential aggregate signature scheme, where signers can attest to different messages and signature verification does not require knowledge of traditional public keys. The latter property permits savings on bandwidth and storage as compared to public-key solutions. In contrast to the only prior scheme to provide this functionality, ours offers improved security that does not rely on synchronized clocks or a trusted first signer. Security proofs according to the corresponding security definitions and under appropriate computational assumptions are provided for all the proposed schemes. We give several applications of our schemes to secure network routing, and we believe that they will find many other applications as well.
- W. Aiello, J. Ioannidis, and P. McDaniel. Origin authentication in interdomain routing. In ACM CCS, 2003. Google Scholar
Digital Library
- M.-H. Au, W. Susilo, and Y. Mu. Practical compact e-cash. Cryptology ePrint Archive, Report 2007/148, 2007. http://eprint.iacr.org/.Google Scholar
- M. Bellare and G. Neven. Multi-signatures in the plain public-key model and a general forking lemma. In ACM CCS, 2006. Google ScholarDigital Library
- M. Bellare and G. Neven. Identity-based multi-signatures from RSA. In CT-RSA, 2007. Google ScholarDigital Library
- M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In ACM CCS, 1993. Google ScholarDigital Library
- J. Bethencourt, A. Sahai, and B. Waters. Ciphertext-policy attribute-based encryption. In Symposium on Security and Privacy. IEEE, 2007. Google ScholarDigital Library
- A. Boldyreva. Threshold signatures, multisignatures and blind signatures based on the Gap-Diffie-Hellman-Group signature scheme. In Public Key Cryptography, 2003. Google ScholarDigital Library
- A. Boldyreva, C. Gentry, A. O'Neill, and D. H. Yum. Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing. A full version of this paper, 2007. www.cc.gatech.edu/~aboldyre/publications.html. Google ScholarDigital Library
- D. Boneh and X. Boyen. Efficient selective-ID secure identity-based encryption without random oracles. In EUROCRYPT, 2004.Google ScholarCross Ref
- D. Boneh and X. Boyen. Short signatures without random oracles. In EUROCRYPT, 2004.Google ScholarCross Ref
- D. Boneh, X. Boyen, and E.-J. Goh. Hierarchical identity based encryption with constant size ciphertext. In EUROCRYPT, 2005. Google ScholarDigital Library
- D. Boneh, C. Gentry, B. Lynn, and H. Shacham. Aggregate and verifiably encrypted signatures from bilinear maps. In EUROCRYPT, 2003.Google ScholarDigital Library
- M. Burmester, Y. Desmedt, H. Doi, M. Mambo, E. Okamoto, M. Tada, and Y. Yoshifuji. A structured ElGamal-type multisignature scheme. In PKC, 2000. Google ScholarDigital Library
- K. Butler and W. Aiello. Optimizing BGP security by exploiting path stability. In ACM CCS, 2006. Google ScholarDigital Library
- K. Butler, F. Farley, P. McDaniel, and J. Rexford. A survey of BGP security. Apr. 2005. http://www.research.att.com/jrex/.Google Scholar
- J. Camenisch, S. Hohenberger, and M. Pedersen. Batch verification of short signatures. In EUROCRYPT, 2007. Google ScholarDigital Library
- J. Camenisch and A. Lysyanskaya. Signature schemes and anonymous credentials from bilinear maps. In CRYPTO, 2004.Google ScholarCross Ref
- H. Chan, D. Dash, A. Perrig, and H. Zhang. Modeling adoptability of secure BGP protocols. In ACM SIGMETRICS, 2006. Google ScholarDigital Library
- J.-S. Coron. On the exact security of full domain hash. In CRYPTO, 2000. Google ScholarDigital Library
- H. Doi, E. Okamoto, and M. Mambo. Multisignature schemes for various group structures. In Symposium on Cryptography and Information Security, 1994.Google Scholar
- H. Doi, E. Okamoto, M. Mambo, and T. Uyematsu. Multisignature scheme with specified order. In Conference on Communication, Control, and Computing, 1999.Google Scholar
- N. Feamster, H. Balakrishnan, and J. Rexford. Some foundational problems in interdomain routing. In HotNets, 2004.Google Scholar
- D. Galindo, J. Herranz, and E. Kiltz. On the generic construction of identity-based signatures with additional properties. In ASIACRYPT, 2006. Google ScholarDigital Library
- C. Gentry and Z. Ramzan. Identity-based aggregate signatures. In Public Key Cryptography, 2006. Google ScholarDigital Library
- C. Gentry and A. Silverberg. Hierarchical ID-based cryptography. In ASIACRYPT, 2002. Google ScholarDigital Library
- G. Goodell, W. Aiello, T. Griffin, J. Ioannidis, P. Mcdanniel, and A. Rubin. Working around BGP: An incremental approach to improving security and accuracy in interdomain routing. In NDSS, 2003.Google Scholar
- J. Herranz. Deterministic identity-based signatures for partial aggregation. J. Comput., 49(3), 2006. Google ScholarDigital Library
- Y.-C. Hu, A. Perrig, and M. Sirbu. SPV: Secure path vector routing for securing BGP. In ACM SIGCOMM, 2004. Google ScholarDigital Library
- S. Kent, C. Lynn, J. Mikkelson, and K. Seo. Secure border gateway protocol (S-BGP) - Real world performance and deployment issues. In NDSS, 2000.Google Scholar
- E. Kiltz, A. Mityagin, S. Panjwani, and B. Raghavan. Append-only signatures. In ICALP, 2005. Google ScholarDigital Library
- S. Lu, R. Ostrovsky, A. Sahai, H. Shacham, and B. Waters. Sequential aggregate signatures and multisignatures without random oracles. In EUROCRYPT, 2006. Google ScholarDigital Library
- A. Lysyanskaya, S. Micali, L. Reyzin, and H. Shacham. Sequential aggregate signatures from trapdoor permutations. In EUROCRYPT, 2004.Google ScholarCross Ref
- A. Lysyanskaya, R. Rivest, A. Sahai, and S. Wolf. Pseudonym systems. In Selected Areas in Cryptography, 1999. Google ScholarDigital Library
- S. Micali, K. Ohta, and L. Reyzin. Accountable-subgroup multisignatures. In ACM CCS, 2001. Google ScholarDigital Library
- S. Mitomi and A. Miyaji. A multisignature scheme with message flexibility, order flexibility and order verifiability. In ACISP, 2000. Google ScholarDigital Library
- M. Motiwala, A. Bavier, and N. Feamster. In-band network path diagnosis. Georgia Tech Technical Report GT-CS-07-07.Google Scholar
- M. Motiwala and N. Feamster. Position paper: Network troubleshooting on data plane coattails. In WIRED, 2006.Google Scholar
- E. Mykletun, M. Narasimha, and G. Tsudik. Signature bouquets: Immutability for aggregated/condensed signatures. In ESORICS, 2004.Google ScholarCross Ref
- A. Saxena and B. Soh. One-way signature chaining - a new paradigm for group cryptosystems. Cryptology ePrint Archive, Report 2005/335, 2005. http://eprint.iacr.org/.Google Scholar
- V. Shoup. Lower bounds for discrete logarithms and related problems. In EUROCRYPT, 1997.Google ScholarDigital Library
- K. Stange. The tate pairing via elliptic nets. In Pairing 2007, 2007. Google ScholarDigital Library
- M. Tada. An order-specified multisignature scheme secure against active insider attacks. In Australian Conference on Information Security and Privacy, 2002. Google ScholarDigital Library
- T. Wan, E. Kranakis, and P. van Oorschot. Pretty secure BGP, psBGP. In NDSS, 2005.Google Scholar
- S. Xu and Y. and W. Susilo. Online/offline signatures and multisignatures for AODV and DSR routing security. In Australasian Conference on Information Security and Privacy, 2006. Google ScholarDigital Library
- M. Zhao, S. Smith, and D. Nicol. Aggregated path authentication for efficient BGP security. In ACM CCS, 2005. Google ScholarDigital Library
Index Terms
Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing
Recommendations
Sequential Aggregate Signatures, Multisignatures, and Verifiably Encrypted Signatures Without Random Oracles
We present the first aggregate signature, the first multisignature, and the first verifiably encrypted signature provably secure without random oracles. Our constructions derive from a novel application of a recent signature scheme due to Waters. ...
Efficient identity-based RSA multisignatures
A digital multisignature is a digital signature of a message generated by multiple signers with knowledge of multiple private keys. In this paper, an efficient RSA multisignature scheme based on Shamir's identity-based signature (IBS) scheme is ...
Sequential aggregate signatures and multisignatures without random oracles
EUROCRYPT'06: Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic TechniquesWe present the first aggregate signature, the first multisignature, and the first verifiably encrypted signature provably secure without random oracles. Our constructions derive from a novel application of a recent signature scheme due to Waters. ...
Comments