Abstract :
The concept of sequential aggregate signatures (SAS), proposed by Lysyanskaya, Micali, Reyzin, and Shacham at Eurocrypt 2004, is generalized to a new primitive called sequential aggregate signed data (SASD) that tries to minimize the total amount of transmitted data, rather than just signature length. New SAS and SASD schemes are presented that offer numerous advantages over the scheme of Lysyanskaya Most importantly, the schemes can be instantiated with uncertified claw-free permutations, thereby allowing implementations based on low-exponent RSA and factoring, and drastically reducing signing and verification costs. The schemes support aggregation of signatures under keys of different lengths, and the SASD scheme even has as little as 160 bits of bandwidth overhead. Finally, a multi-signed data scheme is presented that, when compared to the state-of-the-art multi-signature schemes, is the first scheme with noninteractive signature generation not based on pairings. All of the constructions are proved secure in the random oracle model based on families of claw-free permutations.
Keywords :
public key cryptography; SAS scheme; SASD scheme; low-exponent RSA; multisignature schemes; multisigned data scheme; noninteractive signature generation; random oracle model; sequential aggregate signatures; sequential aggregate signed data; signature aggregation; uncertified claw-free permutations; Aggregates; Algorithm design and analysis; Bandwidth; Encoding; Public key; Synthetic aperture sonar; Authentication; public-key cryptosystems;
