Results 1  10
of
31
Aggregate and Verifiably Encrypted Signatures from Bilinear Maps
, 2002
"... An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into a single short signature. This single signature (and the n original messages) will convince the verif ..."
Abstract

Cited by 240 (14 self)
 Add to MetaCart
An aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into a single short signature. This single signature (and the n original messages) will convince the verifier that the n users did indeed sign the n original messages (i.e., user i signed message M i for i = 1; : : : ; n). In this paper we introduce the concept of an aggregate signature scheme, present security models for such signatures, and give several applications for aggregate signatures. We construct an efficient aggregate signature from a recent short signature scheme based on bilinear maps due to Boneh, Lynn, and Shacham. Aggregate signatures are useful for reducing the size of certificate chains (by aggregating all signatures in the chain) and for reducing message size in secure routing protocols such as SBGP. We also show that aggregate signatures give rise to verifiably encrypted signatures. Such signatures enable the verifier to test that a given ciphertext C is the encryption of a signature on a given message M . Verifiably encrypted signatures are used in contractsigning protocols. Finally, we show that similar ideas can be used to extend the short signature scheme to give simple ring signatures.
Sequential aggregate signatures from trapdoor permutations
 Advances in Cryptology – EUROCRYPT 2004
, 2004
"... An aggregate signature scheme (recently proposed by Boneh, Gentry, Lynn, and Shacham) is a method for combining n signatures from n different signers on n different messages into one signature of unit length. We propose sequential aggregate signatures, inwhichthesetof signers is ordered. The aggrega ..."
Abstract

Cited by 49 (3 self)
 Add to MetaCart
An aggregate signature scheme (recently proposed by Boneh, Gentry, Lynn, and Shacham) is a method for combining n signatures from n different signers on n different messages into one signature of unit length. We propose sequential aggregate signatures, inwhichthesetof signers is ordered. The aggregate signature is computed by having each signer, in turn, add his signature to it. We show how to realize this in such a way that the size of the aggregate signature is independent of n. This makes sequential aggregate signatures a natural primitive for certificate chains, whose length can be reduced by aggregating all signatures in a chain. We give a construction in the random oracle model based on families of certified trapdoor permutations, and show how to instantiate our scheme based on RSA. 1
Sequential aggregate signatures and multisignatures without random oracles
 In EUROCRYPT, 2006. (Cited on
, 2006
"... Abstract. We present the first aggregate signature, the first multisignature, and the first verifiably encrypted signature provably secure without random oracles. Our constructions derive from a novel application of a recent signature scheme due to Waters. Signatures in our aggregate signature schem ..."
Abstract

Cited by 36 (1 self)
 Add to MetaCart
Abstract. We present the first aggregate signature, the first multisignature, and the first verifiably encrypted signature provably secure without random oracles. Our constructions derive from a novel application of a recent signature scheme due to Waters. Signatures in our aggregate signature scheme are sequentially constructed, but knowledge of the order in which messages were signed is not necessary for verification. The aggregate signatures obtained are shorter than Lysyanskaya et al. sequential aggregates and can be verified more efficiently than Boneh et al. aggregates. We also consider applications to secure routing and proxy signatures. 1
A Secure and Practical Electronic Voting Scheme for Real World Environments
, 1997
"... this paper, we propose a practical and secure electronic voting scheme which meets the requirements of large scale general elections. This scheme involves voters, the administrator or so called the government and some scrutineers. In our scheme, a voter only has to communicate with the administrator ..."
Abstract

Cited by 19 (6 self)
 Add to MetaCart
this paper, we propose a practical and secure electronic voting scheme which meets the requirements of large scale general elections. This scheme involves voters, the administrator or so called the government and some scrutineers. In our scheme, a voter only has to communicate with the administrator three times and it ensures independence among voters without the need of any global computation. This scheme uses the threshold cryptosystem to guarantee the fairness among the candidate's campaign and to provide mechanism for achieving the function that any voter can make an open objection to the tally if his vote has not been published. This scheme preserves the privacy of a voter against the administrator, scrutineers, and other voters. Completeness, robustness, and verifiability of the voting process are ensured and hence no one can produce a false tally, corrupt or disrupt the election.
A Practical Digital Multisignature Scheme Based on Discrete Logarithms (Extended Abstract)
 in AUSCRYPT’92
, 1993
"... ) Thomas Hardjono 1 ? and Yuliang Zheng 2 ?? 1 ATR Communications Research Laboratories 22 Hikaridai, SeikaCho, Sorakugun, Kyoto 61902, Japan 2 Department of Computer Science, University of Wollongong, Australia Abstract. This paper proposes a practical digital multisignature scheme based ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
) Thomas Hardjono 1 ? and Yuliang Zheng 2 ?? 1 ATR Communications Research Laboratories 22 Hikaridai, SeikaCho, Sorakugun, Kyoto 61902, Japan 2 Department of Computer Science, University of Wollongong, Australia Abstract. This paper proposes a practical digital multisignature scheme based on the C ? sig cryptosystem derived from the Csig cryptosystem of Zheng and Seberry (1993). The simple scheme consists of three phases. In the first phase the issuer of the document prepares the document, the list of prospective signatories and a pad on which signatories are to write their signatures. In the second phase each signatory verifies the document, signs it and forwards it to the next signatory. In the third phase a trusted verifier or notary decides on the validity of the signatures. The scheme prevents cheating by dishonest signatories from going undetected. The scheme is practical and offers at least the same security level afforded by its underlying cryptosystem against extern...
A Survey of Two Signature Aggregation Techniques
 CryptoBytes
, 2003
"... We survey two recent signature constructions that support signature aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into a single signature. This single signature (and all n original messages) will convince any verifier t ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
We survey two recent signature constructions that support signature aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into a single signature. This single signature (and all n original messages) will convince any verifier that the n users signed the n original messages (i.e., for i = 1; : : : ; n user i signed message number i). We survey two constructions. The first is based on the short signature scheme of Boneh, Lynn, and Shacham and supports general aggregation. The second, based on a multisignature scheme of Micali, Ohta, and Reyzin, is built from any trapdoor permutation but only supports sequential aggregation. Aggregate signatures are useful for reducing the size of certificate chains (by aggregating all signatures in the chain) and for reducing message size in secure routing protocols such as SBGP.
Proxy ReSignatures: New Definitions, Algorithms, and Applications
 In ACM CCS
, 2005
"... In 1998, Blaze, Bleumer, and Strauss (BBS) proposed proxy resignatures, in which a semitrusted proxy acts as a translator between Alice and Bob. To translate, the proxy converts a signature from Alice into a signature from Bob on the same message. The proxy, however, does not learn any signing k ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
In 1998, Blaze, Bleumer, and Strauss (BBS) proposed proxy resignatures, in which a semitrusted proxy acts as a translator between Alice and Bob. To translate, the proxy converts a signature from Alice into a signature from Bob on the same message. The proxy, however, does not learn any signing key and cannot sign arbitrary messages on behalf of either Alice or Bob.
New Paradigms in Signature Schemes
, 2005
"... Digital signatures provide authenticity and nonrepudiation. They are a standard cryptographic primitive with many applications in higherlevel protocols. Groups featuring a computable bilinear map are particularly well suited for signaturerelated primitives. For some signature variants the only con ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
Digital signatures provide authenticity and nonrepudiation. They are a standard cryptographic primitive with many applications in higherlevel protocols. Groups featuring a computable bilinear map are particularly well suited for signaturerelated primitives. For some signature variants the only construction known uses bilinear maps. Where constructions based on, e.g., RSA are known, bilinearmap–based constructions are simpler, more efficient, and yield shorter signatures. We describe several constructions that support this claim. First, we present the BonehLynnShacham (BLS) short signature scheme. BLS signatures with 1024bit security are 160 bits long, the shortest of any scheme based on standard assumptions. Second, we present BonehGentryLynnShacham (BGLS) aggregate signatures. In an aggregate signature scheme it is possible to combine n signatures on n distinct messages from n distinct users into a single aggregate that provides nonrepudiation for all of them. BGLS aggregates are 160 bits long, regardless of how many signatures are aggregated. No construction is known for aggregate signatures that does not employ bilinear maps. BGLS aggregates give rise to verifiably encrypted signatures, a signature variant with applications in contract signing.
Blind Threshold Signatures Based on Discrete Logarithm
 Computer Communications
, 1996
"... In this paper, we propose two grouporiented (t; n) blind threshold signature schemes based on the discrete logarithm problem. By these schemes, any t out of n signers in a group can represent the group to sign blind threshold signatures. In our schemes, the size of a threshold signature is the same ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
In this paper, we propose two grouporiented (t; n) blind threshold signature schemes based on the discrete logarithm problem. By these schemes, any t out of n signers in a group can represent the group to sign blind threshold signatures. In our schemes, the size of a threshold signature is the same as the size of an individual signature and the signature verification process is simplified by means of a group public key. Our proposed schemes do not require the assistance of a mutually trusted authority. In addition each signer can select his own private key and the group public key is determined by all the members. The security of our schemes rely on the difficulty of computing discrete logarithm.