Chao Yuan,Mi-xue Xu,Xue-ming Si

DOI: https://doi.org/10.1155/2017/8295275

IF: 1.968

2017-01-01

Security and Communication Networks

Abstract:With the rise of Bitcoin, blockchain which is the core technology of Bitcoin has received increasing attention. Privacy preserving and performance on blockchain are two research points in academia and business, but there are still some unresolved issues in both respects. An aggregate signature scheme is a digital signature that supports making signatures on many different messages generated by many different users. Using aggregate signature, the size of the signature could be shortened by compressing multiple signatures into a single signature. In this paper, a new signature scheme for transactions on blockchain based on the aggregate signature was proposed. It was worth noting that elliptic curve discrete logarithm problem and bilinear maps played major roles in our signature scheme. And the security properties of our signature scheme were proved. In our signature scheme, the amount will be hidden especially in the transactions which contain multiple inputs and outputs. Additionally, the size of the signature on transaction is constant regardless of the number of inputs and outputs that the transaction contains, which can improve the performance of signature. Finally, we gave an application scenario for our signature scheme which aims to achieve the transactions of big data on blockchain.

Hongxin Zhang,Guanghuan Xie,Xin Zou,Chi Zhang,Zhuo Li,Rui Qin,Gang Xiong,Fei-Yue Wang

DOI: https://doi.org/10.1109/tcss.2022.3230903

2024-01-01

IEEE Transactions on Computational Social Systems

Abstract:Threshold Elliptic Curve Digital Signature Algorithm (ECDSA) has attracted a lot of attention due to the wide applications of ECDSA in crypto asset. Although several variants of threshold signature protocols can provide functions, such as key generation and signing, they suffer from two shortfalls. First, these schemes only discuss a single signature computation task in a synchronous algorithm context, which is difficult to adapt to real crypto-asset applications, such as custody. Second, these schemes are computing intensive and not scalable, hence can hardly support large-scale processing operations in real life even after traditional optimization, such as multithreading, is applied. In this article, we propose an innovative computation method called asynchronous threshold ECDSA with batch processing, based on the interactive threshold signature protocols. The method provides a reliable solution for critical operational scenarios, such as threshold signing and distributed key generation (DKG) in crypto-asset custody, and can be a future reference in secure data distribution mechanisms. The performance and scalability of our methods are validated through a benchmark testing.

Zheng Gong,Yu Long,Xuan Hong,Kefei Chen

2008-01-01

Abstract:Aggregate signature is a digital signature with a striking property that anyone can aggregate n individual signatures on n different messages which are signed by n distinct signers, into a single compact signature to reduce computational and storage costs. In this work, two practical certificateless aggregate signature schemes are proposed from bilinear maps. The first scheme CAS-1 reduces the costs of communication and signer-side computation but trades off the storage, while CAS-2 minimizes the storage but sacrifices the communication costs. One can choose either of the schemes by consideration of the application requirement. Compare with ID-based schemes, our schemes do not entail public key certificates as well and achieve the trust Level 3, which imply the frauds of the authority are detectable. Both of the schemes are proven secure in the random oracle model by assuming the intractability of the computational Diffie-Hellman problem over the groups with bilinear maps, where the forking lemma technique is avoided.

Yanbo Chen,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-031-17146-8_19

2022-01-01

Abstract:An aggregate signature (AS) scheme allows an unspecified aggregator to compress many signatures into a short aggregation. AS schemes can save storage costs and accelerate verification. They are desirable for applications where many signatures need to be stored, transferred, or verified together, including blockchain systems, sensor networks, certificate chains, network routing, etc. However, constructing AS schemes based on general groups, only requiring the hardness of the discrete logarithm problem, is quite tricky and has been a long-standing research question. Recently, Chalkias et al. [6] proposed a half-aggregate scheme for Schnorr signatures. We observe the scheme lacks a tight security proof and does not well support incremental aggregation, i.e., adding more signatures into a pre-existing aggregation. This work's contributions are threefold. We first give a tight security proof for the scheme in [6] in the ROM and the algebraic group model (AGM). Second, we provide a new half-aggregate scheme for Schnorr signatures that perfectly supports incremental aggregation, whose security also tightly reduces to Schnorr's security in the AGM+ROM. Third, we present a Schnorr-based sequential aggregate signature (SAS) scheme that is tightly secure as Schnorr signature scheme in the ROM (without the AGM). Our work may pave the way for applying Schnorr aggregation in real-world cryptographic applications.

Yang Tao,Kong Lingbo,Hu Jianbin,Chen Zhong

2012-01-01

Journal of Computer Research and Development

Abstract:This paper surveys the aggregate signature and its applications. Aggregate signature simplifies the verification of any number of signatures to a verification, greatly reducing the signature verification work, so aggregate signature greatly improves the efficiency of signature verification and transmission. In real life, the aggregate signature technology can be used in the hierarchical PKI certificate chain, the security of wireless sensor network routing protocols, secure mail, electronic cash, database outsourcing, dynamic content distribution, VANETs data aggregation, IoT(Internet of Things) data aggregation and other fields.

Kang Qiao,Hongbo Tang,Yu Zhao,Wei You

DOI: https://doi.org/10.1109/ICCCBDA.2019.8725693

2019-04-01

Abstract:With the continuous development and wide application of blockchain technology, the problem of privacy leakage is becoming more and more prominent and must be fully taken seriously. This paper proposes a new blockchain signature scheme based on the aggregation signature scheme for the privacy protection of transaction addresses in blockchain. Compared with related schemes, the privacy protection scheme reduces the computational overhead of the signature and verification process, reduces the storage overhead of the blockchain, and improves the communication efficiency. The theoretical analysis results show that the scheme is safe and effective, and can protect the identity privacy of the receiver in the blockchain transaction.

Computer Science

Liangliang Wang,Kefei Chen,Yu Long,Huige Wang

DOI: https://doi.org/10.1002/sec.1421

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:An aggregate signature refers to a signature, by which n signatures sigma(1),...,sigma(n) corresponding to n messages m(1),...,m(n) and n users u(1),...,u(n) can be transformed into a single short signature (sigma) over bar. Besides, anyone can be convinced by the single short signature that the n messages m(1),...,m(n) were definitely signed by the n users u(1),...,u(n) correspondingly. The concept of certificateless cryptography is proposed, so as to settle the key escrow problem in ID-based cryptography and eliminate the demand for certificates in certified cryptography. A certificateless signature scheme was proposed by Chen et al. in 2014, which was extended into a certificateless aggregate signature scheme. In this paper, two attacks are firstly provided, so as to indicate that the certificateless signature scheme is insecure against a Type I adversary and a Type II adversary. And then, it is demonstrated that the certificateless aggregate signature scheme is not able to achieve the security levels they claimed due to the weaknesses of the certificateless signature scheme. Copyright (c) 2016 John Wiley & Sons, Ltd.

Kwangsu Lee,Dong Hoon Lee,Moti Yung

DOI: https://doi.org/10.1016/j.tcs.2015.02.019

2015-02-24

Abstract:The notion of aggregate signature has been motivated by applications and it enables any user to compress different signatures signed by different signers on different messages into a short signature. Sequential aggregate signature, in turn, is a special kind of aggregate signature that only allows a signer to add his signature into an aggregate signature in sequential order. This latter scheme has applications in diversified settings such as in reducing bandwidth of certificate chains and in secure routing protocols. Lu, Ostrovsky, Sahai, Shacham, and Waters (EUROCRYPT 2006) presented the first sequential aggregate signature scheme in the standard model. The size of their public key, however, is quite large (i.e., the number of group elements is proportional to the security parameter), and therefore, they suggested as an open problem the construction of such a scheme with short keys. In this paper, we propose the first sequential aggregate signature schemes with short public keys (i.e., a constant number of group elements) in prime order (asymmetric) bilinear groups that are secure under static assumptions in the standard model. Furthermore, our schemes employ a constant number of pairing operations per message signing and message verification operation. Technically, we start with a public-key signature scheme based on the recent dual system encryption technique of Lewko and Waters (TCC 2010). This technique cannot directly provide an aggregate signature scheme since, as we observed, additional elements should be published in a public key to support aggregation. Thus, our constructions are careful augmentation techniques for the dual system technique to allow it to support sequential aggregate signature schemes. We also propose a multi-signature scheme with short public parameters in the standard model.

Cryptography and Security

Hu Xiong,Zhi Guan,Zhong Chen,Fagen Li

DOI: https://doi.org/10.1016/j.ins.2012.07.004

IF: 8.1

2013-01-01

Information Sciences

Abstract:An aggregate signature scheme enables an algorithm to aggregate n signatures of n distinct messages from n users into a single short signature. This primitive is useful in resource-constrained environment since they allow bandwidth and computational savings. Recently, in order to eliminate the use of certificates in certified public key cryptography and the key-escrow problem in identity-based cryptography, the notion of certificateless public key cryptography was introduced. In this paper, we present an efficient certificateless aggregate signature scheme with constant pairing computations. The security of the proposed scheme can be proved to be equivalent to the standard computational Diffie–Hellman problem in the random oracle with a tight reduction. Furthermore, our scheme does not require synchronization for aggregating randomness, which makes it more suitable for ad hoc networks.

Hu Xiong,Qianhong Wu,Zhong Chen

2012-01-01

Abstract:An aggregate signature scheme allows a public algorithm to aggregate n signatures on n distinct messages from n signers into a single signature. By validating the single resulting signature, one can be convinced that the messages have been endorsed by all the signers. Certificateless aggregate signatures allow the signers to authenticate messages without suffering from the complex certificate management in the traditional public key cryptography or the key escrow problem in identity-based cryptography. In this paper, we present a new efficient certificateless aggregate signature scheme. Compared with up-to-date certificateless aggregate signatures, our scheme is equipped with a number of attracting features: (1) it is shown to be secure under the standard computational Diffie-Hellman assumption in the random oracle model; (2) the security is proven in the strongest security model so far; (3) the signers do not need to be synchronized; and (4) its performance is comparable to the most efficient up-to-date schemes. These features are desirable in a mobile networking and computing environment where the storage/computation capacity of the end devices are limited, and due to the wireless connection and distributed feature, the computing devices are easy to be attacked and hard to be synchronized.

Masayuki Tezuka,Keisuke Tanaka

DOI: https://doi.org/10.1007/978-3-031-29371-9_16

2023-04-01

Abstract:Synchronized aggregate signature is a special type of signature that all signers have a synchronized time period and allows aggregating signatures which are generated in the same period. This signature has a wide range of applications for systems that have a natural reporting period such as log and sensor data, or blockchain protocol. In CT-RSA 2016, Pointcheval and Sanders proposed the new randomizable signature scheme. Since this signature scheme is based on type-3 pairing, this signature achieves a short signature size and efficient signature verification. In this paper, we design the Pointchcval-Sanders signature-based synchronized aggregate signature scheme and prove its security under the generalized Pointcheval-Sanders assumption in the random oracle model. Our scheme offers the most efficient aggregate signature verification among synchronized aggregate signature schemes based on bilinear groups.

Cryptography and Security

Hu Xiong,Qianhong Wu,Zhong Chen

DOI: https://doi.org/10.1109/INCoS.2011.151

2011-01-01

Abstract:An aggregate signature scheme allows a public algorithm to aggregate n signatures of n distinct messages from n signers into a single signature. By validating the single resulting signature, one can be convinced that the messages have been endorsed by all the signers. Certificateless aggregate signatures allow the signers to authenticate messages without suffering from the complex certificate management in the traditional public key cryptography or the key escrow problem in identity-based cryptography. In this paper, we present a new efficient certificate less aggregate signature scheme. Compared with up-to-date certificate less aggregate signatures, our scheme is equipped with a number of attracting features: (1) it is shown to be secure under the standard computational Diffie-Hellman assumption in the random oracle model, (2) the security is proven in the strongest security model so far, (3) the signers do not need to be synchronized, and (4) its performance is comparable to the most efficient up-to-date schemes. These features are desirable in a mobile networking and computing environment where the storage/computation capacity of the end devices are limited, and due to the wireless connection and distributed feature, the computing devices are easy to be attacked and hard to be synchronized.

Rui Guo,Kemeng Li,Xiong Li,Yinghui Zhang,Xuelei Li

DOI: https://doi.org/10.1109/JSYST.2022.3148989

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:In blockchain-enabled applications, it is difficult to preserve privacy completely because of the openness of each signer's public key. In this article, an efficient multiattribute-based signature scheme with key aggregation (M-ABS-KA) is presented that supports a flexible threshold predicate. This construction aggregates the public keys and provides a compact signature that is verified as a group, which realizes faster batch verification than confirming them individually. Furthermore, both the multisignature scale and the public key length are independent of the number of signers and attributes in this scheme. To the best of our knowledge, this M-ABS-KA scheme is the first multi-ABS protocol with an aggregated public key and fast batch verification. Based on the hardness of the computational Diffie-Hellman problem, it is formally proven that the proposal achieves unforgeability in the random oracle model and enjoys signer privacy. Additionally, the performance is evaluated in theoretical and experimental analyses with other related ABS schemes, and the results show that it is feasible and efficient in storage, bandwidth, and computational cost. Finally, as an illustrative application, we design a framework of the blockchain-enabled electronic health records assessment system based on this presented M-ABS-KA scheme.

Yan XU,Liu-sheng HUANG,Miao-miao TIAN,Hong ZHONG,Jie CUI

DOI: https://doi.org/10.3969/j.issn.0372-2112.2016.08.011

2016-01-01

Abstract:Aggregate signature schemes are particularly useful for authentication in resource-constrained wireless net-works for realizing batch verification.Certificateless cryptosystems can resolve the certificate management problem or key es-crow problem in aggregate signature schemes.This paper firstly analyzed a certificatelss aggregate signature(CLAS)scheme. Then,a more efficient CLAS scheme that requires less bilinear paring operations was provided.The security analysis showed that this scheme can resist the forgery attack under the random oracle model,the security was equal to resolve CDH problem.

Kwangsu Lee,Dong Hoon Lee

DOI: https://doi.org/10.1371/journal.pone.0128081

2014-11-18

Abstract:Aggregate signatures allow anyone to combine different signatures signed by different signers on different messages into a single short signature. An ideal aggregate signature scheme is an identity-based aggregate signature (IBAS) scheme that supports full aggregation since it can reduce the total transmitted data by using an identity string as a public key and anyone can freely aggregate different signatures. Constructing a secure IBAS scheme that supports full aggregation in bilinear maps is an important open problem. Recently, Yuan {\it et al.} proposed an IBAS scheme with full aggregation in bilinear maps and claimed its security in the random oracle model under the computational Diffie-Hellman assumption. In this paper, we show that there exists an efficient forgery attacker on their IBAS scheme and their security proof has a serious flaw.

Cryptography and Security

Qinyi Li,Hu Xiong,Zhiguang Qin,Qing Lu

2012-01-01

Abstract:Ordinary digital signatures have an inherent weakness:if the secret key is leaked, then all signatures, even the ones generated before the leak, are no longer trustworthy. Forward secure scheme has been suggested for solving this problem. An aggregate signature is a signature that aggregate n distinct signatures into a single short signature. A forward secure aggregate signature scheme combines with the two mentioned advantages. This paper points out that the scheme in [7] is not forward secure, and proposes a new forward secure aggregate signature scheme from bilinear maps . Finally,this paper analyzes the correctness and security of the scheme.

Chanhyeok Park,Sangrae Cho,Young-Seob Cho,Soohyung Kim,Hyung Tae Lee

DOI: https://doi.org/10.1109/access.2024.3358849

IF: 3.9

2024-02-07

IEEE Access

Abstract:Recently, Chait et al. proposed a new aggregate signature scheme under the RSA setting (IEEE Access, 2023). In this paper, we show that Chait et al.'s aggregate signature scheme is insecure when two signers collude with their own secret keys, by presenting an attack algorithm that forges aggregate signatures of aggregator or individual signatures of all other (non-colluding) users. More concretely, our attack algorithm consists of three sub-algorithms: The first sub-algorithm computes a multiple of from secret keys of two users where is the RSA modulus that is included in the public parameter of the system and is the Euler totient function. The second sub-algorithm recovers an equivalent secret key of a target user that is congruent to his/her original secret key modulo from his/her public key and the multiple of which is the output of the first sub-algorithm. Finally, with the equivalent secret key obtained by the second sub-algorithm, the last sub-algorithm generates valid aggregate/individual signatures of the target user. Our attack algorithm always succeeds in forging aggregate/individual signatures. Furthermore, it is lightweight in the sense that it requires several integer operations, gcd computations, and an execution of aggregate/individual signing algorithm only. For example, when the pubic parameter and secret keys of all users, except the target user, are provided, our experimental results demonstrate that the proposed attack algorithm takes less than 1 second only in total to forge an aggregate signature of 29 individual signatures including that of the target user, where is 3,072 bits for 128-bit security.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jiang Deng,Chunxiang Xu,Huai Wu,Liju Dong

DOI: https://doi.org/10.1002/cpe.3551

2016-01-01

Abstract:SummaryTo satisfy the applications in certificateless environment, many researchers have been investigating certificateless aggregate signature schemes. Several schemes that are independent with the aggregated numbers are proposed to reduce the computation overhead. In these schemes, the pairing computations that in verification procedure needs are a constant value. Recently, Hou et al. proposed an improved certificateless aggregate signature scheme. They demonstrated the scheme is provably secure in the random oracle model. However, we find that their scheme is insecure in their security model by giving a concrete attack. Then, we propose an improved certificateless signature scheme and use it to construct a new certificateless signature scheme with enhanced security and aggregation. Furthermore, we provide formal security proof of our new scheme. Compared with other four schemes, our enhanced protocol is more suitable for realistic applications. Copyright © 2015 John Wiley & Sons, Ltd.

Han Shen,Jianhua Chen,Jian Shen,Debiao He

DOI: https://doi.org/10.1002/sec.1480

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Recently, Chen et al. proposed a certificateless aggregate signature scheme with efficient verification. They claimed that their scheme could resist attacks of Type I adversary and Type II adversary. Unfortunately, we present a universal attack to demonstrate that their scheme cannot provide unforgeability. The adversary in the proposed attack can forge a legal signature on any message without any users' secret information. Copyright © 2016 John Wiley & Sons, Ltd.

Hong Shu,Ping Qi,Yongqing Huang,Fulong Chen,Dong Xie,Liping Sun

DOI: https://doi.org/10.3390/s20051521

IF: 3.9

2020-03-10

Sensors

Abstract:Different from the traditional healthcare field, Medical Cyber Physical Systems (MCPS) rely more on wireless wearable devices and medical applications to provide better medical services. The secure storage and sharing of medical data are facing great challenges. Blockchain technology with decentralization, security, credibility and tamper-proof is an effective way to solve this problem. However, capacity limitation is one of the main reasons affecting the improvement of blockchain performance. Certificateless aggregation signature schemes can greatly tackle the difficulty of blockchain expansion. In this paper, we describe a two-layer system model in which medical records are stored off-blockchain and shared on-blockchain. Furthermore, a multi-trapdoor hash function is proposed. Based on the proposed multi-trapdoor hash function, we present a certificateless aggregate signature scheme for blockchain-based MCPS. The purpose is to realize the authentication of related medical staffs, medical equipment, and medical apps, ensure the integrity of medical records, and support the secure storage and sharing of medical information. The proposed scheme is highly computationally efficient because it does not use bilinear maps and exponential operations. Many certificateless aggregate signature schemes without bilinear maps in Internet of things (IoT) have been proposed in recent years, but they are not applied to the medical field, and they do not consider the security requirements of medical data. The proposed scheme in this paper has high computing and storage efficiency, while meeting the security requirements in MCPS.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation