The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
대부분의 집계 서명 방식은 페어링에 의존하지만, 페어링에 드는 계산 및 저장 비용이 높기 때문에 실제로 이러한 방식의 실현 가능성이 제한됩니다. Zhao는 최초의 페어링 없는 집계 서명 방식을 제안했습니다(AsiaCCS 2019). 그러나 Zhao 계획의 보안은 새로 도입된 비표준 계산 문제의 견고성에 기반을 두고 있습니다. Drijvers et al.의 최근 불가능성 결과. (IEEE S&P 2019) 표준 이산 로그(DL) 문제를 기반으로 한 보안이 다음과 같은 표준 문제를 기반으로 안전하다고 입증된 페어링 없는 집계 서명 체계를 구축한다는 관점을 강화한 XNUMX라운드 페어링 없는 다중 서명 체계에 대해 DL 문제는 실제로 어려운 공개 문제이기 때문입니다. 본 논문에서는 이러한 열린 문제에 대한 새로운 해결책을 제시합니다. 우리는 집계 서명의 새로운 패러다임, 즉 추가 서명을 갖춘 집계 서명을 소개합니다. 사전 의사소통 단계. 사전 통신 단계에서 각 서명자는 집계자와 상호 작용하여 특정 임의 값에 동의합니다. 서명할 메시지를 결정하기 전에. 우리는 또한 Drijvers et al.의 불가능성 결과를 발견했습니다. 적이 개별 서명의 전체 무작위성 부분을 결정할 수 있는 경우 효력이 발생합니다. 새로운 패러다임과 불가능 결과의 적용 가능성에 대한 발견을 기반으로 우리는 모든 개별 서명에 서명자가 자유롭게 생성할 수 있는 임의의 nonce가 포함되도록 하는 페어링 없는 집계 서명 방식을 제안합니다. 우리는 견고함을 바탕으로 우리 계획의 보안을 증명합니다. 표준 DL 문제. Zhao의 계획이 사용하는 일반 공개 키 모델과 달리 트레이드 오프로서 우리는 보다 제한된 키 설정 모델, 즉 비밀 키 모델에 대한 지식을 사용합니다.
Kaoru TAKEMURE
the University of Electro-Communications,the National Institute of Advanced Industrial Science and Technology
Yusuke SAKAI
the National Institute of Advanced Industrial Science and Technology
Bagus SANTOSO
the University of Electro-Communications
Goichiro HANAOKA
the National Institute of Advanced Industrial Science and Technology
Kazuo OHTA
the University of Electro-Communications,the National Institute of Advanced Industrial Science and Technology
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
부
Kaoru TAKEMURE, Yusuke SAKAI, Bagus SANTOSO, Goichiro HANAOKA, Kazuo OHTA, "Achieving Pairing-Free Aggregate Signatures using Pre-Communication between Signers" in IEICE TRANSACTIONS on Fundamentals,
vol. E104-A, no. 9, pp. 1188-1205, September 2021, doi: 10.1587/transfun.2020DMP0023.
Abstract: Most aggregate signature schemes are relying on pairings, but high computational and storage costs of pairings limit the feasibility of those schemes in practice. Zhao proposed the first pairing-free aggregate signature scheme (AsiaCCS 2019). However, the security of Zhao's scheme is based on the hardness of a newly introduced non-standard computational problem. The recent impossibility results of Drijvers et al. (IEEE S&P 2019) on two-round pairing-free multi-signature schemes whose security based on the standard discrete logarithm (DL) problem have strengthened the view that constructing a pairing-free aggregate signature scheme which is proven secure based on standard problems such as DL problem is indeed a challenging open problem. In this paper, we offer a novel solution to this open problem. We introduce a new paradigm of aggregate signatures, i.e., aggregate signatures with an additional pre-communication stage. In the pre-communication stage, each signer interacts with the aggregator to agree on a specific random value before deciding messages to be signed. We also discover that the impossibility results of Drijvers et al. take effect if the adversary can decide the whole randomness part of any individual signature. Based on the new paradigm and our discovery of the applicability of the impossibility result, we propose a pairing-free aggregate signature scheme such that any individual signature includes a random nonce which can be freely generated by the signer. We prove the security of our scheme based on the hardness of the standard DL problem. As a trade-off, in contrast to the plain public-key model, which Zhao's scheme uses, we employ a more restricted key setup model, i.e., the knowledge of secret-key model.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.2020DMP0023/_p
부
@ARTICLE{e104-a_9_1188,
author={Kaoru TAKEMURE, Yusuke SAKAI, Bagus SANTOSO, Goichiro HANAOKA, Kazuo OHTA, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Achieving Pairing-Free Aggregate Signatures using Pre-Communication between Signers},
year={2021},
volume={E104-A},
number={9},
pages={1188-1205},
abstract={Most aggregate signature schemes are relying on pairings, but high computational and storage costs of pairings limit the feasibility of those schemes in practice. Zhao proposed the first pairing-free aggregate signature scheme (AsiaCCS 2019). However, the security of Zhao's scheme is based on the hardness of a newly introduced non-standard computational problem. The recent impossibility results of Drijvers et al. (IEEE S&P 2019) on two-round pairing-free multi-signature schemes whose security based on the standard discrete logarithm (DL) problem have strengthened the view that constructing a pairing-free aggregate signature scheme which is proven secure based on standard problems such as DL problem is indeed a challenging open problem. In this paper, we offer a novel solution to this open problem. We introduce a new paradigm of aggregate signatures, i.e., aggregate signatures with an additional pre-communication stage. In the pre-communication stage, each signer interacts with the aggregator to agree on a specific random value before deciding messages to be signed. We also discover that the impossibility results of Drijvers et al. take effect if the adversary can decide the whole randomness part of any individual signature. Based on the new paradigm and our discovery of the applicability of the impossibility result, we propose a pairing-free aggregate signature scheme such that any individual signature includes a random nonce which can be freely generated by the signer. We prove the security of our scheme based on the hardness of the standard DL problem. As a trade-off, in contrast to the plain public-key model, which Zhao's scheme uses, we employ a more restricted key setup model, i.e., the knowledge of secret-key model.},
keywords={},
doi={10.1587/transfun.2020DMP0023},
ISSN={1745-1337},
month={September},}
부
TY - JOUR
TI - Achieving Pairing-Free Aggregate Signatures using Pre-Communication between Signers
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 1188
EP - 1205
AU - Kaoru TAKEMURE
AU - Yusuke SAKAI
AU - Bagus SANTOSO
AU - Goichiro HANAOKA
AU - Kazuo OHTA
PY - 2021
DO - 10.1587/transfun.2020DMP0023
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E104-A
IS - 9
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - September 2021
AB - Most aggregate signature schemes are relying on pairings, but high computational and storage costs of pairings limit the feasibility of those schemes in practice. Zhao proposed the first pairing-free aggregate signature scheme (AsiaCCS 2019). However, the security of Zhao's scheme is based on the hardness of a newly introduced non-standard computational problem. The recent impossibility results of Drijvers et al. (IEEE S&P 2019) on two-round pairing-free multi-signature schemes whose security based on the standard discrete logarithm (DL) problem have strengthened the view that constructing a pairing-free aggregate signature scheme which is proven secure based on standard problems such as DL problem is indeed a challenging open problem. In this paper, we offer a novel solution to this open problem. We introduce a new paradigm of aggregate signatures, i.e., aggregate signatures with an additional pre-communication stage. In the pre-communication stage, each signer interacts with the aggregator to agree on a specific random value before deciding messages to be signed. We also discover that the impossibility results of Drijvers et al. take effect if the adversary can decide the whole randomness part of any individual signature. Based on the new paradigm and our discovery of the applicability of the impossibility result, we propose a pairing-free aggregate signature scheme such that any individual signature includes a random nonce which can be freely generated by the signer. We prove the security of our scheme based on the hardness of the standard DL problem. As a trade-off, in contrast to the plain public-key model, which Zhao's scheme uses, we employ a more restricted key setup model, i.e., the knowledge of secret-key model.
ER -