Another Look at Aggregate Signatures: Their Capability and Security on Network Graphs

  • Naoto YanaiEmail author
  • Masahiro Mambo
  • Kazuma Tanaka
  • Takashi Nishide
  • Eiji Okamoto
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9565)


Aggregate signatures are digital signatures where n signers sign n individual documents and can aggregate individual signatures into a single short signature. Although aggregate signatures are expected to enhance the security of network applications, the capability and the security of aggregate signatures have not yet been discussed when the signatures are generated by a group of signers whose relationships are expressed as network. In this paper, we take into account the fact that various network applications can be mathematically idealized as network called network graphs, and discuss the properties of aggregate signatures on network graphs. We show that it is difficult to apply aggregate signatures to the network graphs. More precisely, we show that sequential aggregate signatures (Eurocrypt 2004) are incompatible with the network graphs and also general aggregate signatures (Crypto 2003) are broken by some generic attack. Additionally, we propose two generic approaches to overcoming the problems: restricting the number of signers and utilizing ring homomorphism, and give a security proof of aggregate signatures in each of these approaches.


Aggregate signatures Sequential aggregate signatures Cryptographic protocols Provable security Graph theory 



Part of this research is supported by JSPS A3 Foresight Program. The first author is also supported by Support Center for Advanced Telecommunications Technology Research and JSPS KAKENHI Grant Numbers 26880012, 26330151. We would like to appreciate their supports. We would also like to appreciate Shin-Akarui-Angou-Benkyou-Kai for their valuable comments.


  1. 1.
    Ahn, J.H., Green, M., Hohenberger, S.: Synchronized aggregate signatures: new definitions, constructions and applications. In: Proceedings of CCS 2011, pp. 473–484. ACM (2010)Google Scholar
  2. 2.
    Attrapadung, N., Libert, B., Peters, T.: Efficient completely context-hiding quotable and linearly homomorphic signatures. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 386–404. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Namprempre, C., Neven, G.: Unrestricted aggregate signatures. In: Arge, L., Cachin, C., Jurdziński, T., Tarlecki, A. (eds.) ICALP 2007. LNCS, vol. 4596, pp. 411–422. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  4. 4.
    Bodlaender, H.L., de Fluiter, B.: Parallel algorithms for series parallel graphs. In: Diaz, J., Serna, M. (eds.) ESA 1996. LNCS, vol. 1136, pp. 277–289. Springer, Heidelberg (1996)Google Scholar
  5. 5.
    Boldyreva, A., Gentry, C., O’Neill, A., Yum, D.H.: Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing (extended abstract). In: Proceedings of CCS, pp. 276–285. ACM (2007)Google Scholar
  6. 6.
    Boldyreva, A., Gentry, C., O’Neill, A., Yum, D.H.: Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing (extended abstract), (full paper) (2010)Google Scholar
  7. 7.
    Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 416–432. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Jain, A., Krenn, S., Pietrzak, K., Tentes, A.: Commitments and efficient zero-knowledge proofs from learning parity with noise. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 663–680. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  9. 9.
    Camacho, P., Hevia, A.: Short Transitive Signatures for Directed Trees. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 35–50. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  10. 10.
    Camenisch, J.L., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: Proceedings of Usenix Security 2004 (2004)Google Scholar
  12. 12.
    Fischlin, M., Lehmann, A., Schröder, D.: History-free sequential aggregate signatures. In: Visconti, I., De Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 113–130. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  13. 13.
    Gentry, C., Ramzan, Z.: Identity-based aggregate signatures. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 257–273. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Gerbush, M., Lewko, A., O’Neill, A., Waters, B.: Dual form signatures: an approach for proving security from static assumptions. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 25–42. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  15. 15.
    Giesen, F., Kohlar, F., Stebila, D.: On the security of tls renegotiation. In: Proceedings of CCS 2013, pp. 387–398. ACM (2013)Google Scholar
  16. 16.
    Hohenberger, S., Koppula, V., Waters, B.: Universal signature aggregators. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 3–34. Springer, Heidelberg (2015)Google Scholar
  17. 17.
    Hohenberger, S., Sahai, A., Waters, B.: Full domain hash from (leveled) multilinear maps and identity-based aggregate signatures. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 494–512. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  18. 18.
    Hohenberger, S., Sahai, A., Waters, B.: Replacing a random oracle: full domain hash from indistinguishability obfuscation. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 201–220. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  19. 19.
    Hu, Y.C., Perrig, A., Johnson, D.B.: Ariadne: a secure on demand routing protocol for ad hoc network. Wireless Netw. 11, 21–38 (2005)CrossRefGoogle Scholar
  20. 20.
    Hwang, J.Y., Lee, D.H., Yung, M.: Universal forgery of the identity-based sequential aggregate signature scheme. In: Proceedings of ASIACCS, pp. 157–160. ACM (2009)Google Scholar
  21. 21.
    Kent, S., Lynn, C., Seo, K.: Secure border gateway protocol. IEEE J. Sel. Areas Commun. 18(4), 582–592 (2000)CrossRefGoogle Scholar
  22. 22.
    Krawczyk, H., Paterson, K.G., Wee, H.: On the security of the TLS protocol: a systematic analysis. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 429–448. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  23. 23.
    Lee, K., Lee, D.H., Yung, M.: Aggregating CL-signatures revisited: extended functionality and better efficiency. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 171–188. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  24. 24.
    Lee, K., Lee, D.H., Yung, M.: Sequential aggregate signatures with short public keys: design, analysis and implementation studies. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 423–442. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  25. 25.
    Lepinski, M., Turner, S.: An overview of bgpsec, October 2011. Internet Draft.
  26. 26.
    Lu, S., Ostrovsky, R., Sahai, A., Shacham, H., Waters, B.: Sequential aggregate signatures and multisignatures without random oracles. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 465–485. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  27. 27.
    Lysyanskaya, A., Micali, S., Reyzin, L., Shacham, H.: Sequential aggregate signatures from trapdoor permutations. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 74–90. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  28. 28.
    Neven, G.: Efficient sequential aggregate signed data. IEEE Trans. Inf. Theor. 57(3), 1803–1815 (2011)MathSciNetCrossRefGoogle Scholar
  29. 29.
    Rekhter, Y., Li, T.: A border gateway protocol 4 (bgp-4). RFC 1771, March 1995.
  30. 30.
    Rückert, M., Schröder, D.: Aggregate and verifiably encrypted signatures from multilinear maps without random oracles. In: Park, J.H., Chen, H.-H., Atiquzzaman, M., Lee, C., Kim, T., Yeo, S.-S. (eds.) ISA 2009. LNCS, vol. 5576, pp. 750–759. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  31. 31.
    Schröder, D.: How to aggregate the CL signature scheme. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 298–314. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  32. 32.
    Sun, Y., Edmundson, A., Vanbever, L., Li, O., Rexford, J., Chiang, M., Mittal, P.: Raptor: routing attacks on privacy in tor. In: Proceedings of Usenix Security 2015, pp. 271–286 (2015)Google Scholar
  33. 33.
    Tada, M.: A secure multisignature scheme with signing order verifiability. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 86(1), 73–88 (2003)MathSciNetGoogle Scholar
  34. 34.
    Valera, F., Beijnum, I.V., Garcia-Martinez, A., Bagnulo, M.: Multi-path BGP: Motivations and Solutions, Chapter 1, pp. 238–256. Cambridge University Press, Cambridge (2011)Google Scholar
  35. 35.
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  36. 36.
    Waters, B.: Dual system encryption: realizing fully secure IBE and HIBE under simple assumptions. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 619–636. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  37. 37.
    Zhao, M., Smith. S., Nicol, D.: Aggregated path authentication for efficient bgp security. In: Proceedings of CCS, pp. 128–138. ACM (2005)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Naoto Yanai
    • 1
    • 2
    Email author
  • Masahiro Mambo
    • 3
  • Kazuma Tanaka
    • 4
  • Takashi Nishide
    • 4
  • Eiji Okamoto
    • 4
  1. 1.Osaka UniversityOsakaJapan
  2. 2.AISTOsakaJapan
  3. 3.Kanazawa UniversityKanazawaJapan
  4. 4.University of TsukubaTsukubaJapan

Personalised recommendations