Deterministic Identity Based Signature Scheme and Its Application for Aggregate Signatures
Since the introduction of identity based cryptography in 1984 by Adi Shamir, several identity based signature schemes were reported. However, there are only two deterministic identity based signature schemes available in the literature and both of them use probabilistic private key generation and uses bilinear pairing. Moreover, these signatures consist of either two or more group elements and hence they are not ‘short’. Thus an interesting and challenging open question is to design a deterministic signature scheme which does not use randomness either in the key generation phase or in the signing phase, avoid bilinear pairing and having a ‘short’ signature-where the signature consists of only one element. While this problem is addressed by BLS scheme in the PKI based setting, this has been an open problem in the identity based setting since 1984. This paper settles the open problem affirmatively. Specifically, we propose a fully deterministic identity based signature scheme, without using bilinear pairing. The signature consists of just one group element of a composite order group and its security is related to strong RSA problem in the random oracle model. Our security reduction is tight as one need not use forking lemma during security reduction for fully deterministic signature schemes. The major and important consequence of our scheme is its use for aggregate signature scheme. Our scheme leads to the first full aggregate identity based signature scheme with no prior communication among different signers. Besides our aggregate signature scheme does not employ any computation that goes through several rounds.
KeywordsIdentity Based Deterministic Signature Aggregate Signature Full Aggregation Random Oracle Model Provable Security
Unable to display preview. Download preview PDF.
- 4.Boldyreva, A., Gentry, C., O’Neill, A., Yum, D.H.: Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing. In: ACM Conference on Computer and Communications Security, CCS 2007, pp. 276–285. ACM (2007)Google Scholar
- 5.Boldyreva, A., Gentry, C., O’Neill, A., Yum, D.H.: Ordered multisignatures and identity-based sequential aggregate signatures, with applications to secure routing. Cryptology ePrint Archive, Report 2007/438 (2007), http://eprint.iacr.org/ (revised on February 21, 2010)
- 9.Cheng, X., Liu, J., Wang, X.: Identity-Based Aggregate and Verifiably Encrypted Signatures from Bilinear Pairing. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganá, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005, Part IV. LNCS, vol. 3483, pp. 1046–1054. Springer, Heidelberg (2005)CrossRefGoogle Scholar
- 15.Hwang, J.Y., Lee, D.H., Yung, M.: Universal forgery of the identity-based sequential aggregate signature scheme. In: Computer and Communications Security, ASIACCS 2009, pp. 157–160. ACM (2009)Google Scholar
- 17.Ma, D.: Practical forward secure sequential aggregate signatures. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS 2008, pp. 341–352. ACM (2008)Google Scholar
- 19.Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: The 2000 Symposium on Cryptography and Information Security, Okinawa, Japan, pp. 135–148 (January 2000)Google Scholar
- 22.Sree Vivek, S., Sharmila Deva Selvi, S., Shriram, J., Pandu Rangan, C.: Identity based partial aggregate signature scheme without pairing. Accepted in 35th IEEE Sarnoff Symposium (2012) full version, http://eprint.iacr.org/2010/461