Efficient identification and signatures for smart cards
CRYPTO '89 Proceedings on Advances in cryptology
Accountable-subgroup multisignatures: extended abstract
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Short Signatures from the Weil Pairing
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
The Weil and Tate Pairings as Building Blocks for Public Key Cryptosystems
ANTS-V Proceedings of the 5th International Symposium on Algorithmic Number Theory
Security proofs for signature schemes
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Aggregate and verifiably encrypted signatures from bilinear maps
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Secure acknowledgment of multicast messages in open peer-to-peer networks
IPTPS'04 Proceedings of the Third international conference on Peer-to-Peer Systems
Secure acknowledgment aggregation and multisignatures with limited robustness
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web dynamics
Secure feedback service in wireless sensor networks
ISPEC'07 Proceedings of the 3rd international conference on Information security practice and experience
Identity-Based multi-signatures from RSA
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Hi-index | 0.00 |
A multicast communication source often needs to securely verify which multicast group members have received a message, but verification of individually signed acknowledgments from each member would impose a significant computation and communication cost. As pointed out by Nicolosi and Mazieres [NM04], such cost is minimized if the intermediate nodes along the multicast distribution tree aggregate the individual signatures generated by the multicast receivers into a single multisignature. While the solution of [NM04], based on a multisignature scheme of Boldyreva [Bol03], relied on so-called “Gap Diffie-Hellman” groups, we propose a solution using a multisignature scheme which is secure under just the discrete logarithm assumption. However, unlike the previously known discrete-log based multisignature scheme of Micali et al. [MOR01a], our multisignature scheme is robust, which allows for an efficient multisignature generation even in the presence of (possibly malicious) node and communication failures.