How to construct random functions
Journal of the ACM (JACM)
A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
Communications of the ACM
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Keying Hash Functions for Message Authentication
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Optimal Security Proofs for PSS and Other Signature Schemes
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Efficiency improvements for signature schemes with tight security reductions
Proceedings of the 10th ACM conference on Computer and communications security
Aggregated path authentication for efficient BGP security
Proceedings of the 12th ACM conference on Computer and communications security
Deterministic Identity-Based Signatures for Partial Aggregation
The Computer Journal
Proceedings of the 14th ACM conference on Computer and communications security
Using forgetful routing to control BGP table size
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
An Aggregate Signature Scheme with Constant Pairing Operations
CSSE '08 Proceedings of the 2008 International Conference on Computer Science and Software Engineering - Volume 03
Universal forgery of the identity-based sequential aggregate signature scheme
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Aggregate and Verifiably Encrypted Signatures from Multilinear Maps without Random Oracles
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
An Efficient and Scalable Quasi-Aggregate Signature Scheme Based on LFSR Sequences
IEEE Transactions on Parallel and Distributed Systems
Understanding slow BGP routing table transfers
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Comparing two pairing-based aggregate signature schemes
Designs, Codes and Cryptography
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Aggregate and verifiably encrypted signatures from bilinear maps
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Efficient sequential aggregate signed data
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Synchronized aggregate signatures: new definitions, constructions and applications
Proceedings of the 17th ACM conference on Computer and communications security
History-free aggregate message authentication codes
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
ID-Based aggregate signatures from bilinear pairings
CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
Batch verifications with ID-Based signatures
ICISC'04 Proceedings of the 7th international conference on Information Security and Cryptology
Identity-Based aggregate and multi-signature schemes based on RSA
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Identity-Based aggregate signatures
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Sequential aggregate signatures and multisignatures without random oracles
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Identity-Based aggregate and verifiably encrypted signatures from bilinear pairing
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part IV
Pairing-Friendly elliptic curves of prime order
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
Secure Border Gateway Protocol (S-BGP)
IEEE Journal on Selected Areas in Communications
Unrestricted aggregate signatures
ICALP'07 Proceedings of the 34th international conference on Automata, Languages and Programming
Sequential aggregate signatures made shorter
ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
Hi-index | 0.00 |
Sequential aggregate signature schemes allow n signers, in order, to sign a message each, at a lower total cost than the cost of n individual signatures. We present a sequential aggregate signature scheme based on trapdoor permutations (e.g., RSA). Unlike prior such proposals, our scheme does not require a signer to retrieve the keys of other signers and verify the aggregate-so-far before adding its own signature. Indeed, we do not even require a signer to know the public keys of other signers! Moreover, for applications that require signers to verify the aggregate anyway, our schemes support lazy verification: a signer can add its own signature to an unverified aggregate and forward it along immediately, postponing verification until load permits or the necessary public keys are obtained. This is especially important for applications where signers must access a large, secure, and current cache of public keys in order to verify messages. The price we pay is that our signature grows slightly with the number of signers. We report a technical analysis of our scheme (which is provably secure in the random oracle model), a detailed implementation-level specification, and implementation results based on RSA and OpenSSL. To evaluate the performance of our scheme, we focus on the target application of BGPsec (formerly known as Secure BGP), a protocol designed for securing the global Internet routing system. There is a particular need for lazy verification with BGPsec, since it is run on routers that must process signatures extremely quickly, while being able to access tens of thousands of public keys. We compare our scheme to the algorithms currently proposed for use in BGPsec, and find that our signatures are considerably shorter nonaggregate RSA (with the same sign and verify times) and have an order of magnitude faster verification than nonaggregate ECDSA, although ECDSA has shorter signatures when the number of signers is small.