Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
On the Security of the RSA-Based Multisignature Scheme for Various Group Structures
ACISP '00 Proceedings of the 5th Australasian Conference on Information Security and Privacy
A Multisignature Scheme with Message Flexibility, Order Flexibility and Order Verifiability
ACISP '00 Proceedings of the 5th Australasian Conference on Information Security and Privacy
Parallel Algorithms for Series Parallel Graphs
ESA '96 Proceedings of the Fourth Annual European Symposium on Algorithms
A Structured ElGamal-Type Multisignature Scheme
PKC '00 Proceedings of the Third International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
Proceedings of the 14th ACM conference on Computer and communications security
New Multiparty Signature Schemes for Network Routing Applications
ACM Transactions on Information and System Security (TISSEC)
On the exact security of multi-signature schemes based on RSA
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
ID-Based series-parallel multisignature schemes for multi-messages from bilinear maps
WCC'05 Proceedings of the 2005 international conference on Coding and Cryptography
| Hi-index | 0.00 |
In an order-specified multisignature scheme, one can verify not only a set of signers who have signed the message but also its signing order. Though we have seen several scheme with such properties proposed, none of them is given the security proof against active adversaries. In the scheme by [6], no polynomial-time active adversary can forge a signature for a new message, but it is possible for active adversaries to forge a signature changing its signing order. Furthermore, that scheme has the restriction that the possible signing orders are only ones of the type of serial signing. In this paper, we propose an order-specified multisignature scheme, which is shown to be secure against adaptive chosen-message insider attacks for bath a message and a signing order, and which allows the signing orders to form like any series-parallel graphs unlike the scheme [6]. The security is shown by using ID-reduction technique, which reduces the security of multisignature schemes to those of multi-round identification schemes. Furthermore, we discuss the efficiency of the proposed scheme and the upper bound of the possible number of participating signers.