中国邮电高校学报(英文) ›› 2015, Vol. 22 ›› Issue (6): 36-44.doi: 10.1016/S1005-8885(15)60691-4

• Artificial Intelligence • 上一篇    下一篇

Lattice-based sequential aggregate signatures with lazy verification

Zhang Yanhua, Hu Yupu, Jiang Mingming, Xue Lili   

  1. 1. State Key Laboratory of Integrated Service Networks, Xidian University, Xi’an 71007, China 2. School of Computer Science and Technology, Huaibei Normal University, Huaibei 23500, China
  • 出版日期:2015-12-31
  • 通讯作者: Zhang Yanhua E-mail:yhzhangxidian@163.com

Lattice-based sequential aggregate signatures with lazy verification

Zhang Yanhua, Hu Yupu, Jiang Mingming, Xue Lili   

  1. 1. State Key Laboratory of Integrated Service Networks, Xidian University, Xi’an 71007, China 2. School of Computer Science and Technology, Huaibei Normal University, Huaibei 23500, China
  • Online:2015-12-31

摘要: This paper proposes the first lattice-based sequential aggregate signature (SAS) scheme with lazy verification that is provably secure in the random oracle model. As opposed to large integer factoring and discrete logarithm based systems, the security of the construction relies on worst-case lattice problem, namely, under the small integer solution (SIS) assumption. Generally speaking, SAS schemes enable any group of signers ordered in a chain to sequentially combine their signatures such that the size of the aggregate signature is much smaller than the total size of all individual signatures. Unlike prior such proposals, the new scheme does not require a signer to retrieve the keys of other signers and verify the aggregate-so-far before adding its own signature, and the signer can add its own signature to an unverified aggregate and forward it along immediately, postponing verification until load permits or the necessary public keys are obtained. Indeed, the new scheme does not even require a signer to know the public keys of other signers.

关键词: sequential aggregate signatures, lattice-based cryptography, lazy verification, small integer solution

Abstract: This paper proposes the first lattice-based sequential aggregate signature (SAS) scheme with lazy verification that is provably secure in the random oracle model. As opposed to large integer factoring and discrete logarithm based systems, the security of the construction relies on worst-case lattice problem, namely, under the small integer solution (SIS) assumption. Generally speaking, SAS schemes enable any group of signers ordered in a chain to sequentially combine their signatures such that the size of the aggregate signature is much smaller than the total size of all individual signatures. Unlike prior such proposals, the new scheme does not require a signer to retrieve the keys of other signers and verify the aggregate-so-far before adding its own signature, and the signer can add its own signature to an unverified aggregate and forward it along immediately, postponing verification until load permits or the necessary public keys are obtained. Indeed, the new scheme does not even require a signer to know the public keys of other signers.

Key words: sequential aggregate signatures, lattice-based cryptography, lazy verification, small integer solution