Abstract
Aggregate signature scheme allows each signer to sign a different message and then all those signatures are aggregated into a single short signature. In contrast, multisignature scheme allows multisigners to jointly sign only one message. Aggregate multisignature scheme is a combination of both aforementioned signature schemes, where signers can choose to generate either a multisignature or an aggregate signature. This combination scheme has many concrete application scenarios such as Bitcoin blockchain, Healthcare, Multicast Acknowledgment Aggregation, and so on. On the other hand, to deal with the problems of expensive certificates in certified public key cryptography and key escrow in identity-based cryptography, the notion of certificateless public key cryptography has been introduced by Riyami and Paterson at Asiacrypt’03. In this paper, we propose the first certificateless aggregate multisignature scheme that achieves the constant-size of signature and is secure in the standard model under a generalization of the Diffie-Hellman exponent assumption. In our scheme, however, the signature is generated with the help of the authority.
Highlights
A public key is just a random number, to certify that a public key belongs to a specific user we need to provide for this public key a certificate
To deal with the problems of providing, maintaining, and revoking a large amount of certificates in traditional Public Key Infrastructure (PKI) and key escrow in identitybased cryptography, the notion of certificateless public key cryptography has been introduced by Riyami and Paterson at Asiacrypt’03 [2]
Our SCL-AMS scheme has following properties: (i) the first certificateless aggregate multisignature scheme; (ii) the signature which contains four elements in all cases; (iii) being secure against strong Type I and strong Type II adversaries in the standard model under GDDHE assumptions; (iv) server-aided scheme; (v) support public key aggregation; (vi) public key size, signing time, and verifying time which depend on the maximum number of signers for one aggregating set, which is fixed at the setup
Summary
[13] under a standard assumption Their scheme still suffers two drawbacks: the signature size is linear in the number of signers in the aggregating set and their scheme needs to use random oracle to prove the security. The authors in [4] proposed a certificateless multisignature scheme without using Pairings; they gave a formal security proof for their scheme under standard assumption All of these schemes achieve constant-size of signature; they did not address the problem of public key aggregation and still need to use random oracle to prove the security.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
