Abstract
As a solution to mitigate the key exposure problems in the digital signature, the forward security has been proposed. The forward security guarantees the integrity of the messages generated in the past despite leaks of a current time period secret key by evolving a secret key on each time period. In this paper, we propose a new forward secure aggregate signature scheme utilizing recursive zk-SNARKs (zero knowledge Succinct Non-interactive ARguments of Knowledge). Our proposal has constant complexities in key/signature sizes, signature generation, and verification time. The proposed forward secure signature scheme can aggregate signatures generated by multiple users as well as a single user. The security of the proposed scheme is formally proven under zero-knowledge assumption and random oracle model. The experiment results show that our signature scheme yields 12 s for signing time, 1 ms for verification time, 25 s for aggregation time, with the 1.6 KB secret key size and signature size independent of the number of time periods.
Highlights
A digital signature is used widely in many of fields as an authentication such as IoT, blockchain, etc. [1]–[3]
It results in the inefficiency of the signature scheme of which complexities are dependent on the maximum time period [5]–[7]
While the verification time is constant in several works [7], [9], [13], still one of the metrics is dependent on the maximum time period in every approach
Summary
A digital signature is used widely in many of fields as an authentication such as IoT, blockchain, etc. [1]–[3]. After the security notion is firstly proposed by Anderson [4], several forward secure signature schemes have been devised [5]–[11] for decades These works have a limitation in that the maximum time period T should be fixed in setup for the constant public key size. Though all of the statements can be proven by including these statements in a zk-SNARK circuit, it is not enough for the forward secure signature since signing keys of all time periods are required as witnesses in the proof generation. When Alice proves that the secret signing key for j period skA,j is verified and the message mA and the time period j is connected with the secret signing key, the proof can be a forward secure signature itself. Since the aggregation needs only the public information required in the verification, it can be conducted publicly
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
