Robust Subgroup Multisignature with One-Time Public Keys in Order

Abstract

Robust subgroup multisignature allows any subgroup of signers from a global set to sign a given message on behalf of the whole group, and the individual signatures should be verified before the combination process, which resists poison signature attacks. An emerging application of robust subgroup multisignatures in blockchain is that a qualified subgroup of a global set of users has reached agreement. In the integrated blockchain and edge computing system, the edge server can naturally act as a combiner in multisignatures and help other end devices produce the final aggregate signature. In this paper, we propose a robust subgroup multisignature with one-time public keys in order that has two advantages for solving the signers ordering problem and one-time public key problem simultaneously. Our scheme is a nontrivial extension of Galindo et al.’s robust subgroup multisignature scheme and can be proven unforgeable, robust and chronological in random oracles. Our scheme can also be suitable for the consortium blockchain by adding a noninteractive zero-knowledge (NIZK) proof system for certifying the one-time public keys.