Abstract
Aggregate signatures allow anyone to combine different signatures signed by different signers on different messages into a short signature. An ideal aggregate signature scheme is an identity-based aggregate signature (IBAS) scheme that supports full aggregation since it can reduce the total transmitted data by using an identity string as a public key and anyone can freely aggregate different signatures. Constructing a secure IBAS scheme that supports full aggregation in bilinear maps is an important open problem. Recently, Yuan et al. proposed such a scheme and claimed its security in the random oracle model under the computational Diffie-Hellman assumption. In this paper, we show that there is an efficient forgery on their IBAS scheme and that their security proof has a serious flaw.
Highlights
Aggregate signature schemes allow anyone to combine n different signatures on different n messages signed by different n signers into a short aggregate signature
We show that there is an efficient forgery on their identity-based aggregate signature (IBAS) scheme and that their security proof has a serious flaw
Claim 2.5 ([16]) The above IBAS scheme is existentially unforgeable under chosen message attacks in the random oracle model if the underlying IBS scheme is unforgeable under chosen message attacks
Summary
Aggregate signature schemes allow anyone to combine n different signatures on different n messages signed by different n signers into a short aggregate signature. Boneh et al [1] proposed the first aggregate signature scheme allowing anyone to combine different signatures in bilinear groups and proved its security in the random oracle model. Constructing an IBAS scheme featuring full aggregation in bilinear maps is an important open problem. The main challenge when devising an IBAS scheme with full aggregation is aggregating the random values of all signers such that each one hides the private key in the signature [3]. Yuan et al [16] proposed an IBAS scheme featuring full aggregation in bilinear maps and claimed its security in random oracle models. We show that there is a universal forgery algorithm against their IBS scheme which outputs a forged signature by using two valid signatures.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
