Aggregate signatures are used to create one short proof of authenticity and integrity from a set of digital signatures. However, one invalid signature in the set invalidates the entire aggregate, giving no information on which signatures are valid. Hartung et al. (2016) [6] propose a fault-tolerant aggregate signature scheme based on combinatorial group testing. Given a bound d on the number of invalid signatures among n signatures to be aggregated, this scheme uses d-cover-free families to determine which signatures are invalid. These combinatorial structures guarantee a moderate increase on the size of the aggregate signature that can reach the best possible compression ratio of O(nlogn), for fixed d, coming from an information theoretical bound. The case where the total number of signatures grows dynamically (unbounded scheme) was not satisfactorily solved in their original paper, since explicit constructions had constant compression ratios. In the present paper, we propose efficient solutions for the unbounded scheme, relying on sequences of d-cover-free families that we call nested families. Some of our constructions yield high compression ratio close to the best known upper bound. We also propose the use of (d,λ)-cover-free families to support the loss of up to λ−1 parts of the aggregate.
Read full abstract