A New Pairing-based Two-round Tightly-secure Multi-signature scheme with Key Aggregation

IF 0.4 4区计算机科学 Q4 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Ieice Transactions on Fundamentals of Electronics Communications and Computer Sciences Pub Date : 2023-01-01 DOI:10.1587/transfun.2023cip0022

Rikuhiro KOJIMA, Jacob C. N. SCHULDT, Goichiro HANAOKA

{"title":"A New Pairing-based Two-round Tightly-secure Multi-signature scheme with Key Aggregation","authors":"Rikuhiro KOJIMA, Jacob C. N. SCHULDT, Goichiro HANAOKA","doi":"10.1587/transfun.2023cip0022","DOIUrl":null,"url":null,"abstract":"Multi-signatures have seen renewed interest due to their application to blockchains, e.g., BIP 340 (one of the Bitcoin improvement proposals), which has triggered the proposals of several new schemes with improved efficiency. However, many previous works have a “loose” security reduction (a large gap between the difficulty of the security assumption and breaking the scheme) or depend on strong idealized assumptions such as the algebraic group model (AGM). This makes the achieved level of security uncertain when instantiated in groups typically used in practice, and it becomes unclear for developers how secure a given scheme is for a given choice of security parameters. Thus, this leads to the question “what kind of schemes can we construct that achieves tight security based on standard assumptions?”. In this paper, we show a simple two-round tightly-secure pairing-based multi-signature scheme based on the computation Diffie-Hellman problem in the random oracle model. This proposal is the first two-round multi-signature scheme that achieves tight security based on a computational assumption and supports key aggregation. Furthermore, our scheme reduce the signature bit size by 19% compared with the shortest existing tightly-secure DDH-based multi-signature scheme. Moreover, we implemented our scheme in C++ and confirmed that it is efficient in practice; to complete the verification takes less than 1 [ms] with a total (computational) signing time of 13 [ms] for under 100 signers. The source code of the implementation is published as OSS.","PeriodicalId":55003,"journal":{"name":"Ieice Transactions on Fundamentals of Electronics Communications and Computer Sciences","volume":null,"pages":null},"PeriodicalIF":0.4000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Ieice Transactions on Fundamentals of Electronics Communications and Computer Sciences","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1587/transfun.2023cip0022","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Multi-signatures have seen renewed interest due to their application to blockchains, e.g., BIP 340 (one of the Bitcoin improvement proposals), which has triggered the proposals of several new schemes with improved efficiency. However, many previous works have a “loose” security reduction (a large gap between the difficulty of the security assumption and breaking the scheme) or depend on strong idealized assumptions such as the algebraic group model (AGM). This makes the achieved level of security uncertain when instantiated in groups typically used in practice, and it becomes unclear for developers how secure a given scheme is for a given choice of security parameters. Thus, this leads to the question “what kind of schemes can we construct that achieves tight security based on standard assumptions?”. In this paper, we show a simple two-round tightly-secure pairing-based multi-signature scheme based on the computation Diffie-Hellman problem in the random oracle model. This proposal is the first two-round multi-signature scheme that achieves tight security based on a computational assumption and supports key aggregation. Furthermore, our scheme reduce the signature bit size by 19% compared with the shortest existing tightly-secure DDH-based multi-signature scheme. Moreover, we implemented our scheme in C++ and confirmed that it is efficient in practice; to complete the verification takes less than 1 [ms] with a total (computational) signing time of 13 [ms] for under 100 signers. The source code of the implementation is published as OSS.

查看原文本刊更多论文

一种新的基于配对的密钥聚合两轮严密安全多重签名方案

多重签名由于其在区块链中的应用而重新引起了人们的兴趣，例如BIP 340(比特币改进提案之一)，它引发了几个提高效率的新方案的提案。然而，以前的许多工作都是“松散”的安全约简(安全假设的难度与方案的破坏难度之间存在很大差距)，或者依赖于强理想化假设，如代数群模型(AGM)。这使得在实践中通常使用的组中实例化时实现的安全级别不确定，并且对于开发人员来说，对于给定的安全参数选择，给定的方案有多安全变得不清楚。因此，这就导致了这样一个问题:“我们可以构建什么样的方案来实现基于标准假设的严格安全性?”本文给出了一个简单的基于随机oracle模型中Diffie-Hellman计算问题的两轮严密安全的基于配对的多重签名方案。该方案是第一个基于计算假设实现严密安全性并支持密钥聚合的两轮多重签名方案。此外，与现有最短的严格安全的基于dhh的多重签名方案相比，我们的方案将签名位大小减少了19%。此外，我们还在c++中实现了该方案，并在实践中验证了该方案的有效性;完成验证所需时间少于1 [ms]，对于少于100名签名者，总(计算)签名时间为13 [ms]。该实现的源代码以OSS形式发布。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Ieice Transactions on Fundamentals of Electronics Communications and Computer Sciences 工程技术-工程：电子与电气

CiteScore

1.10

自引率

20.00%

发文量

137

审稿时长

3.9 months

期刊介绍： Includes reports on research, developments, and examinations performed by the Society''s members for the specific fields shown in the category list such as detailed below, the contents of which may advance the development of science and industry: (1) Reports on new theories, experiments with new contents, or extensions of and supplements to conventional theories and experiments. (2) Reports on development of measurement technology and various applied technologies. (3) Reports on the planning, design, manufacture, testing, or operation of facilities, machinery, parts, materials, etc. (4) Presentation of new methods, suggestion of new angles, ideas, systematization, software, or any new facts regarding the above.

文献相关原料

公司名称	产品信息	采购帮参考价格