Paper 2013/434

Full Domain Hash from (Leveled) Multilinear Maps and Identity-Based Aggregate Signatures

Susan Hohenberger, Amit Sahai, and Brent Waters

Abstract

In this work, we explore building constructions with full domain hash structure, but with standard model proofs that do not employ the random oracle heuristic. The launching point for our results will be the utilization of a ``leveled'' multilinear map setting for which Garg, Gentry, and Halevi (GGH) recently gave an approximate candidate. Our first step is the creation of a standard model signature scheme that exhibits the structure of the Boneh, Lynn and Shacham signatures. In particular, this gives us a signature that admits unrestricted aggregation. We build on this result to offer the first *identity-based* aggregate signature scheme that admits unrestricted aggregation. In our construction, an arbitrary-sized set of signatures on identity/message pairs can be aggregated into a single group element, which authenticates the entire set. The identity-based setting has important advantages over regular aggregate signatures in that it eliminates the considerable burden of having to store, retrieve or verify a set of verification keys, and minimizes the total cryptographic overhead that must be attached to a set of signer/message pairs. While identity-based signatures are trivial to achieve, their aggregate counterparts are not. To the best of our knowledge, no prior candidate for realizing unrestricted identity-based aggregate signatures exists in either the standard or random oracle models. A key technical idea underlying these results is the realization of a hash function with a Naor-Reingold-type structure that is publicly computable using repeated application of the multilinear map. We present our results in a generic ``leveled'' multilinear map setting and then show how they can be translated to the GGH graded algebras analogue of multilinear maps.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. This is the full version of the paper in CRYPTO 2013.
Keywords
full domain hashidentity-based aggregate signaturesmultilinear maps
Contact author(s)
susan @ cs jhu edu
History
2013-07-30: revised
2013-07-13: received
See all versions
Short URL
https://ia.cr/2013/434
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/434,
      author = {Susan Hohenberger and Amit Sahai and Brent Waters},
      title = {Full Domain Hash from (Leveled) Multilinear Maps and Identity-Based Aggregate Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2013/434},
      year = {2013},
      note = {\url{https://eprint.iacr.org/2013/434}},
      url = {https://eprint.iacr.org/2013/434}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.