Sequential Aggregate Signatures from Trapdoor Permutations

by Anna Lysyanskaya, Silvio Micali, Leonid Reyzin, and Hovav Shacham

An aggregate signature scheme (recently proposed by Boneh, Gentry, Lynn, and Shacham) is a method for combining n signatures from n different signers on n different messages into one signature of unit length. We propose sequential aggregate signatures, in which the set of signers is ordered. The aggregate signature is computed by having each signer, in turn, add his signature to it. We show how to realize this in such a way that the size of the aggregate signature is independent of n. This makes sequential aggregate signatures a natural primitive for certificate chains, whose length can be reduced by aggregating all signatures in a chain. We give a construction in the random oracle model based on families of certified trapdoor permutations, and show how to instantiate our scheme based on RSA.

This is the full version of the work that appears in Advances in Cryptology -- Eurocrypt 2004, Cachin and Camenisch, editors, Lecture Notes in Computer Science 3027, pages 74-90, Springer-Verlag, 2004. © IACR.