Branding/Logomark minus Citation Combined Shape Icon/Bookmark-empty Icon/Copy Icon/Collection Icon/Close Copy 7 no author result Created with Sketch. Icon/Back Created with Sketch.
Loading Scinapse...
  • References (0)
  • Cited By (167)
Cited By167
Published on Jan 1, 2003in IACR Cryptology ePrint Archive
Chih-Yin Lin5
Estimated H-index: 5
(National Chiao Tung University),
Tzong-Chen Wu21
Estimated H-index: 21
(National Taiwan University of Science and Technology),
Fangguo Zhang23
Estimated H-index: 23
(University of Wollongong)
In this paper, the authors propose a new structured multisignature scheme that considers the signing order among co-signers. The proposed scheme can resolve signing structures of serial, parallel, and the mix of them. Moreover, the size and the verification of a structured multisignature is the same as those of an individual signature generated by any co-signer. Arithmetically, the proposed scheme makes use of the Gap Diffie-Hellman (GDH) signature scheme recently presented by Boneh, Shacham, an...
18 Citations
Published on Oct 26, 2011
Yuan Zhou5
Estimated H-index: 5
(East China Normal University),
Haifeng Qian8
Estimated H-index: 8
(East China Normal University),
Xiangxue Li9
Estimated H-index: 9
(East China Normal University)
A multisignature scheme allows an ad hoc set of users to sign a message so that the resulting single signature certifies that the users endorsed the message. However, all known multisignatures are either at the price of complexity and additional trust of Certificate Authority (CA), or sacrificing efficiency of computation and communication (including both bandwidth and round). This paper proposes a new multisignature scheme with efficient verification in the plain public key model. Our multisign...
5 Citations Source Cite
Published on Apr 15, 2005
Javier Herranz Sotoca1
Estimated H-index: 1
Digital signatures are one of the most important consequences of the appearance of public key cryptography, in 1976. These schemes provide authentication, integrity and non-repudiation to digital communications. Some extensions or variations of the concept of digital signature have been introduced, and many specific realizations of these new types of nature schemes have been proposed. In this thesis, we deal with the basic definitions and required security properties of traditional signature sch...
4 Citations
Published on Sep 12, 2011 in European Symposium on Research in Computer Security
Dominique Schröder17
Estimated H-index: 17
(University of Maryland, College Park)
We present an aggregate signature scheme whose public key consists of only two group elements. It is therefore the first sequential aggregate signature scheme with short keys in the standard model. Our construction relies on the Camenisch-Lysyanskaya signature scheme (Crypto 2004) and is provably secure under the LRSW assumption. Moreover, we develop a novel aggregation technique that we call aggregate-extension technique. The basic idea is to extend the aggregate by a single element and to use ...
14 Citations Source Cite
In this paper, we propose a new multisignature scheme based on discrete logarithms. We show that this new scheme can resist existential forgeries against adaptive chosen-message attacks in the random oracle model. The main contribution is that our security model gets rid of the special security requirement on the generation of the signers’ public keys. Adversaries are not required to reveal private keys corresponding to the public keys of its choice to the challenger in attack games. Thus the ne...
Published on Jun 25, 2013 in Applied Cryptography and Network Security
Kwangsu Lee5
Estimated H-index: 5
(Korea University),
Dong Hoon Lee22
Estimated H-index: 22
(Korea University),
Moti Yung61
Estimated H-index: 61
(Columbia University)
Sequential aggregate signature (SAS) is a special type of public-key signature that allows a signer to add his signature into a previous aggregate signature in sequential order. In this case, since many public keys are used and many signatures are employed and compressed, it is important to reduce the sizes of signatures and public keys. Recently, Lee et al. proposed an efficient SAS scheme with short public keys and proved its security without random oracles under static assumptions. In this pa...
5 Citations Source Cite
Published on Nov 26, 2001in Network Security
Chih Yin Lin1
Estimated H-index: 1
(National Chiao Tung University),
Tzong-Chen Wu21
Estimated H-index: 21
(National Chiao Tung University),
Jing-Jang Hwang1
Estimated H-index: 1
(National Chiao Tung University)
The signing structure of a multisignature scheme specifies the signing order for all signers when signing messages, and any multisignature not obeying the specified signing order will be verified as invalid. In accordance with the different responsibilities of the participant signers, the signing structure of a multisignature scheme could be further classified as the following three types: serial, parallel and mixed, where the mixed structure is regarded as the mix of the serial and the parallel...
6 Citations Source Cite
Published on Apr 23, 2009
Published on May 12, 2014
Multisignature is an extension of digital signature, where a group of signers jointly produce a valid signature on a message. Distinguished Signing authorities were first introduced by L.Harn. In Distinguished signing authorities, each of the signers is responsible for only one part of the message rather than the whole message itself. Along with the group of signers, we also have a trusted clerk who verifies the individual signatures and generates the final multisignature. We extensively studied...
Published on Jan 1, 2004in IACR Cryptology ePrint Archive
Lifeng Guo2
Estimated H-index: 2
(Chinese Academy of Sciences)
In [1], Li et al. proposed a new type of signature scheme, called the (t, n) thresholdmutisignature scheme. The first one needs a mutually trusted share distribution center (SDC) while the second one does not. In this paper, we present a security analysis on their second schemes. We point out that their second threshold-multisignature scheme is vulnerable to universal forgery by an insider attacker under reasonable assumptions. In our attack, (n − t + 1) colluding members can control the group s...
2 Citations
View next paperRandom oracles are practical: a paradigm for designing efficient protocols