Are the user's required to be different in Boneh et al.'s aggregate signature scheme?

raisyn

4/14/23, 4:13 PM

Boneh et al. [1] describe an aggregate signature scheme, which allows signature aggregation of $n$ distinct messages from $n$ distinct users into a single short signature. In their description, they quite clearly state that it is necessary that the messages are different to the ensure the security of the protocol. (They also list other counter-measures.)

However, while the abstract of the paper may suggest that also the users (i.e., the used keypairs) are different, this "requirement" does not get clear for me studying the remainder of the paper. So basically my question is if it is required that the users are different or if the scheme remains secure when, e.g., a single user (with a single keypair) produces signatures for $n$ different messages which are then aggregated.

[1] Boneh, Dan, et al. "Aggregate and verifiably encrypted signatures from bilinear maps." International conference on the theory and applications of cryptographic techniques. Springer, Berlin, Heidelberg, 2003. http://crypto.stanford.edu/~dabo/papers/aggreg.pdf

0 + 0

signature

Score:1

Crypto

Ievgeni

4/14/23, 4:32 PM

You have to look in details the security game defined in the paper page 6 (in particular the pararaph Response):

Finally, $\mathcal{A}$ outputs $k − 1$ additional public keys $PK_2,...,PK_k$. Here $k$ is at most $N$, a game parameter. These keys, along with the initial key PK1, will be included in $\mathcal{A}$’s forged aggregate. $\mathcal{A}$ also outputs messages $M_1,...,M_k$; and, finally, an aggregate signature $\sigma$ by the $k$ users, each on his corresponding message.

It means the adversary could generates all the key except one. Then it means one user can have access to all except one the secret keys, the scheme remains secure.

Of course, if someone has access to the $n$ secret keys, he can generate all the aggregate keys corresponding to the keys he want by correctness of the scheme.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Are the user's required to be different in Boneh et al.'s aggregate signature scheme?

TH: ผู้ใช้จำเป็นต้องแตกต่างในโครงการลายเซ็นรวมของ Boneh และคณะหรือไม่

RO: Este necesar ca utilizatorul să fie diferit în schema de semnătură agregată a lui Boneh et al.?

RU: Должны ли пользователи отличаться в схеме совокупной подписи Бонеха и др.?

VI: Người dùng có bắt buộc phải khác trong sơ đồ chữ ký tổng hợp của Boneh và cộng sự không?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.