TY - GEN
T1 - Monotone-Policy Aggregate Signatures
AU - Brodsky, Maya Farber
AU - Choudhuri, Arka Rai
AU - Jain, Abhishek
AU - Paneth, Omer
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
PY - 2024
Y1 - 2024
N2 - The notion of aggregate signatures allows for combining signatures from different parties into a short certificate that attests that all parties signed a message. In this work, we lift this notion to capture different, more expressive signing policies. For example, we can certify that a message was signed by a (weighted) threshold of signers. We present the first constructions of aggregate signatures for monotone policies based on standard polynomial-time cryptographic assumptions. The aggregate signatures in our schemes are succinct, i.e., their size is independent of the number of signers. Moreover, verification is also succinct if all parties sign the same message (or if the messages have a succinct representation). All prior work requires either interaction between the parties or non-standard assumptions (that imply SNARKs for NP). Our signature schemes are based on non-interactive batch arguments (BARGs) for monotone policies [Brakerski-Brodsky-Kalai-Lombardi-Paneth, Crypto’23]. In contrast to previous constructions, our BARGs satisfy a new notion of adaptive security which is instrumental to our application. Our new BARGs for monotone policies can be constructed from standard BARGs and other standard assumptions.
AB - The notion of aggregate signatures allows for combining signatures from different parties into a short certificate that attests that all parties signed a message. In this work, we lift this notion to capture different, more expressive signing policies. For example, we can certify that a message was signed by a (weighted) threshold of signers. We present the first constructions of aggregate signatures for monotone policies based on standard polynomial-time cryptographic assumptions. The aggregate signatures in our schemes are succinct, i.e., their size is independent of the number of signers. Moreover, verification is also succinct if all parties sign the same message (or if the messages have a succinct representation). All prior work requires either interaction between the parties or non-standard assumptions (that imply SNARKs for NP). Our signature schemes are based on non-interactive batch arguments (BARGs) for monotone policies [Brakerski-Brodsky-Kalai-Lombardi-Paneth, Crypto’23]. In contrast to previous constructions, our BARGs satisfy a new notion of adaptive security which is instrumental to our application. Our new BARGs for monotone policies can be constructed from standard BARGs and other standard assumptions.
UR - http://www.scopus.com/inward/record.url?scp=85192822090&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-58737-5_7
DO - 10.1007/978-3-031-58737-5_7
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:85192822090
SN - 9783031587368
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 168
EP - 195
BT - Advances in Cryptology – EUROCRYPT 2024 - 43rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
A2 - Joye, Marc
A2 - Leander, Gregor
PB - Springer Science and Business Media Deutschland GmbH
T2 - 43rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2024
Y2 - 26 May 2024 through 30 May 2024
ER -