Identity-Based Multi-signatures from RSA [chapter]

Mihir Bellare, Gregory Neven
2006 Lecture Notes in Computer Science  
Multi-signatures allow multiple signers to jointly authenticate a message using a single compact signature. Many applications however require the public keys of the signers to be sent along with the signature, partly defeating the effect of the compact signature. Since identity strings are likely to be much shorter than randomly generated public keys, the identity-based paradigm is particularly appealing for the case of multi-signatures. In this paper, we present and prove secure an
more » ... ed multi-signature (IBMS) scheme based on RSA, which in particular does not rely on (the rather new and untested) assumptions related to bilinear maps. We define an appropriate security notion for interactive IBMS schemes and prove the security of our scheme under the one-wayness of RSA in the random oracle model.
doi:10.1007/11967668_10 fatcat:fzd4uv73cfaztbxrclp2xvp72m