A CDH-based Ordered Multisignature Scheme Provably Secure without Random Oracles

Abstract

Ordered multisignature scheme is a signature scheme to guarantee both validity of an electronic document and its signing order. Although the security of most of such schemes has been proven in the random oracle model, the difficulty of implementation of the random oracle implies that the security should be proven without random oracles, i.e., in the standard model. A straightforward way to construct such schemes in the standard model is to apply aggregate signature schemes. However, the existing schemes based on the CDH problem are inefficient in the sense that the number of computations of the bilinear maps and the length of public keys depend upon the length of (a hash value of) the message. Therefore, in this paper, we propose a CDH-based ordered multisignature scheme which is provably secure in the standard model under a moderate attack model. Its computational cost for the bilinear maps and the size of public key are independent of the length of (a hash value of) the message. More specifically, in comparison with the existing schemes, the public key length is reduced to three group elements from 512 group elements while the computational cost is reduced to 0.85msec from 1.6msec.