[Cryptography] Aggregate signatures
xor
crypto at idlecore.com
Sun Jun 8 23:33:57 EDT 2014
My interest in aggregate signatures is related with my interest in
cryptocurrencies as well. For the application I have in mind I don't
need the verification, nor the signing, to be fast, but it needs to be
faster than performing the same operation for each individual signature,
hopefully it will have constant time when people are signing the same
message. I think I'll benchmark the relic-toolkit soon and find out.
Thank you for all this information.
On Sun, 2014-06-08 at 18:54 -0700, Steve Weis wrote:
> Hi. First off, the paper you linked to is a student's final semester
> project. I don't know how solid it is. You may want to check out the
> Boneh, Lynn, Gentry & Shacham aggregate signature scheme from:
> http://eprint.iacr.org/2002/175
>
> There is an unrestricted version proven secure by Bellare, Namprempre
> and Neven here: http://eprint.iacr.org/2006/285
>
> To my knowledge, none of this is standardized. As for library support,
> the Relic Toolkit from Diego F. Aranha may have the support you'd
> need, although I haven't looked at it closely:
> https://code.google.com/p/relic-toolkit/
>
> Ben Lynn's PBC library also offers similar support, but I've been told
> that Relic is more modern and better maintained:
> http://crypto.stanford.edu/pbc/
>
> I don't know of anyone using these in production or real world
> applications, but would be interested in hearing about any examples. I
> do know there has been some interest from the Bitcoin community in
> aggregate signatures that are fast to verify.
>
> On Sun, Jun 8, 2014 at 2:47 AM, xor <crypto at idlecore.com> wrote:
> > I'm a programmer, I need a way to have several people sign the same
> > message, and then send that message to several other people. I'd like to
> > be able to scale 'several people' to up to a million, so a list of
> > individual signatures doesn't work so well. I'm not sure what
> > cryptographic tool I require, but I'm looking into aggregate signatures.
> > Something like this:
> >
> > http://theory.stanford.edu/~dfreeman/cs259c-f11/finalpapers/aggregatesigs.pdf
> >
> > I couldn't find however a single implementation, I couldn't find one in
> > openssl, nss, or anywhere else. Does anyone know of a decent
> > implementation? Does anyone know if there is even a standard?
> >
> > _______________________________________________
> > The cryptography mailing list
> > cryptography at metzdowd.com
> > http://www.metzdowd.com/mailman/listinfo/cryptography
More information about the cryptography
mailing list