The State of the Union: Union-Only Signatures for Data Aggregation

Diego F. Aranha; Felix Theodor Engelmann; Sebastian Kolby; Sophia Yakoubov

doi:10.1007/978-3-031-14791-3_17

The State of the Union: Union-Only Signatures for Data Aggregation

Diego F. Aranha
, Felix Theodor Engelmann
, Sebastian Kolby
, Sophia Yakoubov

Center for Information Security and Trust

Aarhus Universitet

Publikation: Konference artikel i Proceeding eller bog/rapport kapitel › Konferencebidrag i proceedings › Forskning › peer review

Abstract

A union-only signature (UOS) scheme (informally introduced
by Johnson et al. at CT-RSA 2002) allows signers to sign sets of mes-
sages in such a way that (1) any third party can merge two signatures to
derive a signature on the union of the message sets, and (2) no adversary,
given a signature on some set, can derive a valid signature on any strict
subset of that set (unless it has seen such a signature already).
Johnson et al. originally posed building a UOS as an open problem. In
this paper, we make two contributions: we give the first formal definition
of a UOS scheme, and we give the first UOS constructions. Our main
construction uses hashing, regular digital signatures, Pedersen commit-
ments and signatures of knowledge. We provide an implementation that
demonstrates its practicality. Our main construction also relies on the
hardness of the short integer solution (SIS) problem; we show how that
this assumption can be replaced with the use of groups of unknown order.
Finally, we sketch a UOS construction using SNARKs; this additionally
gives the property that the size of the signature does not grow with the
number of merges.

Originalsprog	Engelsk
Titel	International Conference on Security and Cryptography for Networks
Publikationsdato	15 sep. 2022
DOI	https://doi.org/10.1007/978-3-031-14791-3_17
Status	Udgivet - 15 sep. 2022
Begivenhed	International Conference on Security and Cryptography for Networks - Amalfi, Italien Varighed: 12 sep. 2022 → 14 sep. 2022 Konferencens nummer: 13 https://scn.unisa.it/scn22/

Konference

Konference	International Conference on Security and Cryptography for Networks
Nummer	13
Land/Område	Italien
By	Amalfi
Periode	12/09/2022 → 14/09/2022
Internetadresse	https://scn.unisa.it/scn22/

Emneord

Union-Only Signature
Digital Signatures
Short Integer Solution Problem
Pedersen Commitments
SNARKs

Adgang til dokumentet

10.1007/978-3-031-14791-3_17

https://eprint.iacr.org/2022/867.pdf

Citationsformater

@inproceedings{38255c81c20e4ccdb8156ae4a9b22e70,

title = "The State of the Union: Union-Only Signatures for Data Aggregation",

abstract = "A union-only signature (UOS) scheme (informally introduced by Johnson et al. at CT-RSA 2002) allows signers to sign sets of mes- sages in such a way that (1) any third party can merge two signatures to derive a signature on the union of the message sets, and (2) no adversary, given a signature on some set, can derive a valid signature on any strict subset of that set (unless it has seen such a signature already). Johnson et al. originally posed building a UOS as an open problem. In this paper, we make two contributions: we give the first formal definition of a UOS scheme, and we give the first UOS constructions. Our main construction uses hashing, regular digital signatures, Pedersen commit- ments and signatures of knowledge. We provide an implementation that demonstrates its practicality. Our main construction also relies on the hardness of the short integer solution (SIS) problem; we show how that this assumption can be replaced with the use of groups of unknown order. Finally, we sketch a UOS construction using SNARKs; this additionally gives the property that the size of the signature does not grow with the number of merges.",

keywords = "Union-Only Signature, Digital Signatures, Short Integer Solution Problem, Pedersen Commitments, SNARKs, Union-Only Signature, Digital Signatures, Short Integer Solution Problem, Pedersen Commitments, SNARKs",

author = "\{F. Aranha\}, Diego and Engelmann, \{Felix Theodor\} and Sebastian Kolby and Sophia Yakoubov",

year = "2022",

month = sep,

day = "15",

doi = "10.1007/978-3-031-14791-3\_17",

language = "English",

booktitle = "International Conference on Security and Cryptography for Networks",

note = "International Conference on Security and Cryptography for Networks ; Conference date: 12-09-2022 Through 14-09-2022",

url = "https://scn.unisa.it/scn22/",

}

TY - GEN

T1 - The State of the Union: Union-Only Signatures for Data Aggregation

AU - F. Aranha, Diego

AU - Engelmann, Felix Theodor

AU - Kolby, Sebastian

AU - Yakoubov, Sophia

N1 - Conference code: 13

PY - 2022/9/15

Y1 - 2022/9/15

N2 - A union-only signature (UOS) scheme (informally introduced by Johnson et al. at CT-RSA 2002) allows signers to sign sets of mes- sages in such a way that (1) any third party can merge two signatures to derive a signature on the union of the message sets, and (2) no adversary, given a signature on some set, can derive a valid signature on any strict subset of that set (unless it has seen such a signature already). Johnson et al. originally posed building a UOS as an open problem. In this paper, we make two contributions: we give the first formal definition of a UOS scheme, and we give the first UOS constructions. Our main construction uses hashing, regular digital signatures, Pedersen commit- ments and signatures of knowledge. We provide an implementation that demonstrates its practicality. Our main construction also relies on the hardness of the short integer solution (SIS) problem; we show how that this assumption can be replaced with the use of groups of unknown order. Finally, we sketch a UOS construction using SNARKs; this additionally gives the property that the size of the signature does not grow with the number of merges.

AB - A union-only signature (UOS) scheme (informally introduced by Johnson et al. at CT-RSA 2002) allows signers to sign sets of mes- sages in such a way that (1) any third party can merge two signatures to derive a signature on the union of the message sets, and (2) no adversary, given a signature on some set, can derive a valid signature on any strict subset of that set (unless it has seen such a signature already). Johnson et al. originally posed building a UOS as an open problem. In this paper, we make two contributions: we give the first formal definition of a UOS scheme, and we give the first UOS constructions. Our main construction uses hashing, regular digital signatures, Pedersen commit- ments and signatures of knowledge. We provide an implementation that demonstrates its practicality. Our main construction also relies on the hardness of the short integer solution (SIS) problem; we show how that this assumption can be replaced with the use of groups of unknown order. Finally, we sketch a UOS construction using SNARKs; this additionally gives the property that the size of the signature does not grow with the number of merges.

KW - Union-Only Signature

KW - Digital Signatures

KW - Short Integer Solution Problem

KW - Pedersen Commitments

KW - SNARKs

KW - Union-Only Signature

KW - Digital Signatures

KW - Short Integer Solution Problem

KW - Pedersen Commitments

KW - SNARKs

U2 - 10.1007/978-3-031-14791-3_17

DO - 10.1007/978-3-031-14791-3_17

M3 - Article in proceedings

BT - International Conference on Security and Cryptography for Networks

T2 - International Conference on Security and Cryptography for Networks

Y2 - 12 September 2022 through 14 September 2022

ER -

The State of the Union: Union-Only Signatures for Data Aggregation

Abstract

Konference

Emneord

Adgang til dokumentet

Fingeraftryk

Citationsformater