JP5183401B2  Aggregate signature generation system, aggregate signature generation method, and aggregate signature generation program  Google Patents
Aggregate signature generation system, aggregate signature generation method, and aggregate signature generation program Download PDFInfo
 Publication number
 JP5183401B2 JP5183401B2 JP2008251304A JP2008251304A JP5183401B2 JP 5183401 B2 JP5183401 B2 JP 5183401B2 JP 2008251304 A JP2008251304 A JP 2008251304A JP 2008251304 A JP2008251304 A JP 2008251304A JP 5183401 B2 JP5183401 B2 JP 5183401B2
 Authority
 JP
 Japan
 Prior art keywords
 signature
 aggregate
 signature generation
 aggregate signature
 plurality
 Prior art date
 Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
 Active
Links
Images
Description
The present invention relates to an aggregate signature generation system, an aggregate signature generation method, and an aggregate signature generation program.
Conventionally, various electronic information has been transmitted via a network or a medium. As a mechanism for guaranteeing a source of electronic information, there is an electronic signature. An electronic signature is a signature operation that uses a signature key and electronic information that only a specific person knows as input values, and the verifier uses public information called a verification key and signed data as input values. By performing the verification calculation, it is possible to confirm whether or not the abovementioned specific person is a data transmission source. According to this electronic signature, since it is difficult to derive a signature key from a verification key, a person who is not a specific person cannot impersonate a specific person to perform the signature. Can guarantee sex.
Here, depending on the electronic information, a case in which a plurality of people intervene and sign is assumed. Examples of this case include circulation of electronic data and an approval system in a company. Thus, multiple signatures (NonPatent Document 1) and group signatures (Patent Document 1) have been proposed as methods for performing signatures of a plurality of persons.
However, since the multiple signatures and group signatures described above are signed by a plurality of signers for one message, they cannot be used for circulation of adding a message. Therefore, an aggregate electronic signature (Nonpatent Documents 2 and 3) has been proposed as a scheme in which each signer signs different messages and collects the signatures. According to this aggregate electronic signature, it is possible to aggregate the signatures of different messages signed by each signer while keeping the signature size constant regardless of the number of signers. For this reason, the aggregate electronic signature can be used in circulation for adding a message.
Shinpo, "An ElGamal Signature Modification Suitable for Multiple Signatures", Symposium on Cryptography and Information Security (CSS), 2C, IEICE, 1994 Isamu Teranishi, Kazue Sako, Jun Noda, Daigo Taguchi, "RSAbased Sequential Aggregate signature scheme whose signature length is not proportional to the number of signers", CSEC28, 2005 D. Boneh, C.I. Gentry, B.M. Lynn, and H.M. Shacham, "Aggregate and Verify Encrypted Signatures from Bilinear Map," Advances in Cryptology EUROCRYPT 2003, SpringerVerlag, 2003
However, the abovedescribed aggregate electronic signature method cannot express to which hierarchy the signer belongs.
Accordingly, the present invention has been made in view of the abovedescribed problems, and provides an aggregate signature generation system, an aggregate signature generation method, and an aggregate signature generation program that can express to which hierarchy a signer belongs. The purpose is to do.
The present invention proposes the following matters in order to solve the above problems.
(1) The present invention provides an aggregate signature generation system in which a plurality of signature generation apparatuses used by a signer to form a signature are arranged in a plurality of hierarchies and each signer signs a different message Each of the plurality of signature generation devices includes a key storage unit that stores different private keys, a public key obtained by performing a power operation on the private key with respect to a predetermined parameter, and an own message. The signature generation unit that generates a signature by performing a power operation on the hash of the private key and the signature generated by the signature generation unit with a predetermined value that is different for each hierarchy to which the signature belongs A power calculation unit that performs a power operation, and a predetermined signature generation device among the plurality of signature generation devices calculates a sum of the calculation results of the power operation unit for each layer, and By multiplying the result of the calculation, it has proposed an aggregate signature generation system characterized in that it further comprises an aggregate signature generation unit for generating an aggregate signature.
According to the present invention, each of the plurality of signature generation apparatuses generates a signature by performing a power operation with its own secret key on the hash of its own message by the signature generation unit. Then, the exponentiation operation unit performs an exponentiation operation on the signature generated by the signature generation unit with a predetermined value different for each hierarchy to which the signature belongs. The predetermined signature generation device among the plurality of signature generation devices calculates the sum of the calculation results of the power calculation unit for each hierarchy by the aggregate signature generation unit, multiplies the calculation results for each hierarchy, and Generate a signature.
For this reason, the aggregate signature is represented by a structure in which a power operation is performed on the hash of the message by each private key and a predetermined value. And this predetermined value is a value which changes with every hierarchy to which self belongs. Therefore, the hierarchy of the signature generation apparatus can be expressed by the structure of the exponent of the mathematical expression representing the aggregate signature. Therefore, by using different signature generation apparatuses for each signer, it is possible to express to which hierarchy the signer belongs.
Further, since the aggregate signature is in the same cyclic group as the signatures of the respective signers, the aggregate signature can be stored in a certain size regardless of the number of signers.
(2) In the aggregate signature generation system according to (1), the predetermined value is a value obtained by performing a power operation on a specific value by a difference in the number of layers between the layer to which the self belongs and the lowest layer. We propose an aggregate signature generation system characterized by
According to the present invention, the predetermined value is represented by a value obtained by performing a power operation on the specific value by the difference in the number of layers between the layer to which the device belongs and the lowest layer. For this reason, the hierarchy to which the signature generation apparatus belongs can be expressed by a specific value among the exponents of the mathematical expression representing the aggregate signature.
(3) The present invention further includes a signature verification device for verifying the aggregate signature in the aggregate signature generation system according to (1) or (2), wherein the signature verification device includes the predetermined parameter, the public key And an aggregate signature verification unit that performs a GAPDiffieHellman signature operation using the hash of the message and the aggregate signature as input, and verifies the validity of the aggregate signature. An aggregate signature generation system is proposed.
According to the present invention, the signature verification apparatus performs the calculation of the GAPDiffieHellman signature using the predetermined parameter, public key, message hash, and aggregate signature as inputs by the aggregate signature verification unit. Verify the validity of the gate signature.
Here, the calculation of the GAPDiffieHellman signature will be described below. A GAPDiffieHellman (GDH) signature is a signature that uses a decisiondifficultHellman (DDH) problem that can be solved by using a certain black box function e (P, Q) called pairing. .
First, the DDH problem will be described. The DDH problem is a problem that determines whether or not ab = c is satisfied when g, ga, gb, and gc are given. For this problem, the function e (P, Q) has the following properties.
Due to the properties shown in Formula 1, when g, ga, gb, and gc are input to the function e (P, Q), Formulas 2 and 3 are obtained.
For this reason, whether or not the abovementioned ab = c is satisfied can be determined based on whether or not the values of Equation 2 and Equation 3 match.
Next, the GDH signature procedure will be described. In the GDH signature, a key is generated, and the signature is performed using the generated key.
When generating a key, x is randomly selected from Zp *, and v is calculated such that v = gx. Then, v is a public key and x is a secret key.
When signing, a secret key x and a message m are prepared. Then, a hash h is calculated from the message m, and a signature σ is obtained by raising the hash h to the power of x.
The verification of the signature σ is performed as follows. Here, since the GDH signature uses an element of G *, the hash h is also an element of G *, and as a result, h = ga holds. Therefore, if the signature σ is correct, the following expression is established.
When (g, v, h, σ) is input to the function e (P, Q), the following equation is established.
As described above, if the signature σ is correct, the values of Equation 5 and Equation 6 match. Therefore, the signature σ can be verified based on whether the values of Formula 5 and Formula 6 match.
As described above, the validity of the aggregate signature can be verified by the calculation of the GDH signature.
(4) The present invention relates to an aggregate signature generation system in which a plurality of signature generation apparatuses used for signing by a signer to form a multilevel hierarchical structure and each signer signs a different message. A method for generating an aggregate signature, wherein each of the plurality of signature generation apparatuses stores a secret key different from each other and a public key obtained by performing a power operation with respect to a predetermined parameter using the secret key. A second step of generating a signature by performing a power operation on the hash of its own message with its own secret key by each of the plurality of signature generation devices, and the plurality of signature generations Third, each device performs a power operation on the signature generated in the second step with a predetermined value that is different for each hierarchy to which the signature belongs. A sum of the calculation results of the third step is calculated for each layer by a predetermined signature generation device among the plurality of signature generation devices, and an aggregate signature is generated by multiplying the calculation result for each layer And a fourth step of providing an aggregate signature generation method.
According to the present invention, each of the plurality of signature generation devices generates a signature by performing a power operation with the own secret key on the hash of its own message. Then, a power operation is performed on the generated signature with a predetermined value that is different for each hierarchy to which the signature belongs. Then, a predetermined signature generation device among a plurality of signature generation devices calculates the sum of the calculation results of the exponentiation operation for each layer and multiplies the calculation results for each layer to generate an aggregate signature.
For this reason, the aggregate signature is represented by a structure in which a power operation is performed on the hash of the message by each private key and a predetermined value. And this predetermined value is a value which changes with every hierarchy to which self belongs. Therefore, the hierarchy of the signature generation apparatus can be expressed by the structure of the exponent of the mathematical expression representing the aggregate signature. Therefore, by using different signature generation apparatuses for each signer, it is possible to express to which hierarchy the signer belongs.
Further, since the aggregate signature is in the same cyclic group as the signatures of the respective signers, the aggregate signature can be stored in a certain size regardless of the number of signers.
(5) In the aggregate signature generation method according to (4), the predetermined value is a value obtained by performing a power operation on a specific value by the difference in the number of layers between the layer to which the self belongs and the lowest layer. We have proposed an aggregate signature generation method characterized by
According to the present invention, the predetermined value is represented by a value obtained by performing a power operation on the specific value by the difference in the number of layers between the layer to which the device belongs and the lowest layer. For this reason, the hierarchy to which the signature generation apparatus belongs can be expressed by a specific value among the exponents of the mathematical expression representing the aggregate signature.
(6) The present invention relates to the aggregate signature generation method according to (4) or (5), wherein the signature verification apparatus for verifying the aggregate signature is further arranged in the aggregate signature generation system. Then, the signature verification device performs an operation of a GAPDiffieHellman signature with the predetermined parameter, the public key, the hash of the message, and the aggregate signature as inputs, thereby validating the aggregate signature. The present invention proposes an aggregate signature generation method comprising a fifth step of verifying the authenticity.
According to the present invention, the signature verification apparatus performs a GAPDiffieHellman signature operation by inputting predetermined parameters, a public key, a message hash, and an aggregate signature, and verifies the validity of the aggregate signature. To do. Therefore, the validity of the aggregate signature can be verified.
(7) The present invention relates to an aggregate signature generation system in which a plurality of signature generation apparatuses used for signing by a signer to form a multilayered hierarchical structure and each signer signs a different message An aggregate signature generation program for causing a computer to execute an aggregate signature generation method that performs a secret key that is different from each other by each of the plurality of signature generation devices and a predetermined parameter. A first step of storing a public key that has been exponentiated with a key; and each of the plurality of signature generation devices performs a power operation with its own secret key on a hash of its own message, thereby obtaining a signature. A second step of generating the signature generated by the second step by each of the plurality of signature generation devices; A third step of performing a power operation with a different predetermined value for each layer to which the device belongs, and a predetermined signature generation device among the plurality of signature generation devices to calculate a sum of the operation results of the third step An aggregate signature generation program for causing a computer to execute a fourth step of generating an aggregate signature by calculating for each layer and multiplying a calculation result for each layer is proposed.
According to the present invention, by causing the computer to execute the aggregate signature generation program, the signature is generated by performing a power operation with the own secret key on the hash of the own message. Then, a power operation is performed on the generated signature with a predetermined value that is different for each hierarchy to which the signature belongs. Then, the sum of the operation results of the power operation is calculated for each layer, and the calculation result for each layer is multiplied to generate an aggregate signature.
For this reason, the aggregate signature is represented by a structure in which a power operation is performed on the hash of the message by each private key and a predetermined value. And this predetermined value is a value which changes with every hierarchy to which self belongs. Therefore, the hierarchy of the signature generation apparatus can be expressed by the structure of the exponent of the mathematical expression representing the aggregate signature. Therefore, by using different signature generation apparatuses for each signer, it is possible to express to which hierarchy the signer belongs.
Further, since the aggregate signature is in the same cyclic group as the signatures of the respective signers, the aggregate signature can be stored in a certain size regardless of the number of signers.
(8) In the aggregate signature generation program according to (7), the predetermined value is a value obtained by performing a power operation on a specific value by a difference in the number of layers between the layer to which the program belongs and the lowest layer. We have proposed an aggregate signature generation program characterized by
According to this invention, by causing the computer to execute the aggregate signature generation program, the predetermined value is expressed as a value obtained by performing a power operation on the specific value by the difference in the number of layers between the layer to which the computer belongs and the lowest layer. The For this reason, the hierarchy to which the signature generation apparatus belongs can be expressed by a specific value among the exponents of the mathematical expression representing the aggregate signature.
(9) The present invention relates to the aggregate signature generation program in the aggregate signature generation system in which the signature verification device for verifying the aggregate signature is further arranged for the aggregate signature generation program of (7) or (8). Then, the signature verification device performs an operation of a GAPDiffieHellman signature with the predetermined parameter, the public key, the hash of the message, and the aggregate signature as inputs, thereby validating the aggregate signature. This invention proposes an aggregate signature generation program comprising a fifth step for verifying the authenticity.
According to the present invention, by causing the computer to execute the aggregate signature generation program, the GAPDiffieHellman signature is calculated using the predetermined parameters, public key, message hash, and aggregate signature as inputs, Verify the validity of the aggregate signature. Therefore, the validity of the aggregate signature can be verified.
According to the present invention, the aggregate signature is represented by a structure in which a power operation is performed on the hash of the message by each private key and a predetermined value. And this predetermined value is a value which changes with every hierarchy to which self belongs. Therefore, the hierarchy of the signature generation apparatus can be expressed by the structure of the exponent of the mathematical expression representing the aggregate signature. Therefore, by using different signature generation apparatuses for each signer, it is possible to express to which hierarchy the signer belongs.
Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
Note that the constituent elements in the present embodiment can be appropriately replaced with existing constituent elements and the like, and various variations including combinations with other existing constituent elements are possible. Therefore, the description of the present embodiment does not limit the contents of the invention described in the claims.
The aggregate signature system includes a plurality of nodes provided for each signer who performs a signature, and a signature verification apparatus that verifies signatures generated by the plurality of nodes. Each node includes a key storage unit that stores a signature key (secret key) and a verification key (public key), a signature generation unit that generates a signature, and a hierarchy to which the node belongs to the signature generated by the signature generation unit And a power calculation unit for performing power calculation with different predetermined values. In addition, a predetermined node of these nodes includes an aggregate signature generation unit that generates an aggregate signature. The signature verification apparatus includes an aggregate signature verification unit that verifies the validity of the aggregate signature.
As shown in FIG. 1, a plurality of nodes are arranged to form a hierarchy of d layers (d is an integer satisfying 4 ≦ d). In the first layer, which is the highest layer, p nodes (p is an integer satisfying 1 ≦ p) are arranged, and in the (d−2) layer, o nodes (o is 1 ≦ o). (Integer integer) nodes are arranged, n nodes (n is an integer satisfying 1 ≦ n) are arranged in the (d−1) layer, and m is arranged in the d layer, which is the lowest layer. Nodes (m is an integer satisfying 1 ≦ m) are arranged. In the present embodiment, each signer signs a different message using his / her node.
<Generation of an aggregate signature when a hierarchy of d layers is formed>
Hereinafter, a case where an aggregate signature is generated by the node of FIG. 1 will be described.
Here, the pair of the signature key (private key) and the verification key (public key) is the same as that of the node (1l) in the first layer as shown in Equation 7, but the node (( d2) k) is represented by Equation 8, the (d1) th layer node ((d1) j) is represented by Equation 9, and the dth layer is numbered. It is expressed as 10. In Equation 7, l is an integer satisfying 1 ≦ l ≦ p, in Equation 8, k is an integer satisfying 1 ≦ k ≦ o, and in Equation 9, j satisfies 1 ≦ j ≦ n. It is set as an integer, and in Expression 10, i is an integer satisfying 1 ≦ i ≦ m.
First, each node (di) in the dth layer performs a GDH signature as shown in Equation 11 and performs a power operation with its signature key xdi on the hash hdi of the message mdi. To make the signature σdi belonging to the dth layer.
Next, each node ((d1) j) in the (d1) layer performs a GDH signature, as shown in Equation 12, and a hash h () of the message m (d1) j After performing a power operation on d1) j with its own signature key x (d1) j, it further performs a power operation on the first value and belongs to the (d1) layer. Let it be its own signature σ (d−1) j. Here, the first value is a value obtained by raising “2” to the power of “1” times equal to the difference in the number of layers between the (d−1) layer and the d layer, which is the lowest layer. 2 (= 21) ".
Next, each node ((d2) k) in the (d2) layer performs a GDH signature, as shown in Equation 13, and a hash h () of the message m (d2) k d2) k is subjected to a power operation with its own signature key x (d2) k and then a power operation is further performed with the second value to belong to the (d2) layer. It is assumed that its signature σ (d−2) −k. Here, the second value is a value obtained by raising “2” to the power of “2” times equal to the difference in the number of layers between the (d−2) th layer and the dth layer that is the lowest layer. 4 (= 22) ".
For each node belonging to a layer higher than the (d2) th layer, signatures are sequentially generated in the same manner as in Equations 12 and 13 above.
For example, each node (1l) in the first layer, which is a layer higher than the (d2) layer, performs GDH signature as shown in Equation 14, and the hash h1 of the message m1l After performing a power operation on l with its own signature key x1l, it further performs a power operation with a predetermined value to obtain its own signature σ1l belonging to the first layer. Here, the predetermined value is a value obtained by raising “2” to the power of “d−1” times equal to the difference in the number of layers between the first layer and the dth layer that is the lowest layer. "
Next, after all nodes in all layers generate their own signatures, a predetermined node such as the node that finally generated their signatures is the signature of all nodes in all layers as shown in Equation 15. And the product of these is used as the aggregate signature σ.
Next, (g, h, σ) is disclosed.
<Verification of the aggregate signature generated when the hierarchy of the d layer is formed>
The case where the aggregate signature generated at the node of FIG. 1 is verified will be described below.
First, the signature verification apparatus inputs (g,..., Vfq,..., Hfq,...) To a function e (P, Q) as shown in equations 16 and 17. , GDH signature calculation is performed. Here, vfq represents the verification key of the node (fq) of the fth layer (f is an integer satisfying 1 ≦ f ≦ d), and hfq represents the fth layer (f is 1 The hash of the message mfq in the node (fq) of ≦ f ≦ d is shown. Q is an integer satisfying 1 ≦ q <f.
The aggregate signature σ is verified by verifying whether the value of Expression 16 and the value of Expression 17 match. Specifically, if the value of Expression 16 and the value of Expression 17 match, it is determined that the aggregate signature σ is correct, and if the value of Expression 16 does not match the value of Expression 17, the aggregate signature σ is Judge that it is not correct.
As described above, the aggregate signature σ can be expressed by performing a power operation with a predetermined value on the hash hfq of the message mfq, as shown in Equation 15. Here, the predetermined value is expressed by multiplying each signature key by a different value for each hierarchy to which the node belongs.
The different value for each layer to which this node belongs is “1” in the dth layer, “2” in the (d−1) th layer, and “4” in the (d2) th layer. In the first layer, “2d−1” is obtained. Therefore, the hierarchy to which the node belongs can be distinguished by a multiple of the signature key. Therefore, since the nodes belonging to each hierarchy can be distinguished by the structure of the exponent of the mathematical expression representing the aggregate signature σ, it is possible to express which hierarchy the signer belongs to.
Further, since the aggregate signature σ is in the same cyclic group as the signatures of each signer, the aggregate signature σ can be stored in a certain size regardless of the number of signers.
The processing of the node and signature verification device of the present invention is stored in a computerreadable recording medium, and the program recorded on these recording media is read and executed by the node and signature verification device (both are computer systems). By doing so, the present invention can be realized.
Further, the “computer system” includes a homepage providing environment (or display environment) if a WWW (World Wide Web) system is used. Further, the abovedescribed program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.
Further, the abovedescribed program may be for realizing a part of the abovedescribed function. Furthermore, what can implement  achieve the abovementioned function in combination with the program already recorded on the computer system, what is called a difference file (difference program) may be sufficient.
The embodiments of the present invention have been described in detail with reference to the drawings. However, the specific configuration is not limited to the embodiments, and includes designs and the like that do not depart from the gist of the present invention.
x1l, x (d1) j, x (d2) k, xdi ... signature key (secret key)
v1l, v (d1) j, v (d2) k, vdi ... verification keys (public keys)
σ ・ ・ ・ Aggregate signature
Claims (9)
 An aggregate signature generation system in which a plurality of signature generation apparatuses used by a signer to form a signature is arranged in a plurality of layers to form a hierarchical structure, and each signer signs a different message,
Each of the plurality of signature generation devices includes:
A key storage unit for storing different secret keys, and a public key obtained by performing a power operation with the secret key for the predetermined parameter;
A signature generation unit that performs a power operation on the hash of its own message with its own secret key and generates a signature;
A power calculation unit that performs a power operation with a predetermined value different for each hierarchy to which the signature belongs, with respect to the signature generated by the signature generation unit;
With
The predetermined signature generation device among the plurality of signature generation devices calculates an aggregate sum of calculation results by the power calculation unit for each layer, and multiplies the calculation results for each layer to generate an aggregate signature. An aggregate signature generation system further comprising a generation unit.  2. The aggregate signature generation system according to claim 1, wherein the predetermined value is a value obtained by performing a power operation on a specific value by a difference in the number of layers between a layer to which the predetermined value belongs and a lowest layer.
 A signature verification device for verifying the aggregate signature;
The signature verification device verifies the validity of the aggregate signature by performing a GAPDiffieHellman signature calculation using the predetermined parameter, the public key, the hash of the message, and the aggregate signature as inputs. The aggregate signature generation system according to claim 1, further comprising an aggregate signature verification unit configured to perform the aggregate signature verification.  Aggregate signature generation method in which each signer signs a different message in an aggregate signature generation system in which a plurality of signature generation apparatuses used for signing by a signer to form a multilevel hierarchical structure are arranged Because
A first step of storing, by each of the plurality of signature generation devices, a different private key and a public key obtained by performing a power operation with respect to a predetermined parameter using the private key;
A second step of generating a signature by performing a power operation on the own hash of the message with the secret key of each of the plurality of signature generation devices;
A third step of performing a power operation with a predetermined value different for each hierarchy to which the signature belongs by each of the plurality of signature generation devices;
A sum of the calculation results of the third step is calculated for each hierarchy by a predetermined signature generation apparatus among the plurality of signature generation apparatuses, and an aggregate signature is generated by multiplying the calculation result for each hierarchy. And the steps
An aggregate signature generation method comprising:  5. The aggregate signature generation method according to claim 4, wherein the predetermined value is a value obtained by performing a power operation on a specific value by a difference between the number of layers to which the layer belongs and the lowest layer.
 An aggregate signature generation method in the aggregate signature generation system, further comprising a signature verification device for verifying the aggregate signature,
The signature verification device performs a GAPDiffieHellman signature operation by inputting the predetermined parameter, the public key, the hash of the message, and the aggregate signature, and verifies the validity of the aggregate signature. The aggregate signature generation method according to claim 4, further comprising: a fifth step.  Aggregate signature generation method in which each signer signs a different message in an aggregate signature generation system in which a plurality of signature generation apparatuses used for signing by a signer to form a multilevel hierarchical structure are arranged Is an aggregate signature generation program for causing a computer to execute
A first step of storing, by each of the plurality of signature generation devices, a different private key and a public key obtained by performing a power operation with respect to a predetermined parameter using the private key;
A second step of generating a signature by performing a power operation on the own hash of the message with the secret key of each of the plurality of signature generation devices;
A third step of performing a power operation with a predetermined value different for each hierarchy to which the signature belongs by each of the plurality of signature generation devices;
A sum of the calculation results of the third step is calculated for each hierarchy by a predetermined signature generation apparatus among the plurality of signature generation apparatuses, and an aggregate signature is generated by multiplying the calculation result for each hierarchy. And the steps
Aggregate signature generation program for causing a computer to execute.  8. The aggregate signature generation program according to claim 7, wherein the predetermined value is a value obtained by performing a power operation on a specific value by a difference in the number of layers between a layer to which the predetermined value belongs and a lowest layer.
 An aggregate signature generation program in the aggregate signature generation system in which a signature verification device for verifying the aggregate signature is further arranged,
The signature verification device performs a GAPDiffieHellman signature operation by inputting the predetermined parameter, the public key, the hash of the message, and the aggregate signature, and verifies the validity of the aggregate signature. The aggregate signature generation program according to claim 7 or 8, further comprising a fifth step.
Priority Applications (1)
Application Number  Priority Date  Filing Date  Title 

JP2008251304A JP5183401B2 (en)  20080929  20080929  Aggregate signature generation system, aggregate signature generation method, and aggregate signature generation program 
Applications Claiming Priority (1)
Application Number  Priority Date  Filing Date  Title 

JP2008251304A JP5183401B2 (en)  20080929  20080929  Aggregate signature generation system, aggregate signature generation method, and aggregate signature generation program 
Publications (2)
Publication Number  Publication Date 

JP2010087590A JP2010087590A (en)  20100415 
JP5183401B2 true JP5183401B2 (en)  20130417 
Family
ID=42251143
Family Applications (1)
Application Number  Title  Priority Date  Filing Date 

JP2008251304A Active JP5183401B2 (en)  20080929  20080929  Aggregate signature generation system, aggregate signature generation method, and aggregate signature generation program 
Country Status (1)
Country  Link 

JP (1)  JP5183401B2 (en) 
Cited By (1)
Publication number  Priority date  Publication date  Assignee  Title 

US10469266B2 (en)  20161006  20191105  Cisco Technology, Inc.  Signature method and system 
Families Citing this family (2)
Publication number  Priority date  Publication date  Assignee  Title 

JP5597075B2 (en) *  20100913  20141001  Ｋｄｄｉ株式会社  Signature generation apparatus, verification apparatus, signature generation method, and signature generation program 
JP2012175634A (en) *  20110224  20120910  Kddi Corp  Aggregate signature system, verification system, aggregate signature method, and aggregate signature program 
Family Cites Families (4)
Publication number  Priority date  Publication date  Assignee  Title 

EP1497948A4 (en) *  20020415  20070321  Ntt Docomo Inc  Signature schemes using bilinear mappings 
WO2004021638A1 (en) *  20020828  20040311  Docomo Communications Laboratories Usa, Inc.  Certificatebased encryption and public key infrastructure 
US7664957B2 (en) *  20040520  20100216  Ntt Docomo, Inc.  Digital signatures including identitybased aggregate signatures 
JP4477678B2 (en) *  20080121  20100609  富士通株式会社  Electronic signature method, electronic signature program, and electronic signature device 

2008
 20080929 JP JP2008251304A patent/JP5183401B2/en active Active
Cited By (1)
Publication number  Priority date  Publication date  Assignee  Title 

US10469266B2 (en)  20161006  20191105  Cisco Technology, Inc.  Signature method and system 
Also Published As
Publication number  Publication date 

JP2010087590A (en)  20100415 
Similar Documents
Publication  Publication Date  Title 

Li et al.  Hidden attributebased signatures without anonymity revocation  
JP4548737B2 (en)  Signature generation apparatus and signature verification apparatus  
JP2008500776A (en)  Apparatus and method for providing direct certification signature denial  
Camenisch  Better privacy for trusted computing platforms  
Danezis et al.  Pinocchio coin: building zerocoin from a succinct pairingbased proof system  
Chow et al.  Ring signatures without random oracles  
TWI497972B (en)  Method, transmitting entity, receiving entity, and system for providing an assertion message from a proving party to a relying party  
Wang et al.  Identitybased proxyoriented data uploading and remote data integrity checking in public cloud  
Herranz  Deterministic identitybased signatures for partial aggregation  
McGrew  Fundamental elliptic curve cryptography algorithms  
US8458471B2 (en)  Digital signature generation apparatus, digital signature verification apparatus, and key generation apparatus  
US8433897B2 (en)  Group signature system, apparatus and storage medium  
US8127140B2 (en)  Group signature scheme  
KR101273465B1 (en)  Apparatus for batch verification and method using the same  
Bernstein et al.  Dual EC: A standardized back door  
US8225098B2 (en)  Direct anonymous attestation using bilinear maps  
JP4390570B2 (en)  Multistage signature verification system, electronic signature adding apparatus, data adding apparatus, and electronic signature verification apparatus  
US8281131B2 (en)  Attributes in cryptographic credentials  
Islam et al.  A provably secure identitybased strong designated verifier proxy signature scheme from bilinear pairings  
Chen et al.  Efficient generic online/offline (threshold) signatures without key exposure  
Xiaofeng et al.  Direct anonymous attestation for next generation TPM  
JP4776906B2 (en)  Signature generation method and information processing apparatus  
JP5446453B2 (en)  Information processing apparatus, electronic signature generation system, electronic signature key generation method, information processing method, and program  
Wang et al.  On the knowledge soundness of a cooperative provable data possession scheme in multicloud storage  
Hwang et al.  Generalization of proxy signature based on elliptic curves 
Legal Events
Date  Code  Title  Description 

A621  Written request for application examination 
Effective date: 20110228 Free format text: JAPANESE INTERMEDIATE CODE: A621 

TRDD  Decision of grant or rejection written  
A01  Written decision to grant a patent or to grant a registration (utility model) 
Effective date: 20130115 Free format text: JAPANESE INTERMEDIATE CODE: A01 

A61  First payment of annual fees (during grant procedure) 
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20130115 

R150  Certificate of patent (=grant) or registration of utility model 
Free format text: JAPANESE INTERMEDIATE CODE: R150 

FPAY  Renewal fee payment (prs date is renewal date of database) 
Year of fee payment: 3 Free format text: PAYMENT UNTIL: 20160125 