Given n signatures on n distinct messages from n distinct users, an aggregate signature scheme can aggregate all these signatures into a single signature. Verifiers can make sure that whether the signatures come from the certain signers by once verification. The workload of verifying signature is largely reduced, and the storage space is reduced. The proposed identity-based aggregate signature simplifies the process of key management. The proposed certificateless aggregate signature eliminates the key escrow problem in identity based aggregate. However, both of them exist key leakage problem. If the private key of any signer is exposed, the aggregate signature generated by the users including this signer will no longer be secure. Aiming at these problems, two solutions are proposed, the main innovations as follows.1. Proposed an identity-based and key-insulated aggregate signature scheme.Aiming at solving the problem of key exposures in identity-based aggregate signature,we firstly integrate the key isolation mechanism into identity-baded aggregate signature, and propose the concept of identity-based and key-insulated aggregate signature. When the temporary private key is exposed in a period of time, the aggregate signatures are still secure before and after that period. We firstly proposed the concept of identity-based and key-insulated aggregate signature and its security model. We give a practicable scheme, which is proved security in random oracle, i.e.,the scheme has key insulated security, strong key insulated security and secure key updates. The proposed scheme achieves the periodical update of the signer’s secret key by the interaction with the helper. In the case of the signer key compromise is inevitable, we reduce the damage caused by the leakage of the key. Only constant bilinear parings operations are required in verification, and the efficiency of signature verification has been improved greatly.2. Proposed a key-insulated certificateless aggregate signature scheme. To mitigate the damage of key exposure in certificateless aggregate signature, we firstly integrate the key isolation mechanism into certificateless aggregate signature, and proposed the definition of key-insulated certificateless aggregate signature and its security model. We give a practical scheme, which achieves the periodical update of the signer’s secret key by the interaction with the helper. We prove the proposed scheme is secure in the random oracle model, i. e., the scheme has key insulatedsecurity, strong key insulated security and secure key updates. |