An Efficient and Secure Certificateless Aggregate Signature From Bilinear Maps

1. Introduction

Digital signature is an imperative and an indispensable constituent in public key cryptography which covers authenticity, integrity and non-repudiation. In a public key infrastructure, a user uses a pair of keys namely, private/public key pair for communication. Public key is widely spread across the participants of the communication process whereas private key is kept secret by the user. A certificate is needed in order to bind the public key and private key to avoid the authentication problem. A third entity is also required in the system for binding the public key with the corresponding private key, that leads to the certification management problem. In order to overpower the certificate management problem Shamir (1984) introduced an ID-based public key cryptography which does not need certification. In the ID-based cryptography, public key is chosen by user such as an address, phone number, driving license or any other identity and the private key is generated by the third party called private key generator (PKG). Since private key is generated by the PKG, hence in case the PKG itself becomes malicious then security is inherently compromised, and it is this issue that has been termed as key escrow problem. ID-based public key cryptography falls prey to the key escrow problem. Al Riyami (2003) provided the solution to key escrow problem for the first time where certificateless signature scheme was enumerated in which the interested third party say key generation center (KGC) generates the partial private key of user instead of private key and the private key is in turn generated by the user with the help of partial private key. KGC does not know the private key directly. Aggregate signature scheme was incentivized by Boneh (2003). Aggregation is very efficient technique that collects all the n individual signatures of n different users corresponding to n different messages and aggregates them into short single signature. Aggregate signatures can significantly reduce computational and communication overhead. The single aggregate signature can easily convince verifier that n different users have really signed n messages individually.

Wireless Sensor Networks, Vehicular networks, Internet of Things (IoT) have been utilized for target tracking, remote location monitoring, environment monitoring, patient monitoring etc. in the real-world but data can be easily compromised by various attacks such as fabrication, tampering etc. Certificateless aggregate signatures can be used to ensure data integrity and to reduce computational and communication overhead.