{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,7]],"date-time":"2026-04-07T21:56:22Z","timestamp":1775598982542,"version":"3.50.1"},"reference-count":44,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2012,6,22]],"date-time":"2012-06-22T00:00:00Z","timestamp":1340323200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2013,4]]},"DOI":"10.1007\/s00145-012-9126-5","type":"journal-article","created":{"date-parts":[[2012,6,21]],"date-time":"2012-06-21T22:24:55Z","timestamp":1340317495000},"page":"340-373","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":28,"title":["Sequential Aggregate Signatures, Multisignatures, and Verifiably Encrypted Signatures Without Random Oracles"],"prefix":"10.1007","volume":"26","author":[{"given":"Steve","family":"Lu","sequence":"first","affiliation":[]},{"given":"Rafail","family":"Ostrovsky","sequence":"additional","affiliation":[]},{"given":"Amit","family":"Sahai","sequence":"additional","affiliation":[]},{"given":"Hovav","family":"Shacham","sequence":"additional","affiliation":[]},{"given":"Brent","family":"Waters","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2012,6,22]]},"reference":[{"issue":"4","key":"9126_CR1","doi-asserted-by":"publisher","first-page":"593","DOI":"10.1109\/49.839935","volume":"18","author":"N. Asokan","year":"2000","unstructured":"N. Asokan, V. Shoup, M. Waidner, Optimistic fair exchange of digital signatures. IEEE J. Sel. Areas Commun.\n                  18(4), 593\u2013610 (2000)","journal-title":"IEEE J. Sel. Areas Commun."},{"key":"9126_CR2","first-page":"77","volume-title":"Proceedings of IEEE Security & Privacy","author":"F. Bao","year":"1998","unstructured":"F. Bao, R. Deng, W. Mao, Efficient and practical fair exchange protocols with offline TTP, in Proceedings of IEEE Security & Privacy, ed. by P. Karger, L. Gong (1998), pp. 77\u201385"},{"key":"9126_CR3","series-title":"LNCS","first-page":"319","volume-title":"Proceedings of SAC 2005","author":"P. Barreto","year":"2006","unstructured":"P. Barreto, M. Naehrig, Pairing-friendly elliptic curves of prime order, in Proceedings of SAC 2005, ed. by B. Preneel, S. Tavares. LNCS, vol. 3897 (Springer, Berlin, 2006), pp. 319\u2013331"},{"key":"9126_CR4","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"268","DOI":"10.1007\/978-3-540-24676-3_17","volume-title":"Proceedings of Eurocrypt 2004","author":"M. Bellare","year":"2004","unstructured":"M. Bellare, C. Namprempre, G. Neven, Security proofs for identity-based identification and signature schemes, in Proceedings of Eurocrypt 2004, ed. by C. Cachin, J. Camenisch. LNCS, vol. 3027 (Springer, Berlin, 2004), pp. 268\u2013286"},{"key":"9126_CR5","series-title":"LNCS","first-page":"411","volume-title":"Proceedings of ICALP 2007","author":"M. Bellare","year":"2007","unstructured":"M. Bellare, C. Namprempre, G. Neven, Unrestricted aggregate signatures, in Proceedings of ICALP 2007, ed. by L. Arge, C. Cachin, T. Jurdzi\u0144ski, A. Tarlecki. LNCS, vol. 4596 (Springer, Berlin, 2007), pp. 411\u2013422"},{"key":"9126_CR6","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"407","DOI":"10.1007\/978-3-642-01001-9_24","volume-title":"Proceedings of Eurocrypt 2009","author":"M. Bellare","year":"2009","unstructured":"M. Bellare, T. Ristenpart, Simulation without the artificial abort: Simplified proof and improved concrete security for Waters\u2019 IBE scheme, in Proceedings of Eurocrypt 2009, ed. by A. Joux. LNCS, vol. 5479 (Springer, Berlin, 2009), pp. 407\u2013424"},{"key":"9126_CR7","series-title":"LNCS","first-page":"31","volume-title":"Proceedings of PKC 2003","author":"A. Boldyreva","year":"2003","unstructured":"A. Boldyreva, Threshold signature, multisignature and blind signature schemes based on the gap-Diffie\u2013Hellman-group signature scheme, in Proceedings of PKC 2003, ed. by Y. Desmedt. LNCS, vol. 2567 (Springer, Berlin, 2003), pp. 31\u201346"},{"key":"9126_CR8","unstructured":"A. Boldyreva, A. Palacio, B. Warinschi, Secure proxy signature schemes for delegation of signing rights. Cryptology ePrint Archive, Report 2003\/096 (2003). \n                    http:\/\/eprint.iacr.org\/"},{"key":"9126_CR9","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"223","DOI":"10.1007\/978-3-540-24676-3_14","volume-title":"Proceedings of Eurocrypt 2004","author":"D. Boneh","year":"2004","unstructured":"D. Boneh, X. Boyen, Efficient selective-ID secure identity based encryption without random oracles, in Proceedings of Eurocrypt 2004, ed. by C. Cachin, J. Camenisch. LNCS, vol. 3027 (Springer, Berlin, 2004), pp. 223\u2013238"},{"issue":"3","key":"9126_CR10","doi-asserted-by":"publisher","first-page":"586","DOI":"10.1137\/S0097539701398521","volume":"32","author":"D. Boneh","year":"2003","unstructured":"D. Boneh, M. Franklin, Identity-based encryption from the Weil pairing. SIAM J. Comput.\n                  32(3), 586\u2013615 (2003). Extended abstract in Proceedings of Crypto 2001","journal-title":"SIAM J. Comput."},{"key":"9126_CR11","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"416","DOI":"10.1007\/3-540-39200-9_26","volume-title":"Proceedings of Eurocrypt 2003","author":"D. Boneh","year":"2003","unstructured":"D. Boneh, C. Gentry, B. Lynn, H. Shacham, Aggregate and verifiably encrypted signatures from bilinear maps, in Proceedings of Eurocrypt 2003, ed. by E. Biham. LNCS, vol. 2656 (Springer, Berlin, 2003), pp. 416\u2013432"},{"issue":"4","key":"9126_CR12","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1007\/s00145-004-0314-9","volume":"17","author":"D. Boneh","year":"2004","unstructured":"D. Boneh, B. Lynn, H. Shacham, Short signatures from the Weil pairing. J. Cryptol.\n                  17(4), 297\u2013319 (2004). Extended abstract in Proceedings of Asiacrypt 2001","journal-title":"J. Cryptol."},{"issue":"4","key":"9126_CR13","doi-asserted-by":"publisher","first-page":"557","DOI":"10.1145\/1008731.1008734","volume":"51","author":"R. Canetti","year":"2004","unstructured":"R. Canetti, O. Goldreich, S. Halevi, The random oracle methodology, revisited. J. ACM\n                  51(4), 557\u2013594 (2004)","journal-title":"J. ACM"},{"key":"9126_CR14","unstructured":"S. Chatterjee, A. Menezes, On cryptographic protocols employing asymmetric pairings\u2014the role of \u03c8 revisited. Cryptology ePrint Archive, Report 2009\/480 (2009). \n                    http:\/\/eprint.iacr.org\/"},{"key":"9126_CR15","series-title":"LNCS","first-page":"424","volume-title":"Proceedings of ICISC 2005","author":"S. Chatterjee","year":"2005","unstructured":"S. Chatterjee, P. Sarkar, Trading time for space: Towards an efficient IBE scheme with short(er) public parameters in the standard model, in Proceedings of ICISC 2005, ed. by D. Won, S. Kim. LNCS, vol.\u00a03935 (Springer, Berlin, 2005), pp. 424\u2013440"},{"key":"9126_CR16","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"392","DOI":"10.1007\/978-3-540-40061-5_25","volume-title":"Proceedings of Asiacrypt 2003","author":"J.-S. Coron","year":"2003","unstructured":"J.-S. Coron, D. Naccache, Boneh et al.\u2019s k-element aggregate extraction assumption is equivalent to the Diffie\u2013Hellman assumption, in Proceedings of Asiacrypt 2003, ed. by C.S. Laih. LNCS, vol. 2894 (Springer, Berlin, 2003), pp. 392\u2013397"},{"key":"9126_CR17","series-title":"London Mathematical Society Lecture Notes","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1017\/CBO9780511546570.011","volume-title":"Advances in Elliptic Curve Cryptography","author":"S. Galbraith","year":"2005","unstructured":"S. Galbraith, Pairings, in Advances in Elliptic Curve Cryptography, ed. by I.F. Blake, G. Seroussi, N. Smart. London Mathematical Society Lecture Notes, vol. 317 (Cambridge University Press, Cambridge, 2005), pp. 183\u2013213. Chapter IX"},{"key":"9126_CR18","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1007\/11935230_12","volume-title":"Proceedings of Asiacrypt 2006","author":"D. Galindo","year":"2006","unstructured":"D. Galindo, J. Herranz, E. Kiltz, On the generic construction of identity-based signatures with additional properties, in Proceedings of Asiacrypt 2006, ed. by X. Lai, K. Chen. LNCS, vol. 4284 (Springer, Berlin, 2006), pp. 178\u2013193"},{"key":"9126_CR19","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"548","DOI":"10.1007\/3-540-36178-2_34","volume-title":"Proceedings of Asiacrypt 2002","author":"C. Gentry","year":"2002","unstructured":"C. Gentry, A. Silverberg, Hierarchical ID-based cryptography, in Proceedings of Asiacrypt 2002, ed. by Y. Zheng. LNCS, vol. 2501 (Springer, Berlin, 2002), pp. 548\u2013566"},{"issue":"2","key":"9126_CR20","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1137\/0217017","volume":"17","author":"S. Goldwasser","year":"1988","unstructured":"S. Goldwasser, S. Micali, R. Rivest, A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput.\n                  17(2), 281\u2013308 (1988)","journal-title":"SIAM J. Comput."},{"key":"9126_CR21","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"339","DOI":"10.1007\/11761679_21","volume-title":"Proceedings of Eurocrypt 2006","author":"J. Groth","year":"2006","unstructured":"J. Groth, R. Ostrovsky, A. Sahai, Perfect non-interactive zero knowledge for NP, in Proceedings of Eurocrypt 2006, ed. by S. Vaudenay. LNCS, vol. 4004 (Springer, Berlin, 2006), pp. 339\u2013358"},{"key":"9126_CR22","series-title":"LNCS","first-page":"291","volume-title":"Proceedings of PKC 2004","author":"R. Hayashi","year":"2004","unstructured":"R. Hayashi, T. Okamoto, K. Tanaka, An RSA family of trap-door permutations with a common domain and its applications, in Proceedings of PKC 2004, ed. by F. Bao, R.H. Deng, J. Zhou. LNCS, vol. 2947 (Springer, Berlin, 2004), pp. 291\u2013304"},{"issue":"3","key":"9126_CR23","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1016\/j.ipl.2003.10.008","volume":"89","author":"F. Hess","year":"2004","unstructured":"F. Hess, On the security of the verifiably encrypted signature scheme of Boneh, Gentry, Lynn and Shacham. Inf. Process. Lett.\n                  89(3), 111\u2013114 (2004)","journal-title":"Inf. Process. Lett."},{"key":"9126_CR24","first-page":"1","volume":"71","author":"K. Itakura","year":"1983","unstructured":"K. Itakura, K. Nakamura, A public-key cryptosystem suitable for digital multisignatures. NEC J. Res. Dev.\n                  71, 1\u20138 (1983)","journal-title":"NEC J. Res. Dev."},{"issue":"4","key":"9126_CR25","doi-asserted-by":"publisher","first-page":"582","DOI":"10.1109\/49.839934","volume":"18","author":"S. Kent","year":"2000","unstructured":"S. Kent, C. Lynn, K. Seo, Secure border gateway protocol (secure-BGP). IEEE J. Sel. Areas Commun.\n                  18(4), 582\u2013592 (2000)","journal-title":"IEEE J. Sel. Areas Commun."},{"key":"9126_CR26","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1007\/11586821_2","volume-title":"Proceedings of Cryptography and Coding 2005","author":"N. Koblitz","year":"2005","unstructured":"N. Koblitz, A. Menezes, Pairing-based cryptography at high security levels, in Proceedings of Cryptography and Coding 2005, ed. by N. Smart. LNCS, vol. 3796 (Springer, Berlin, 2005), pp. 13\u201336"},{"key":"9126_CR27","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"465","DOI":"10.1007\/11761679_28","volume-title":"Proceedings of Eurocrypt 2006","author":"S. Lu","year":"2006","unstructured":"S. Lu, R. Ostrovsky, A. Sahai, H. Shacham, B. Waters, Sequential aggregate signatures and multisignatures without random oracles, in Proceedings of Eurocrypt 2006, ed. by S. Vaudenay. LNCS, vol. 4004 (Springer, Berlin, 2006), pp. 465\u2013485"},{"key":"9126_CR28","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1007\/978-3-540-24676-3_5","volume-title":"Proceedings of Eurocrypt 2004","author":"A. Lysyanskaya","year":"2004","unstructured":"A. Lysyanskaya, S. Micali, L. Reyzin, H. Shacham, Sequential aggregate signatures from trapdoor permutations, in Proceedings of Eurocrypt 2004, ed. by C. Cachin, J. Camenisch. LNCS, vol. 3027 (Springer, Berlin, 2004), pp. 74\u201390"},{"key":"9126_CR29","first-page":"48","volume-title":"Proceedings of CCS 1996","author":"M. Mambo","year":"1996","unstructured":"M. Mambo, K. Usuda, E. Okamoto, Proxy signatures for delegating signing operation, in Proceedings of CCS 1996, ed. by L. Gong, J. Stearn (ACM, New York, 1996), pp. 48\u201357"},{"issue":"5","key":"9126_CR30","doi-asserted-by":"publisher","first-page":"1639","DOI":"10.1109\/18.259647","volume":"39","author":"A. Menezes","year":"1993","unstructured":"A. Menezes, T. Okamoto, P. Vanstone, Reducing elliptic curve logarithms to logarithms in a finite field. IEEE Trans. Inf. Theory\n                  39(5), 1639\u20131646 (1993)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"9126_CR31","first-page":"245","volume-title":"Proceedings of CCS 2001","author":"S. Micali","year":"2001","unstructured":"S. Micali, K. Ohta, L. Reyzin, Accountable-subgroup multisignatures (extended abstract), in Proceedings of CCS 2001, ed. by P. Samarati (ACM, New York, 2001), pp. 245\u2013254"},{"key":"9126_CR32","series-title":"LNCS","first-page":"160","volume-title":"Proceedings of ESORICS 2004","author":"E. Mykletun","year":"2004","unstructured":"E. Mykletun, M. Narasimha, G. Tsudik, Signature bouquets: Immutability for aggregated\/condensed signatures, in Proceedings of ESORICS 2004, ed. by P. Ryan, P. Samarati. LNCS, vol. 3193 (Springer, Berlin, 2004), pp. 160\u2013176"},{"key":"9126_CR33","unstructured":"D. Naccache, Secure and practical identity-based encryption. Cryptology ePrint Archive, Report 2005\/369 (2005). \n                    http:\/\/eprint.iacr.org\/"},{"key":"9126_CR34","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"52","DOI":"10.1007\/978-3-540-78967-3_4","volume-title":"Proceedings of Eurocrypt 2008","author":"G. Neven","year":"2008","unstructured":"G. Neven, Efficient sequential aggregate signed data, in Proceedings of Eurocrypt 2008, ed. by N. Smart. LNCS, vol. 4965 (Springer, Berlin, 2008), pp. 52\u201369"},{"key":"9126_CR35","doi-asserted-by":"publisher","first-page":"187","DOI":"10.1016\/j.simpat.2003.10.003","volume":"12","author":"D. Nicol","year":"2004","unstructured":"D. Nicol, S. Smith, M. Zhao, Evaluation of efficient security for BGP route announcements using parallel simulation. Simul. Model. Pract. Theory\n                  12, 187\u2013216 (2004)","journal-title":"Simul. Model. Pract. Theory"},{"issue":"1","key":"9126_CR36","first-page":"21","volume":"E82-A","author":"K. Ohta","year":"1999","unstructured":"K. Ohta, T. Okamoto, Multisignature schemes secure against active insider attacks. IEICE Trans. Fundam.\n                  E82-A(1), 21\u201331 (1999)","journal-title":"IEICE Trans. Fundam."},{"issue":"4","key":"9126_CR37","doi-asserted-by":"publisher","first-page":"432","DOI":"10.1145\/48012.48246","volume":"6","author":"T. Okamoto","year":"1988","unstructured":"T. Okamoto, A digital multisignature scheme using bijective public-key cryptosystems. ACM Trans. Comput. Syst.\n                  6(4), 432\u2013441 (1988)","journal-title":"ACM Trans. Comput. Syst."},{"key":"9126_CR38","series-title":"London Mathematical Society Lecture Notes","doi-asserted-by":"publisher","first-page":"215","DOI":"10.1017\/CBO9780511546570.012","volume-title":"Advances in Elliptic Curve Cryptography","author":"K. Paterson","year":"2005","unstructured":"K. Paterson, Cryptography from pairings, in Advances in Elliptic Curve Cryptography, ed. by I.F. Blake, G. Seroussi, N. Smart. London Mathematical Society Lecture Notes, vol. 317 (Cambridge University Press, Cambridge, 2005), pp. 215\u2013251. Chapter X"},{"key":"9126_CR39","series-title":"LNCS","first-page":"207","volume-title":"Proceedings of ACISP 2006","author":"K. Paterson","year":"2006","unstructured":"K. Paterson, J. Schuldt, Efficient identity-based signatures secure in the standard model, in Proceedings of ACISP 2006, ed. by L. Batten, R. Safavi-Naini. LNCS, vol. 4058 (Springer, Berlin, 2006), pp. 207\u2013222"},{"key":"9126_CR40","doi-asserted-by":"crossref","unstructured":"Y. Rekhter, T. Li, S. Hares, A Border Gateway Protocol 4 (BGP-4). RFC 4271 (draft standard), Jan. 2006","DOI":"10.17487\/rfc4271"},{"key":"9126_CR41","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"228","DOI":"10.1007\/978-3-540-72540-4_13","volume-title":"Proceedings of Eurocrypt 2007","author":"T. Ristenpart","year":"2007","unstructured":"T. Ristenpart, S. Yilek, The power of proofs-of-possession: securing multiparty signatures against rogue-key attacks, in Proceedings of Eurocrypt 2007, ed. by M. Naor. LNCS, vol. 4515 (Springer, Berlin, 2007), pp. 228\u2013245"},{"key":"9126_CR42","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/978-3-642-03298-1_2","volume-title":"Proceedings of Pairing 2009","author":"M. R\u00fcckert","year":"2009","unstructured":"M. R\u00fcckert, D. Schr\u00f6der, Security of verifiably encrypted signatures and a construction without random oracles, in Proceedings of Pairing 2009, ed. by H. Shacham, B. Waters. LNCS, vol. 5671 (Springer, Berlin, 2009), pp. 17\u201334"},{"key":"9126_CR43","unstructured":"H. Shacham, New paradigms in signature schemes. Ph.D. thesis, Stanford University, 2005"},{"key":"9126_CR44","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1007\/11426639_7","volume-title":"Proceedings of Eurocrypt 2005","author":"B. Waters","year":"2005","unstructured":"B. Waters, Efficient identity-based encryption without random oracles, in Proceedings of Eurocrypt 2005, ed. by R. Cramer. LNCS, vol. 3494 (Springer, Berlin, 2005), pp. 114\u2013127"}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-012-9126-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00145-012-9126-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-012-9126-5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-012-9126-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,4,8]],"date-time":"2020-04-08T08:08:36Z","timestamp":1586333316000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00145-012-9126-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,6,22]]},"references-count":44,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2013,4]]}},"alternative-id":["9126"],"URL":"https:\/\/doi.org\/10.1007\/s00145-012-9126-5","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012,6,22]]},"assertion":[{"value":"8 July 2009","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 June 2012","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}