An order-specified multisignature scheme secure against active insider attacks

Abstract

In an order-specified multisignature scheme, one can verify not only a set of signers who have signed the message but also its signing order. Though we have seen several scheme with such properties proposed, none of them is given the security proof against active adversaries. In the scheme by [6], no polynomial-time active adversary can forge a signature for a new message, but it is possible for active adversaries to forge a signature changing its signing order. Furthermore, that scheme has the restriction that the possible signing orders are only ones of the type of serial signing. In this paper, we propose an order-specified multisignature scheme, which is shown to be secure against adaptive chosen-message insider attacks for bath a message and a signing order, and which allows the signing orders to form like any series-parallel graphs unlike the scheme [6]. The security is shown by using ID-reduction technique, which reduces the security of multisignature schemes to those of multi-round identification schemes. Furthermore, we discuss the efficiency of the proposed scheme and the upper bound of the possible number of participating signers.