Efficient batch verification of short signatures for a single-signer setting without random oracles
In Eurocrypt 2007, Camenisch, Hohenberger and Pedersen introduced the notion of multi-signer batch verification and proposed several efficient and practical batch verification schemes for signatures, including a very efficient batch verification scheme for a multi-signer setting without random oracles. This scheme is the most efficient in comparison with other existing schemes, but it can be applied only to the multi-signer setting. We observe that amongst all existing batch verification schemes, the fastest scheme for a single-signer setting is based on the BLS short signature whose proof need resort to random oracles. It is clear that batch verification for a single-signer setting is as important as for multi-signer scenarios in some applications, especially where the system has only a single signer, such as a secure time-stamping server or a certificate generation server. However, to our knowledge, the efficient batch verification of short signatures in a single-signer setting without random oracles is a challenging open problem. In this paper, we propose a new signature scheme from Gentry IBE that is as efficient as the BLS short signature scheme in batch verification. We are able to prove its security without random oracles. Our signature is approximately 320 bits in length, and a verification requires only two pairings for verifying n signatures from a single signer.