Abstract
An aggregate signature scheme is a primitive whereby each signer signs an individual document and combines them to compress data size. We propose an aggregate signature scheme which is an extension in two standpoints of structured signatures and ID-based signatures, i.e., we construct an identity-based structured aggregate signature scheme. The proposed scheme is expected to be used with consumer-generated media services. We prove the security of the proposed scheme with tight reduction under the computational Diffie-Hellman (CDH) assumption in the random oracle model. Tight reduction means that the cost of a reduction algorithm is independent of an adversary's capability, i.e., security is not downgraded by the adversary's capability. To the best of our knowledge, no structured signature scheme with tight reduction has been proposed to date because it contains complicated structures that make the reduction inefficient. Note that the security of our scheme captures the switching attack (CCS 2007, Boldyreva et al.) and the re-ordering attack (ISPEC 2007, Shao), which break several famous schemes.