International Association for Cryptologic Research (IACR)
Abstract
In this paper, we describe a new cryptographic primitive called \emph{(One-Way) Signature Chaining}. Signature chaining is essentially a method of generating a chain of signatures on the same message by different users. Each signature acts as a ``link\u27\u27 of the chain. The \emph{one-way}-ness implies that the chaining process is one-way in the sense that more links can be easily added to the chain. However, it is computationally infeasible to remove any intermediate links without removing all the links. The signatures so created are called chain signatures. We give precise definitions of chain signatures and discuss some applications in trust transfer. We also present a practical construction of a CS scheme that is secure under the Computational Diffie-Hellman (CDH) assumption in bilinear maps
