MQSAS - A Multivariate Sequential Aggregate Signature Scheme

(Sequential) Aggregate signature schemes enable a group of users u1, . . . , uk with messages m1, . . . ,mk to produce a single signature Σ which states the integrity and authenticity of all the messages m1, . . . ,mk. The length of the signature Σ is thereby significantly shorter than a concatenation of individual signatures. Therefore, aggregate signatures can improve the efficiency of numerous applications, e.g. the BGPsec protocol of Internet routing and the development of new efficient aggregate signature schemes is an important task for cryptographic research. On the other hand, multivariate cryptography offers a huge variety of practical signature schemes. However, there is a lack of multivariate signature schemes with special properties such as aggregate signature schemes. In this paper, we propose a technique to extend the HFEvsignature scheme to a sequential aggregate signature scheme. By doing so, we create the first multivariate signature scheme of this kind. Our scheme is very efficient and offers compression rates that outperform current lattice-based constructions for practical parameters.