Miyaji Laboratory

Information technology in today's society is advancing rapidly, and digital signature technology is im portant to prove the value of information managed in the digital space. In particular, multiple signature technology is widely used in the management of important information assets, where Multi-signatures are often required from multiple persons. Many Multi-signature schemes use a mechanism that aggregates the public keys of all signers and verifies the signatures, so that Multi-signatures can be verified in the same way as when verifying a single signature. On the other hand, when considering the case of an organization, it is possible that a signer may join or be removed after generating Multi-signatures for a certain text. In this case, the aggregate public key is replaced by one that includes the new signer, and the existing signature cannot be verified with the new aggregate public key. This means that each time the number of signers increases, all signers must recreate the aggregate public key and signatures, or keep the past aggregate public keys. In this paper, we construct a scheme based on the existing Musig2 that allows only new signers to update their existing aggregate public keys and signatures, and existing signers do not need to sign the same message again. Furthermore, we propose a scheme that can verify the signatures of all signers at once, including the existing signer and the new signer. We also show that the security of the proposed scheme can be attributed to the difficulty assumption of the Algebraic One More Discrete Logarithm (AOMDL) problem.