From: Digital signature scheme for information non-repudiation in blockchain: a state of the art review

Digital signatures | Principle | Security | Performances |
---|---|---|---|

Aggregate signature (AS) | Based on co-GDH and bilinear mapping | The security in AS is mainly guaranteed by the bilinear mapping and the trapdoor permutation. AS has the ability to detect the attackersâ€™ forged signature. | Verification time of AS is linear with the number of signatures. In special cases, when all n signatures are generated by the same public key k, verification speed in AS is faster. Meanwhile, the workload of signature storage and verification are reduced. |

Group signature (GS) | Based on non-repudiation signature | Reliability and integrity, unforgeability, anonymity, traceability, no correlation, no framework, and defense against joint attack. | The length of the public key, the length of signature, and the number of group members have a linear relationship and impact on GS performance. GS is not suitable for a large group. A new member needs to restart the entire system, when it enters. Fortunately, zero-knowledge proof is an effective approach to improve GS. |

Ring signature (RS) | Variant of group signature. Two ring signatures based on RSA and Labin versions | Untraceability and anonymity. The attacker cannot find who the specific signer is. Even if he has the private keys of all ring members. This is due to that the probability of determining the real signer is 1/n (n is the number of ring members). | In essence, RS is a series of cryptographic transformations by using a public key, a private key, and the information to be signed. It signature process and the verification process is similar to a regular signature for each non-signer, RS runs efficiently even if there are hundreds of members in a ring. |

Blind signature (BS) | Based on RSA or DSA | Blindness, non-repudiation, anonymity, and untraceability, if the signer is not the sender of the message, the BS can hide the message m by blinding, the signer cannot obtain the m content, thereby protecting the m privacy. | Performance of BS depends on the key length, the signature length, and the signature and verification algorithms. Although there are different performances with different signature algorithms, generally speaking, the overhead of BS is similar to the RSA signature or DSA signature scheme. The BS using RSA is applicable for the signatures of small data. |

Proxy signature (PS) | Based on discrete logarithm | Identifiability and traceability. Due to the inherent characteristics of the discrete logarithm problem, agents can forge the original signature to launch the security attacks, or replace the public key. | The overheads of communication and computing in PS are larger. PS is inferior to the signature schemes based on the elliptic curve in terms of computational complexity and communication overhead. |