Abstract: This paper presents an identity-based aggregate signature scheme based on the Weil pairing.In this scheme，the key generating center takes charge of the generation of the system public and secret key，the distributions of messages and the generation of public and secret keys of signers.All of the signers have their own special identities，each of their identity is unique，and it is also the only certification to obtain signer’s secret key from the KGC.Each signer is only responsible for signing of a particular section of the messages，the total signature is created by the signature aggregater who combines with all signers’ signatures.So it avoids showing the whole message to all the signatures.Because of this，it is widely used in the occasions which need high security.It uses the Weil paring in the signature process，so it reduces the Weil pairing calculation in the verification process.

Key words: aggregate signature, quadratic residue, Weil pairing, Euler criterion

摘要： 提出了一种基于身份和Weil对的聚合签名方案。方案中密钥生成中心负责系统公、私钥的生成，消息的分配和签名者公、私钥的生成。签名者是具有某种特殊身份的个体，并且这种身份是唯一的，这一身份是签名者从密钥生成中心获得签名私钥的唯一凭证。每个签名者只负责对某一段消息的签名，总的签名由签名聚合者结合每位签名者的单个签名生成。这样就避免了暴露整个消息给所有的签名者，这一特性在某些对消息保密要求性较高的场合得以广泛应用。该方案在签名时用到了双线性映射，从而减少了验证时的对运算。

关键词: 聚合签名, 平方剩余, Weil对, 欧拉准则