A method for aggregating digital signatures comprises the following steps carried out by a signature aggregator: receiving first data packages from signers, each first data package comprising a signer identifier, a payload, and a payload signature; verifying the payload signatures to determine whether or not the payloads are correctly signed; bundling correctly signed payloads into a batch; obtaining a batch digest, and proofs of inclusion of the payloads in the batch; sending second data packages comprising the batch digest and a respective proof of inclusion to the signers, the respective proof of inclusion proving that the payload of the respective signer is included in the batch; receiving third data packages from the signers, each third data package comprising the signer identifier, and a respective batch digest signature; verifying the batch digest signatures to determine whether or not the batch digests are correctly signed; aggregating correctly signed batch digest signatures to obtain an aggregated batch digest signature; and including the aggregated batch digest signature in the batch. The payload and batch digest signatures may be obtained by using different secret keys of the respective signer.