Anr-Hiding Revocable Group Signature Scheme: Group Signatures with the Property of Hiding the Number of Revoked Users

If there are many displaced workers in a company, then a person who goes for job hunting might not select this company. That is, the number of members who quit is quite negative information. Similarly, in revocable group signature schemes, if one knows (or guesses) the number of revoked users (sayr), then one may guess the reason behind such circumstances, and it may lead to harmful rumors. However, no previous revocation procedure can achieve hidingr. In this paper, we propose the first revocable group signature scheme, whereris kept hidden, which we callr-hiding revocable group signature. To handle this property, we newly define the security notion called anonymity with respect to the revocation which guarantees the unlinkability of revoked users.

Download Full-text

Almost Fully Secure Lattice-Based Group Signatures with Verifier-Local Revocation

10.20944/preprints201808.0014.v1 ◽

2018 ◽

Cited By ~ 1

Author(s):

Maharage Nisanasla Sevwandi Perera ◽

Takeshi Koshiba

Keyword(s):

Efficient Method ◽

The Other ◽

Group Signature ◽

Key Generation ◽

Signature Scheme ◽

Signature Schemes ◽

Group Signatures ◽

Tracing Algorithm ◽

Static Group ◽

Security Notion

Efficient member revocation and strong security against attacks are prominent requirements in group signature schemes. Among the revocation approaches Verifier-local revocation is the most flexible and efficient method since it requires to inform only the verifiers regarding the revoked members. The verifier-local revocation technique uses a token system to manage members’ status. However, the existing group signature schemes with verifier-local revocability rely on weaker security. On the other hand, existing static group signature schemes rely on a stronger security notion called, full-anonymity. Achieving the full-anonymity for group signature schemes with verifier-local revocation is a quite challenging task. This paper aims to obtain stronger security for the lattice-based group signature schemes with verifier-local revocability, which is closer to the full-anonymity. Moreover, this paper delivers a new key-generation method which outputs revocation tokens without deriving from the users’ signing keys. By applying the tracing algorithm given in group signature schemes for static groups, this paper also outputs an efficient tracing mechanism. Thus, we deliver a new group signature scheme with verifier-local revocation that satisfies a stronger security from lattices.

Download Full-text

Almost Fully Secured Lattice-Based Group Signatures with Verifier-Local Revocation

Cryptography ◽

10.3390/cryptography4040033 ◽

2020 ◽

Vol 4 (4) ◽

pp. 33

Author(s):

Maharage Nisansala Sevwandi Perera ◽

Takeshi Koshiba

Keyword(s):

The Other ◽

Group Signature ◽

Key Generation ◽

Signature Scheme ◽

Zero Knowledge ◽

Signature Schemes ◽

Group Signatures ◽

Desirable Feature ◽

Group Members ◽

Security Notion

An efficient member revocation mechanism is a desirable feature when group signature schemes are applied in practical scenarios. Revocation methods, such as verifier-local revocation (VLR), provide an efficient member revocation in applications of group signatures. However, VLR-group signatures rely on a weaker security notion. On the other hand, group signature schemes for static groups gain stronger security with the full-anonymity security notion. Even though an outsider sees the secret signing keys of all group members in the full-anonymity, the signer is still anonymous. Achieving the full-anonymity for VLR group signature schemes is challenging due to the structure of secret signing keys. The secret signing keys of those schemes consist of tokens, which are used to manage revocation. The reveal of tokens may destroy the anonymity of the signers. We obtain stronger security for the lattice-based VLR group signature schemes by providing a new key generation method, which outputs revocation tokens without deriving from the members’ secret signing keys. We propose a new group signature scheme from lattices with VLR, which achieves stronger security than the previous related works. To avoid signature forgeries, we suggest a new zero-knowledge proof system that requires signers to validate themselves. Moreover, we output an efficient tracing mechanism.

Download Full-text

A Multibank E-Cash System Based on Group Signature Scheme

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.321-324.2987 ◽

2013 ◽

Vol 321-324 ◽

pp. 2987-2990

Author(s):

Chun Hong Duo

Keyword(s):

Blind Signature ◽

Group Signature ◽

Signature Scheme ◽

General Design ◽

Design Scheme ◽

Group Signatures ◽

Group Member

Group signatures allow members of a group to sign messages anonymously on behalf of the group. Only a designated group manager is able to identify the group member who issued a given signature. In this paper we propose a new group signature scheme based on RSA, which is a blind signature algorithm. A multibank E-cash system has been presented based on the proposed scheme. A general design scheme including withdrawal, payment and deposit process is discussed particularly.

Download Full-text

Identity-based threshold group signature scheme based on multiple hard number theoretic problems

International Journal of Electrical and Computer Engineering (IJECE) ◽

10.11591/ijece.v10i4.pp3695-3701 ◽

2020 ◽

Vol 10 (4) ◽

pp. 3695

Author(s):

Nedal Tahat ◽

Ashraf A. Tahat

Keyword(s):

Discrete Logarithm ◽

Minimum Cost ◽

Difficult Problem ◽

Group Signature ◽

Signature Scheme ◽

Signature Schemes ◽

Private Data ◽

Intractable Problems ◽

Secret Keys ◽

Identity Based

We introduce in this paper a new identity-based threshold signature (IBTHS) technique, which is based on a pair of intractable problems, residuosity and discrete logarithm. This technique relies on two difficult problems and offers an improved level of security relative to an individual hard problem. The majority of the denoted IBTHS techniques are established on an individual difficult problem. Despite the fact that these methods are secure, however, a prospective solution of this sole problem by an adversary will enable him/her to recover the entire private data together with secret keys and configuration values of the associated scheme. Our technique is immune to the four most familiar attack types in relation to the signature schemes. Enhanced performance of our proposed technique is verified in terms of minimum cost of computations required by both of the signing algorithm and the verifying algorithm in addition to immunity to attacks.

Download Full-text

A Fully Adaptively Secure Threshold Signature Scheme Based on Dual-Form Signatures Technology

Security and Communication Networks ◽

10.1155/2021/6697295 ◽

2021 ◽

Vol 2021 ◽

pp. 1-11

Author(s):

Yuanju Gan

Keyword(s):

Digital Signature ◽

Vector Spaces ◽

Signature Scheme ◽

Threshold Signature ◽

Signature Schemes ◽

Dual Form ◽

The Standard Model ◽

Chosen Message Attack ◽

Security Notion ◽

Attack Models

In t , n threshold signature schemes, any subset of t participants out of n can produce a valid signature, but any fewer than t participants cannot. Meanwhile, a threshold signature scheme should remain robust and unforgeable against up to t − 1 corrupted participants. This nonforgeability property is that even an adversary breaking into up to t − 1 participants should be unable to generate signatures on its own. Existential unforgeability against adaptive chosen message attacks is widely considered as a standard security notion for digital signature, and threshold signature should also follow this accordingly. However, there are two special attack models in a threshold signature scheme: one is the static corruption attack and the other is the adaptive corruption attack. Since the adaptive corruption model appears to better capture real threats, designing and proving threshold signature schemes secure in the adaptive corruption model has been focused on in recent years. If a threshold signature is secure under adaptive chosen message attack and adaptive corruption attack, we say it is fully adaptively secure. In this paper, based on the dual pairing vector spaces technology, we construct a threshold signature scheme and use Gerbush et al.’s dual-form signatures technology to prove our scheme, which is fully adaptively secure in the standard model, and then compare it to other schemes in terms of the efficiency and computation.

Download Full-text

Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocation

Proceedings on Privacy Enhancing Technologies ◽

10.1515/popets-2017-0055 ◽

2017 ◽

Vol 2017 (4) ◽

pp. 384-403 ◽

Cited By ~ 9

Author(s):

Sazzadur Rahaman ◽

Long Cheng ◽

Danfeng Daphne Yao ◽

He Li ◽

Jung-Min Jerry Park

Keyword(s):

Citizen Science ◽

Low Cost ◽

Group Signature ◽

Performance Gain ◽

Signature Scheme ◽

Dynamic Nature ◽

Open Problems ◽

Signature Schemes ◽

Experimental Findings ◽

Provably Secure

Abstract Group signature schemes enable anonymous-yet-accountable communications. Such a capability is extremely useful for applications, such as smartphone-based crowdsensing and citizen science. However, the performance of modern group signature schemes is still inadequate to manage large dynamic groups. In this paper, we design the first provably secure verifier-local revocation (VLR) - based group signature scheme that supports sublinear revocation, named Sublinear Revocation with Backward unlinkability and Exculpability (SRBE). To achieve this performance gain, SRBE introduces time bound pseudonyms for the signer. By introducing low-cost short-lived pseudonyms with sublinear revocation checking, SRBE drastically improves the efficiency of the group-signature primitive. The backward-unlinkable anonymity of SRBE guarantees that even after the revocation of a signer, her previously generated signatures remain unlinkable across epochs. This behavior favors the dynamic nature of real-world crowdsensing settings. We prove its security and discuss parameters that influence its scalability. Using SRBE, we also implement a prototype named GroupSense for anonymous-yet-accountable crowdsensing, where our experimental findings confirm GroupSense’s scalability. We point out the open problems remaining in this space.

Download Full-text

Accountable Metadata-Hiding Escrow: A Group Signature Case Study

Proceedings on Privacy Enhancing Technologies ◽

10.1515/popets-2015-0012 ◽

2015 ◽

Vol 2015 (2) ◽

pp. 206-221 ◽

Cited By ~ 1

Author(s):

Markulf Kohlweiss ◽

Ian Miers

Keyword(s):

Third Party ◽

Group Signature ◽

Signature Scheme ◽

New Approach ◽

Encrypted Data ◽

Trusted Third Party ◽

Group Signatures ◽

Private Data ◽

Gain Access

Abstract A common approach to demands for lawful access to encrypted data is to allow a trusted third party (TTP) to gain access to private data. However, there is no way to verify that this trust is well placed as the TTP may open all messages indiscriminately. Moreover, existing approaches do not scale well when, in addition to the content of the conversation, one wishes to hide one’s identity. Given the importance of metadata this is a major problem. We propose a new approach in which users can retroactively verify cryptographically whether they were wiretapped. As a case study, we propose a new signature scheme that can act as an accountable replacement for group signatures, accountable forward and backward tracing signatures.

Download Full-text

Converting pairing-based cryptosystems from composite to prime order setting – A comparative analysis

Journal of Mathematical Cryptology ◽

10.1515/jmc-2017-0042 ◽

2018 ◽

Vol 12 (3) ◽

pp. 159-190

Author(s):

Sanjit Chatterjee ◽

M. Prem Laxman Das ◽

R. Kabaleeshwaran

Keyword(s):

Comparative Analysis ◽

Prime Order ◽

Homomorphic Encryption ◽

Blind Signature ◽

Group Signature ◽

Encryption Scheme ◽

Signature Scheme ◽

Relative Efficacy ◽

Ring Signature ◽

Group Signatures

Abstract Composite order pairing setting has been used to achieve cryptographic functionalities beyond what is attainable in prime order groups. However, such pairings are known to be significantly slower than their prime order counterparts. Thus emerged a new line of research – developing frameworks to convert cryptosystems from composite to prime order pairing setting. In this work, we analyse the intricacies of efficient prime order instantiation of cryptosystems that can be converted using existing frameworks. To compare the relative efficacy of these frameworks we mainly focus on some representative schemes: the Boneh–Goh–Nissim (BGN) homomorphic encryption scheme, ring and group signatures as well as a blind signature scheme. Our concrete analyses lead to several interesting observations. We show that even after a considerable amount of research, the projecting framework implicit in the very first work of Groth–Sahai still remains the best choice for instantiating the BGN cryptosystem. Protocols like the ring signature and group signature which use both projecting and cancelling setting in composite order can be most efficiently instantiated in the Freeman prime-order projecting only setting. In contrast, while the Freeman projecting setting is sufficient for the security reduction of the blind signature scheme, the simultaneous projecting and cancelling setting does provide some efficiency advantage.

Download Full-text

An Improved Group Signature Scheme with VLR over Lattices

Security and Communication Networks ◽

10.1155/2021/9988939 ◽

2021 ◽

Vol 2021 ◽

pp. 1-10

Author(s):

Yanhua Zhang ◽

Ximeng Liu ◽

Yupu Hu ◽

Huiwen Jia ◽

Qikun Zhang

Keyword(s):

Group Size ◽

Public Key ◽

Group Signature ◽

Knowledge Argument ◽

Signature Scheme ◽

Zero Knowledge ◽

Large Group ◽

Corrected Version ◽

Group Signatures ◽

New Construction

For group signatures (GS) supporting membership revocation, verifier-local revocation (VLR) mechanism is the most flexible choice. As a post-quantum secure cryptographic counterpart of classical schemes, the first dynamic GS-VLR scheme over lattices was put forward by Langlois et al. at PKC 2014; furthermore, a corrected version was shown at TCS 2018. However, both designs are within Bonsai trees and featuring bit-sizes of group public-key and member secret signing key proportional to log N where N is the group size; therefore, both schemes are not suitable for a large group. In this paper, we provide an improved dynamic GS-VLR over lattices, which is efficient by eliminating a O log N factor for both sizes. To realize the goal, we adopt a more efficient and compact identity-encoding technique. At the heart of our new construction is a new Stern-type statistical zero-knowledge argument of knowledge protocol which may be of some independent cryptographic interest.

Download Full-text

Efficient Dynamic Group Signature Scheme with Verifier Local Revocation and Time-Bound Keys using Lattices

International Journal of Computer and Information Technology(2279-0764) ◽

10.24203/ijcit.v10i2.93 ◽

2021 ◽

Vol 10 (2) ◽

Author(s):

Abhilash M H ◽

Amberker B B

Keyword(s):

Large Fraction ◽

Group Signature ◽

Signature Scheme ◽

Expiry Date ◽

Signature Schemes ◽

Significant Saving ◽

Dynamic Group ◽

Speed Up ◽

Verification Process ◽

Group Member

Revocation is an important feature of group signature schemes. Verifier Local Revocation (VLR) is a popular revocation mechanism which involves only verifiers in the revocation process. In VLR, a revocation list is maintained to store the information about revoked users. The verification cost of VLR based schemes islinearly proportional to the size of recvocation list. In many applications, the size of revocation list grows with time, which makes the verification process expensive. In this paper, we propose a lattice based dynamic group signature using VLR and time bound keys to reduce the size of revocation list to speed up the verification process. In the proposed scheme, an expiration date is fixed for signing key of each group member, and verifiers can find out (at constantcost) if a signature is generated using an expired key. Hence revocation information of members who are revoked before signing key expiry date (premature revocation) are kept in revocation list, and other members are part of natural revocation. This leads to a significant saving on the revocation check by assuming natural revocation accounts for large fraction of the total revocation. This scheme also takes care of non-forgeability of signing key expiry date.

Download Full-text