Converting pairing-based cryptosystems from composite to prime order setting – A comparative analysis

Abstract Composite order pairing setting has been used to achieve cryptographic functionalities beyond what is attainable in prime order groups. However, such pairings are known to be significantly slower than their prime order counterparts. Thus emerged a new line of research – developing frameworks to convert cryptosystems from composite to prime order pairing setting. In this work, we analyse the intricacies of efficient prime order instantiation of cryptosystems that can be converted using existing frameworks. To compare the relative efficacy of these frameworks we mainly focus on some representative schemes: the Boneh–Goh–Nissim (BGN) homomorphic encryption scheme, ring and group signatures as well as a blind signature scheme. Our concrete analyses lead to several interesting observations. We show that even after a considerable amount of research, the projecting framework implicit in the very first work of Groth–Sahai still remains the best choice for instantiating the BGN cryptosystem. Protocols like the ring signature and group signature which use both projecting and cancelling setting in composite order can be most efficiently instantiated in the Freeman prime-order projecting only setting. In contrast, while the Freeman projecting setting is sufficient for the security reduction of the blind signature scheme, the simultaneous projecting and cancelling setting does provide some efficiency advantage.

Download Full-text

A Multibank E-Cash System Based on Group Signature Scheme

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.321-324.2987 ◽

2013 ◽

Vol 321-324 ◽

pp. 2987-2990

Author(s):

Chun Hong Duo

Keyword(s):

Blind Signature ◽

Group Signature ◽

Signature Scheme ◽

General Design ◽

Design Scheme ◽

Group Signatures ◽

Group Member

Group signatures allow members of a group to sign messages anonymously on behalf of the group. Only a designated group manager is able to identify the group member who issued a given signature. In this paper we propose a new group signature scheme based on RSA, which is a blind signature algorithm. A multibank E-cash system has been presented based on the proposed scheme. A general design scheme including withdrawal, payment and deposit process is discussed particularly.

Download Full-text

Accountable Metadata-Hiding Escrow: A Group Signature Case Study

Proceedings on Privacy Enhancing Technologies ◽

10.1515/popets-2015-0012 ◽

2015 ◽

Vol 2015 (2) ◽

pp. 206-221 ◽

Cited By ~ 1

Author(s):

Markulf Kohlweiss ◽

Ian Miers

Keyword(s):

Third Party ◽

Group Signature ◽

Signature Scheme ◽

New Approach ◽

Encrypted Data ◽

Trusted Third Party ◽

Group Signatures ◽

Private Data ◽

Gain Access

Abstract A common approach to demands for lawful access to encrypted data is to allow a trusted third party (TTP) to gain access to private data. However, there is no way to verify that this trust is well placed as the TTP may open all messages indiscriminately. Moreover, existing approaches do not scale well when, in addition to the content of the conversation, one wishes to hide one’s identity. Given the importance of metadata this is a major problem. We propose a new approach in which users can retroactively verify cryptographically whether they were wiretapped. As a case study, we propose a new signature scheme that can act as an accountable replacement for group signatures, accountable forward and backward tracing signatures.

Download Full-text

ENHANCED SECURITY MODELS AND A GENERIC CONSTRUCTION APPROACH FOR LINKABLE RING SIGNATURE

International Journal of Foundations of Computer Science ◽

10.1142/s0129054106004480 ◽

2006 ◽

Vol 17 (06) ◽

pp. 1403-1422 ◽

Cited By ~ 15

Author(s):

JOSEPH K. LIU ◽

DUNCAN S. WONG

Keyword(s):

Discrete Logarithm ◽

Group Signature ◽

Signature Scheme ◽

Ring Signature ◽

Security Models ◽

Generic Construction ◽

Group Members ◽

Group Member

A ring signature scheme is a group signature scheme but with no group manager to setup a group or revoke a signer's identity. It allows members of a group to sign messages such that the resulting signatures do not reveal the identities of the group members who actually created these signatures (anonymity) and no one can tell if two signatures are created by the same signer (unlinkability). Furthermore, the formation of a group is spontaneous. Diversion group members (non-signers) can be totally unaware of being conscripted to the group. The notion of linkable ring signature, introduced by Liu et al. in 2004, also provides signer anonymity and spontaneity, but at the same time, allows anyone to determine whether two signatures have been issued by the same group member (linkability). In this paper, we propose a suite of enhanced security models and show that they capture stronger notions of signer anonymity and linkability than the original ones proposed by Liu et al. in 2004. We also propose a generic approach for constructing a linkable ring signature scheme. The generic approach leads us to the construction of two efficient polynomial-structured schemes and one type-restricted separable scheme. The separable scheme allows group members to have different sets of DL (discrete logarithm) domain parameters. All schemes are shown secure under the enhanced security models defined in this paper.

Download Full-text

Anr-Hiding Revocable Group Signature Scheme: Group Signatures with the Property of Hiding the Number of Revoked Users

Journal of Applied Mathematics ◽

10.1155/2014/983040 ◽

2014 ◽

Vol 2014 ◽

pp. 1-14 ◽

Cited By ~ 6

Author(s):

Keita Emura ◽

Atsuko Miyaji ◽

Kazumasa Omote

Keyword(s):

Negative Information ◽

Displaced Workers ◽

Group Signature ◽

Signature Scheme ◽

Signature Schemes ◽

Group Signatures ◽

A Company ◽

Security Notion

If there are many displaced workers in a company, then a person who goes for job hunting might not select this company. That is, the number of members who quit is quite negative information. Similarly, in revocable group signature schemes, if one knows (or guesses) the number of revoked users (sayr), then one may guess the reason behind such circumstances, and it may lead to harmful rumors. However, no previous revocation procedure can achieve hidingr. In this paper, we propose the first revocable group signature scheme, whereris kept hidden, which we callr-hiding revocable group signature. To handle this property, we newly define the security notion called anonymity with respect to the revocation which guarantees the unlinkability of revoked users.

Download Full-text

Efficient identity based ring signature scheme in prime order group

Journal of Electronics and Information Science ◽

10.23977/jeis.2021.060211 ◽

2021 ◽

Vol 6 (2) ◽

pp. 69-74

Author(s):

Jingyuan Li ◽

Keyword(s):

Prime Order ◽

Signature Scheme ◽

Ring Signature ◽

Scheme Design ◽

Order Group ◽

Signature Generation ◽

Verification Time ◽

Identity Based ◽

And Performance ◽

Specific Identity

Aiming at the problem of long signature generation and verification time caused by low operation efficiency in ring signature algorithm based on composite order group, an asymmetric identity based ring signature scheme based on prime order group is proposed. The model definition and specific identity based ring signature scheme design of the proposed scheme are described, and the correctness and security of the proposed scheme are analyzed. Finally, the efficiency of the core operation part of the algorithm is explained. Compared with the correlation signature algorithm based on composite order group, the optimization has a great improvement in operation overhead and performance, and the designed scheme is unforgeable. The designed signature scheme meets the unconditional anonymity and unforgeability of ring signature.

Download Full-text

A New Type of Ring Signature Scheme Based on Group Signatures Idea

Journal of Convergence Information Technology ◽

10.4156/jcit.vol8.issue3.81 ◽

2013 ◽

Vol 8 (3) ◽

pp. 684-691

Author(s):

Quangang Zhao

Keyword(s):

Signature Scheme ◽

Ring Signature ◽

Group Signatures ◽

New Type

Download Full-text

A New Approach to Keep the Privacy Information of the Signer in a Digital Signature Scheme

Information ◽

10.3390/info11050260 ◽

2020 ◽

Vol 11 (5) ◽

pp. 260

Author(s):

Dung Hoang Duong ◽

Willy Susilo ◽

Viet Cuong Trinh

Keyword(s):

Digital Signature ◽

Group Signature ◽

Encryption Scheme ◽

Signature Scheme ◽

Secret Key ◽

New Approach ◽

Designated Verifier ◽

Designated Verifier Signature ◽

Digital Signature Scheme ◽

Responsible Person

In modern applications, such as Electronic Voting, e-Health, e-Cash, there is a need that the validity of a signature should be verified by only one responsible person. This is opposite to the traditional digital signature scheme where anybody can verify a signature. There have been several solutions for this problem, the first one is we combine a signature scheme with an encryption scheme; the second one is to use the group signature; and the last one is to use the strong designated verifier signature scheme with the undeniable property. In this paper, we extend the traditional digital signature scheme to propose a new solution for the aforementioned problem. Our extension is in the sense that only a designated verifier (responsible person) can verify a signer’s signature, and if necessary (in case the signer refuses to admit his/her signature) the designated verifier without revealing his/her secret key is able to prove to anybody that the signer has actually generated the signature. The comparison between our proposed solution and the three existing solutions shows that our proposed solution is the best one in terms of both security and efficiency.

Download Full-text

An Improved Group Signature Scheme with VLR over Lattices

Security and Communication Networks ◽

10.1155/2021/9988939 ◽

2021 ◽

Vol 2021 ◽

pp. 1-10

Author(s):

Yanhua Zhang ◽

Ximeng Liu ◽

Yupu Hu ◽

Huiwen Jia ◽

Qikun Zhang

Keyword(s):

Group Size ◽

Public Key ◽

Group Signature ◽

Knowledge Argument ◽

Signature Scheme ◽

Zero Knowledge ◽

Large Group ◽

Corrected Version ◽

Group Signatures ◽

New Construction

For group signatures (GS) supporting membership revocation, verifier-local revocation (VLR) mechanism is the most flexible choice. As a post-quantum secure cryptographic counterpart of classical schemes, the first dynamic GS-VLR scheme over lattices was put forward by Langlois et al. at PKC 2014; furthermore, a corrected version was shown at TCS 2018. However, both designs are within Bonsai trees and featuring bit-sizes of group public-key and member secret signing key proportional to log N where N is the group size; therefore, both schemes are not suitable for a large group. In this paper, we provide an improved dynamic GS-VLR over lattices, which is efficient by eliminating a O log N factor for both sizes. To realize the goal, we adopt a more efficient and compact identity-encoding technique. At the heart of our new construction is a new Stern-type statistical zero-knowledge argument of knowledge protocol which may be of some independent cryptographic interest.

Download Full-text

Almost Fully Secure Lattice-Based Group Signatures with Verifier-Local Revocation

10.20944/preprints201808.0014.v1 ◽

2018 ◽

Cited By ~ 1

Author(s):

Maharage Nisanasla Sevwandi Perera ◽

Takeshi Koshiba

Keyword(s):

Efficient Method ◽

The Other ◽

Group Signature ◽

Key Generation ◽

Signature Scheme ◽

Signature Schemes ◽

Group Signatures ◽

Tracing Algorithm ◽

Static Group ◽

Security Notion

Efficient member revocation and strong security against attacks are prominent requirements in group signature schemes. Among the revocation approaches Verifier-local revocation is the most flexible and efficient method since it requires to inform only the verifiers regarding the revoked members. The verifier-local revocation technique uses a token system to manage members’ status. However, the existing group signature schemes with verifier-local revocability rely on weaker security. On the other hand, existing static group signature schemes rely on a stronger security notion called, full-anonymity. Achieving the full-anonymity for group signature schemes with verifier-local revocation is a quite challenging task. This paper aims to obtain stronger security for the lattice-based group signature schemes with verifier-local revocability, which is closer to the full-anonymity. Moreover, this paper delivers a new key-generation method which outputs revocation tokens without deriving from the users’ signing keys. By applying the tracing algorithm given in group signature schemes for static groups, this paper also outputs an efficient tracing mechanism. Thus, we deliver a new group signature scheme with verifier-local revocation that satisfies a stronger security from lattices.

Download Full-text

Simple-Yet-Efficient Construction and Revocation of Group Signatures

International Journal of Foundations of Computer Science ◽

10.1142/s0129054115500343 ◽

2015 ◽

Vol 26 (05) ◽

pp. 611-624 ◽

Cited By ~ 5

Author(s):

Tzu-Hsin Ho ◽

Li-Hsing Yen ◽

Chien-Chao Tseng

Keyword(s):

Group Membership ◽

Size Group ◽

Group Signature ◽

Communication Overhead ◽

Signature Scheme ◽

Private Key ◽

Constant Size ◽

Security Proof ◽

Group Signatures ◽

Efficient Construction

Group signatures are typically used to authenticate the signer of message while preserving the privacy of the signer. Group signature should be minimized to reduce potential communication overhead. We propose a novel short group signature scheme that generates constant-size group public key and constant-size group signature. The scheme, using pairing-friendly elliptic curves, is efficient in construction. We give the security proof under XDH and ECDL hardness assumptions in the BMW model. Furthermore, we propose two group membership revocation methods which provide revocation information only to verifiers. One revocation method exposes partial private key of revoked users, which requires less revocation information. The other revocation method includes mixed private key information without revealing the real private keys of revoked users. This method is simple in revocation check.

Download Full-text