Almost Fully Secure Lattice-Based Group Signatures with Verifier-Local Revocation

Efficient member revocation and strong security against attacks are prominent requirements in group signature schemes. Among the revocation approaches Verifier-local revocation is the most flexible and efficient method since it requires to inform only the verifiers regarding the revoked members. The verifier-local revocation technique uses a token system to manage members’ status. However, the existing group signature schemes with verifier-local revocability rely on weaker security. On the other hand, existing static group signature schemes rely on a stronger security notion called, full-anonymity. Achieving the full-anonymity for group signature schemes with verifier-local revocation is a quite challenging task. This paper aims to obtain stronger security for the lattice-based group signature schemes with verifier-local revocability, which is closer to the full-anonymity. Moreover, this paper delivers a new key-generation method which outputs revocation tokens without deriving from the users’ signing keys. By applying the tracing algorithm given in group signature schemes for static groups, this paper also outputs an efficient tracing mechanism. Thus, we deliver a new group signature scheme with verifier-local revocation that satisfies a stronger security from lattices.

Download Full-text

Almost Fully Secured Lattice-Based Group Signatures with Verifier-Local Revocation

Cryptography ◽

10.3390/cryptography4040033 ◽

2020 ◽

Vol 4 (4) ◽

pp. 33

Author(s):

Maharage Nisansala Sevwandi Perera ◽

Takeshi Koshiba

Keyword(s):

The Other ◽

Group Signature ◽

Key Generation ◽

Signature Scheme ◽

Zero Knowledge ◽

Signature Schemes ◽

Group Signatures ◽

Desirable Feature ◽

Group Members ◽

Security Notion

An efficient member revocation mechanism is a desirable feature when group signature schemes are applied in practical scenarios. Revocation methods, such as verifier-local revocation (VLR), provide an efficient member revocation in applications of group signatures. However, VLR-group signatures rely on a weaker security notion. On the other hand, group signature schemes for static groups gain stronger security with the full-anonymity security notion. Even though an outsider sees the secret signing keys of all group members in the full-anonymity, the signer is still anonymous. Achieving the full-anonymity for VLR group signature schemes is challenging due to the structure of secret signing keys. The secret signing keys of those schemes consist of tokens, which are used to manage revocation. The reveal of tokens may destroy the anonymity of the signers. We obtain stronger security for the lattice-based VLR group signature schemes by providing a new key generation method, which outputs revocation tokens without deriving from the members’ secret signing keys. We propose a new group signature scheme from lattices with VLR, which achieves stronger security than the previous related works. To avoid signature forgeries, we suggest a new zero-knowledge proof system that requires signers to validate themselves. Moreover, we output an efficient tracing mechanism.

Download Full-text

Anr-Hiding Revocable Group Signature Scheme: Group Signatures with the Property of Hiding the Number of Revoked Users

Journal of Applied Mathematics ◽

10.1155/2014/983040 ◽

2014 ◽

Vol 2014 ◽

pp. 1-14 ◽

Cited By ~ 6

Author(s):

Keita Emura ◽

Atsuko Miyaji ◽

Kazumasa Omote

Keyword(s):

Negative Information ◽

Displaced Workers ◽

Group Signature ◽

Signature Scheme ◽

Signature Schemes ◽

Group Signatures ◽

A Company ◽

Security Notion

If there are many displaced workers in a company, then a person who goes for job hunting might not select this company. That is, the number of members who quit is quite negative information. Similarly, in revocable group signature schemes, if one knows (or guesses) the number of revoked users (sayr), then one may guess the reason behind such circumstances, and it may lead to harmful rumors. However, no previous revocation procedure can achieve hidingr. In this paper, we propose the first revocable group signature scheme, whereris kept hidden, which we callr-hiding revocable group signature. To handle this property, we newly define the security notion called anonymity with respect to the revocation which guarantees the unlinkability of revoked users.

Download Full-text

A Multibank E-Cash System Based on Group Signature Scheme

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.321-324.2987 ◽

2013 ◽

Vol 321-324 ◽

pp. 2987-2990

Author(s):

Chun Hong Duo

Keyword(s):

Blind Signature ◽

Group Signature ◽

Signature Scheme ◽

General Design ◽

Design Scheme ◽

Group Signatures ◽

Group Member

Group signatures allow members of a group to sign messages anonymously on behalf of the group. Only a designated group manager is able to identify the group member who issued a given signature. In this paper we propose a new group signature scheme based on RSA, which is a blind signature algorithm. A multibank E-cash system has been presented based on the proposed scheme. A general design scheme including withdrawal, payment and deposit process is discussed particularly.

Download Full-text

ID-Based Deniable Ring Signature with Constant-Size Signature

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.255-260.2192 ◽

2011 ◽

Vol 255-260 ◽

pp. 2192-2196

Author(s):

Cheng Yu Hu ◽

Peng Tao Liu

Keyword(s):

Bilinear Pairings ◽

The Other ◽

Ring Size ◽

Signature Scheme ◽

Signature Schemes ◽

Ring Signature ◽

Constant Size ◽

Identity Based ◽

Verification Process

The ring signature can guarantee the signer’s anonymity. Most proposed ring signature schemes have two problems: One is that the size of ring signature depends linearly on the ring size, and the other is that the signer can shift the blame to victims because of the anonymity. Some authors have studied the constant-size ring signature and deniable ring signature to solve these two problems. This paper shows that an identity-based ring signature scheme with constant size has some security problems by using an insecure accumulator and its verification process does not include the message m. Then we combine the concepts of “constant-size” and “deniable” to form an id-based deniable ring signature with constant-size signature. The new scheme with constant-size signature length is proposed based on an improved accumulator from bilinear pairings and it solves the problem of anonymity abuse.

Download Full-text

Identity-based threshold group signature scheme based on multiple hard number theoretic problems

International Journal of Electrical and Computer Engineering (IJECE) ◽

10.11591/ijece.v10i4.pp3695-3701 ◽

2020 ◽

Vol 10 (4) ◽

pp. 3695

Author(s):

Nedal Tahat ◽

Ashraf A. Tahat

Keyword(s):

Discrete Logarithm ◽

Minimum Cost ◽

Difficult Problem ◽

Group Signature ◽

Signature Scheme ◽

Signature Schemes ◽

Private Data ◽

Intractable Problems ◽

Secret Keys ◽

Identity Based

We introduce in this paper a new identity-based threshold signature (IBTHS) technique, which is based on a pair of intractable problems, residuosity and discrete logarithm. This technique relies on two difficult problems and offers an improved level of security relative to an individual hard problem. The majority of the denoted IBTHS techniques are established on an individual difficult problem. Despite the fact that these methods are secure, however, a prospective solution of this sole problem by an adversary will enable him/her to recover the entire private data together with secret keys and configuration values of the associated scheme. Our technique is immune to the four most familiar attack types in relation to the signature schemes. Enhanced performance of our proposed technique is verified in terms of minimum cost of computations required by both of the signing algorithm and the verifying algorithm in addition to immunity to attacks.

Download Full-text

A Fully Adaptively Secure Threshold Signature Scheme Based on Dual-Form Signatures Technology

Security and Communication Networks ◽

10.1155/2021/6697295 ◽

2021 ◽

Vol 2021 ◽

pp. 1-11

Author(s):

Yuanju Gan

Keyword(s):

Digital Signature ◽

Vector Spaces ◽

Signature Scheme ◽

Threshold Signature ◽

Signature Schemes ◽

Dual Form ◽

The Standard Model ◽

Chosen Message Attack ◽

Security Notion ◽

Attack Models

In t , n threshold signature schemes, any subset of t participants out of n can produce a valid signature, but any fewer than t participants cannot. Meanwhile, a threshold signature scheme should remain robust and unforgeable against up to t − 1 corrupted participants. This nonforgeability property is that even an adversary breaking into up to t − 1 participants should be unable to generate signatures on its own. Existential unforgeability against adaptive chosen message attacks is widely considered as a standard security notion for digital signature, and threshold signature should also follow this accordingly. However, there are two special attack models in a threshold signature scheme: one is the static corruption attack and the other is the adaptive corruption attack. Since the adaptive corruption model appears to better capture real threats, designing and proving threshold signature schemes secure in the adaptive corruption model has been focused on in recent years. If a threshold signature is secure under adaptive chosen message attack and adaptive corruption attack, we say it is fully adaptively secure. In this paper, based on the dual pairing vector spaces technology, we construct a threshold signature scheme and use Gerbush et al.’s dual-form signatures technology to prove our scheme, which is fully adaptively secure in the standard model, and then compare it to other schemes in terms of the efficiency and computation.

Download Full-text

Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocation

Proceedings on Privacy Enhancing Technologies ◽

10.1515/popets-2017-0055 ◽

2017 ◽

Vol 2017 (4) ◽

pp. 384-403 ◽

Cited By ~ 9

Author(s):

Sazzadur Rahaman ◽

Long Cheng ◽

Danfeng Daphne Yao ◽

He Li ◽

Jung-Min Jerry Park

Keyword(s):

Citizen Science ◽

Low Cost ◽

Group Signature ◽

Performance Gain ◽

Signature Scheme ◽

Dynamic Nature ◽

Open Problems ◽

Signature Schemes ◽

Experimental Findings ◽

Provably Secure

Abstract Group signature schemes enable anonymous-yet-accountable communications. Such a capability is extremely useful for applications, such as smartphone-based crowdsensing and citizen science. However, the performance of modern group signature schemes is still inadequate to manage large dynamic groups. In this paper, we design the first provably secure verifier-local revocation (VLR) - based group signature scheme that supports sublinear revocation, named Sublinear Revocation with Backward unlinkability and Exculpability (SRBE). To achieve this performance gain, SRBE introduces time bound pseudonyms for the signer. By introducing low-cost short-lived pseudonyms with sublinear revocation checking, SRBE drastically improves the efficiency of the group-signature primitive. The backward-unlinkable anonymity of SRBE guarantees that even after the revocation of a signer, her previously generated signatures remain unlinkable across epochs. This behavior favors the dynamic nature of real-world crowdsensing settings. We prove its security and discuss parameters that influence its scalability. Using SRBE, we also implement a prototype named GroupSense for anonymous-yet-accountable crowdsensing, where our experimental findings confirm GroupSense’s scalability. We point out the open problems remaining in this space.

Download Full-text

Accountable Metadata-Hiding Escrow: A Group Signature Case Study

Proceedings on Privacy Enhancing Technologies ◽

10.1515/popets-2015-0012 ◽

2015 ◽

Vol 2015 (2) ◽

pp. 206-221 ◽

Cited By ~ 1

Author(s):

Markulf Kohlweiss ◽

Ian Miers

Keyword(s):

Third Party ◽

Group Signature ◽

Signature Scheme ◽

New Approach ◽

Encrypted Data ◽

Trusted Third Party ◽

Group Signatures ◽

Private Data ◽

Gain Access

Abstract A common approach to demands for lawful access to encrypted data is to allow a trusted third party (TTP) to gain access to private data. However, there is no way to verify that this trust is well placed as the TTP may open all messages indiscriminately. Moreover, existing approaches do not scale well when, in addition to the content of the conversation, one wishes to hide one’s identity. Given the importance of metadata this is a major problem. We propose a new approach in which users can retroactively verify cryptographically whether they were wiretapped. As a case study, we propose a new signature scheme that can act as an accountable replacement for group signatures, accountable forward and backward tracing signatures.

Download Full-text

Converting pairing-based cryptosystems from composite to prime order setting – A comparative analysis

Journal of Mathematical Cryptology ◽

10.1515/jmc-2017-0042 ◽

2018 ◽

Vol 12 (3) ◽

pp. 159-190

Author(s):

Sanjit Chatterjee ◽

M. Prem Laxman Das ◽

R. Kabaleeshwaran

Keyword(s):

Comparative Analysis ◽

Prime Order ◽

Homomorphic Encryption ◽

Blind Signature ◽

Group Signature ◽

Encryption Scheme ◽

Signature Scheme ◽

Relative Efficacy ◽

Ring Signature ◽

Group Signatures

Abstract Composite order pairing setting has been used to achieve cryptographic functionalities beyond what is attainable in prime order groups. However, such pairings are known to be significantly slower than their prime order counterparts. Thus emerged a new line of research – developing frameworks to convert cryptosystems from composite to prime order pairing setting. In this work, we analyse the intricacies of efficient prime order instantiation of cryptosystems that can be converted using existing frameworks. To compare the relative efficacy of these frameworks we mainly focus on some representative schemes: the Boneh–Goh–Nissim (BGN) homomorphic encryption scheme, ring and group signatures as well as a blind signature scheme. Our concrete analyses lead to several interesting observations. We show that even after a considerable amount of research, the projecting framework implicit in the very first work of Groth–Sahai still remains the best choice for instantiating the BGN cryptosystem. Protocols like the ring signature and group signature which use both projecting and cancelling setting in composite order can be most efficiently instantiated in the Freeman prime-order projecting only setting. In contrast, while the Freeman projecting setting is sufficient for the security reduction of the blind signature scheme, the simultaneous projecting and cancelling setting does provide some efficiency advantage.

Download Full-text

An Improved Group Signature Scheme with VLR over Lattices

Security and Communication Networks ◽

10.1155/2021/9988939 ◽

2021 ◽

Vol 2021 ◽

pp. 1-10

Author(s):

Yanhua Zhang ◽

Ximeng Liu ◽

Yupu Hu ◽

Huiwen Jia ◽

Qikun Zhang

Keyword(s):

Group Size ◽

Public Key ◽

Group Signature ◽

Knowledge Argument ◽

Signature Scheme ◽

Zero Knowledge ◽

Large Group ◽

Corrected Version ◽

Group Signatures ◽

New Construction

For group signatures (GS) supporting membership revocation, verifier-local revocation (VLR) mechanism is the most flexible choice. As a post-quantum secure cryptographic counterpart of classical schemes, the first dynamic GS-VLR scheme over lattices was put forward by Langlois et al. at PKC 2014; furthermore, a corrected version was shown at TCS 2018. However, both designs are within Bonsai trees and featuring bit-sizes of group public-key and member secret signing key proportional to log N where N is the group size; therefore, both schemes are not suitable for a large group. In this paper, we provide an improved dynamic GS-VLR over lattices, which is efficient by eliminating a O log N factor for both sizes. To realize the goal, we adopt a more efficient and compact identity-encoding technique. At the heart of our new construction is a new Stern-type statistical zero-knowledge argument of knowledge protocol which may be of some independent cryptographic interest.

Download Full-text