Ad-Hoc-Group Signatures from Hijacked Keypairs

Ad-hoc-group signatures enable an individual to sign on behalf of a group without requiring prior group membership setup. Such signatures are used to provide credibility – the signer must be one of the group members – combined with some degree of anonymity – the identity of the signer within the group cannot be determined. Thus, in many instances, other group members might not cooperate in the creation of such a signature. They may even wish to interfere with its creation, refusing to generate keypairs of a form that might facilitate such activity. We present a combination of techniques for efficiently coercing any user into an ad-hoc signatory group, using only that user’s public key. This public key may correspond to almost any signature or encryption scheme, as long as there exists an efficient Special Honest Verifier Zero Knowledge Proof of Knowledge protocol for the secret key, or, alternatively, a hash-and-sign algorithm for that keypair type. Our approach effectively hijacks any public key for the purpose of building an ad-hoc group signature. We also present a new proof protocol that enables, within our framework, the hijacking of Boneh-Franklin and Waters identity-based encryption keys, as well as Camenisch-Lysyanskaya signature keys.

[1]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[2]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[3]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[4]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[5]  Jean-Jacques Quisquater,et al.  A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge , 1988, CRYPTO.

[6]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[7]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[8]  Markus Jakobsson,et al.  Designated Verifier Proofs and Their Applications , 1996, EUROCRYPT.

[9]  Jan Camenisch,et al.  Efficient group signature schemes for large groups , 1997 .

[10]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[11]  Jan Camenisch,et al.  Separability and Efficiency for Generic Group Signature Schemes , 1999, CRYPTO.

[12]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[13]  Moni Naor,et al.  Deniable Ring Authentication , 2002, CRYPTO.

[14]  Kwangjo Kim,et al.  ID-Based Blind Signature and Ring Signature from Pairings , 2002, ASIACRYPT.

[15]  Shouhuai Xu,et al.  Strong Key-Insulated Signature Schemes , 2003, Public Key Cryptography.

[16]  Jung Hee Cheon,et al.  An Identity-Based Signature from Gap Diffie-Hellman Groups , 2003, Public Key Cryptography.

[17]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[18]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[19]  Nikita Borisov,et al.  Off-the-record communication, or, why not to use PGP , 2004, WPES '04.

[20]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[21]  Mihir Bellare,et al.  Foundations of Group Signatures: The Case of Dynamic Groups , 2005, CT-RSA.

[22]  Yi Mu,et al.  Deniable Ring Authentication Revisited , 2004, ACNS.

[23]  Masayuki Abe,et al.  1-out-of-n Signatures from a Variety of Keys , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[24]  Rosario Gennaro,et al.  New Approaches for Deniable Authentication , 2005, CCS '05.

[25]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.