Group Message Authentication

Group signatures is a powerful primitive with many practical applications, allowing a group of parties to share a signature functionality, while protecting the anonymity of the signer. However, despite intensive research in the past years, there is still no fully satisfactory implementation of group signatures in the plain model. The schemes proposed so far are either too inefficient to be used in practice, or their security is based on rather strong, non-standard assumptions. We observe that for some applications the full power of group signatures is not necessary. For example, a group signature can be verified by any third party, while in many applications such a universal verifiability is not needed or even not desired. Motivated by this observation, we propose a notion of group message authentication, which can be viewed as a relaxation of group signatures. Group message authentication enjoys the group-oriented features of group signatures, while dropping some of the features which are not needed in many real-life scenarios. An example application of group message authentication is an implementation of an anonymous credit card. We present a generic implementation of group message authentication, and also propose an efficient concrete implementation based on standard assumptions, namely strong RSA and DDH.

[1]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[2]  Stefan Lucks,et al.  A Variant of the Cramer-Shoup Cryptosystem for Groups of Unknown Order , 2002, ASIACRYPT.

[3]  Sven Laur,et al.  SAS-Based Group Authentication and Key Agreement Protocols , 2008, Public Key Cryptography.

[4]  P. Jebb,et al.  Prove yourself. , 2010, Nursing standard (Royal College of Nursing (Great Britain) : 1987).

[5]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[6]  Douglas Wikström Designated Confirmer Signatures Revisited , 2007, TCC.

[7]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[8]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[9]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[10]  Ivan Damgård,et al.  Efficient Zero-Knowledge Proofs of Knowledge Without Intractability Assumptions , 2000, Public Key Cryptography.

[11]  Birgit Pfitzmann,et al.  Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees , 1997, EUROCRYPT.

[12]  Fabrice Boudot,et al.  Efficient Proofs that a Committed Number Lies in an Interval , 2000, EUROCRYPT.

[13]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[14]  Dongho Won,et al.  Group Signatures for Hierarchical Multigroups , 1997, ISW.

[15]  Moni Naor,et al.  Concurrent zero-knowledge , 2004, JACM.

[16]  Silvio Micali,et al.  Computationally Sound Proofs , 2000, SIAM J. Comput..

[17]  John B. Shoven,et al.  I , Edinburgh Medical and Surgical Journal.

[18]  Joe Kilian,et al.  Identity Escrow , 1998, CRYPTO.

[19]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[20]  Markus Jakobsson,et al.  Designated Verifier Proofs and Their Applications , 1996, EUROCRYPT.

[21]  Sherman S. M. Chow Real Traceable Signatures , 2009, Selected Areas in Cryptography.

[22]  Jan Camenisch,et al.  Efficient Blind Signatures Without Random Oracles , 2004, SCN.

[23]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[24]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 2000, TSEC.

[25]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[26]  Jan Camenisch,et al.  Group Signatures: Better Efficiency and New Theoretical Aspects , 2004, SCN.

[27]  Rosario Gennaro,et al.  Securing Threshold Cryptosystems against Chosen Ciphertext Attack , 1998, EUROCRYPT.

[28]  Aggelos Kiayias,et al.  Group Encryption , 2007, ASIACRYPT.

[29]  Jan Camenisch,et al.  Practical Verifiable Encryption and Decryption of Discrete Logarithms , 2003, CRYPTO.

[30]  Brent Waters,et al.  Compact Group Signatures Without Random Oracles , 2006, EUROCRYPT.

[31]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[32]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[33]  Jan Camenisch,et al.  Practical Group Signatures without Random Oracles , 2005, IACR Cryptol. ePrint Arch..

[34]  Douglas Wikström,et al.  Hierarchical Group Signatures , 2005, ICALP.

[35]  Gene Tsudik,et al.  Some Open Issues and New Directions in Group Signatures , 1999, Financial Cryptography.

[36]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[37]  Jonathan Katz Signature Schemes Based on the (Strong) RSA Assumption , 2010 .

[38]  Ivan Damgård,et al.  A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order , 2002, ASIACRYPT.

[39]  Yi Mu,et al.  Group Decryption , 2007, IACR Cryptol. ePrint Arch..

[40]  David Chaum,et al.  Designated Confirmer Signatures , 1994, EUROCRYPT.

[41]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[42]  Oded Goldreich,et al.  A uniform-complexity treatment of encryption and zero-knowledge , 1993, Journal of Cryptology.

[43]  Shai Halevi,et al.  Secure Hash-and-Sign Signatures Without the Random Oracle , 1999, EUROCRYPT.