Verifier-local revocation group signatures with time-bound keys

A prominent issue in group signatures is revoking a group member's signing capability. To solve this issue, the group manager can send revocation messages only to signature verifiers, known as group signatures with verifier-local revocation (VLR). In existing VLR designs, the cost of revocation check grows linearly with the size of revocation messages. This paper introduces time-bound keys into group signatures to reduce the size of revocation messages and speed up the revocation check. In the new notion, the secret key of each group member is associated with an expiration date, and verifiers can tell (at a constant cost) whether or not a group signature is produced using an expired key. Consequently, revocation messages only need to provide the information about group members revoked prematurely (e.g., due to key compromise) but not those with expired keys. This will lead to a significant saving on revocation check in situations where prematurely revoked members are only a small fraction of revoked members. Following this approach, we give two concrete designs of group signatures with VLR to demonstrate the trade-offs between efficiency and privacy.

[1]  Xiaotie Deng,et al.  Universal authentication protocols for anonymous wireless communications , 2010, IEEE Transactions on Wireless Communications.

[2]  Nobuo Funabiki,et al.  Verifier-Local Revocation Group Signature Schemes with Backward Unlinkability from Bilinear Maps , 2005, ASIACRYPT.

[3]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[4]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[5]  Jan Camenisch,et al.  Group signature schemes and payment systems based on the discrete logarithm problem , 1998 .

[6]  Hovav Shacham,et al.  Group signatures with verifier-local revocation , 2004, CCS '04.

[7]  Nobuo Funabiki,et al.  A Short Verifier-Local Revocation Group Signature Scheme with Backward Unlinkability , 2006, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[8]  Jiangtao Li,et al.  VLR group signatures with indisputable exculpability and efficient revocation , 2012, Int. J. Inf. Priv. Secur. Integr..

[9]  Dawn Xiaodong Song,et al.  Practical forward secure group signature schemes , 2001, CCS '01.

[10]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[11]  Dongdai Lin,et al.  Shorter Verifier-Local Revocation Group Signatures from Bilinear Maps , 2006, CANS.

[12]  Julien Bringer,et al.  Backward Unlinkability for a VLR Group Signature Scheme with Efficient Revocation Check , 2011, IACR Cryptol. ePrint Arch..

[13]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[14]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[15]  Benoît Libert,et al.  Group Signatures with Verifier-Local Revocation and Backward Unlinkability in the Standard Model , 2009, CANS.

[16]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[17]  Claudio Soriente,et al.  An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials , 2009, IACR Cryptol. ePrint Arch..

[18]  Yumin Wang,et al.  More Efficient VLR Group Signature Satisfying Exculpability , 2008, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[19]  Wen-Guey Tzeng,et al.  An Efficient Solution to the Millionaires' Problem Based on Homomorphic Encryption , 2005, ACNS.