Group Signatures with Message-Dependent Opening

This paper introduces a new capability of the group signature, called message-dependent opening. It is intended to weaken the higher trust put on an opener, that is, no anonymity against an opener is provided by ordinary group signature. In a group signature system with message-dependent opening (GS-MDO), in addition to the opener, we set up the admitter which is not able to open any user's identity but admits the opener to open signatures by specifying messages whose signatures should be opened. For any signature whose corresponding message is not specified by the admitter, the opener cannot extract the signer's identity from it. In this paper, we present formal definitions and constructions of GS-MDO. Furthermore, we also show that GS-MDO implies identity-based encryption, and thus for designing a GS-MDO scheme, identity-based encryption is crucial. Actually, we propose a generic construction of GS-MDO from identity-based encryption and adaptive NIZK proofs, and its specific instantiation from the Groth-Sahai proof system by constructing a new (k-resilient) identity-based encryption scheme which is compatible to the Groth-Sahai proof.

[1]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[2]  Tatsuaki Okamoto,et al.  Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes , 1992, CRYPTO.

[3]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[4]  Joe Kilian,et al.  Identity Escrow , 1998, CRYPTO.

[5]  Kaisa Nyberg,et al.  Advances in Cryptology — EUROCRYPT'98 , 1998 .

[6]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[7]  Rosario Gennaro,et al.  Securing Threshold Cryptosystems against Chosen Ciphertext Attack , 1998, EUROCRYPT.

[8]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[9]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[10]  Jan Camenisch,et al.  Separability and Efficiency for Generic Group Signature Schemes , 1999, CRYPTO.

[11]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[12]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[13]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[14]  Donald W. Davies,et al.  Advances in Cryptology — EUROCRYPT ’91 , 2001, Lecture Notes in Computer Science.

[15]  Ernest F. Brickell,et al.  Advances in Cryptology — CRYPTO’ 92 , 2001, Lecture Notes in Computer Science.

[16]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.

[17]  Shouhuai Xu,et al.  Key-Insulated Public Key Cryptosystems , 2002, EUROCRYPT.

[18]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[19]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[20]  Michael K. Reiter,et al.  Alternatives to Non-malleability: Definitions, Constructions, and Applications (Extended Abstract) , 2004, TCC.

[21]  Kaoru Kurosawa,et al.  k-Resilient Identity-Based Encryption in the Standard Model , 2004, CT-RSA.

[22]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[23]  Jan Camenisch,et al.  Efficient Blind Signatures Without Random Oracles , 2004, SCN.

[24]  Hovav Shacham,et al.  Group signatures with verifier-local revocation , 2004, CCS '04.

[25]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[26]  Tatsuaki Okamoto Topics in Cryptology – CT-RSA 2004 , 2004, Lecture Notes in Computer Science.

[27]  Bogdan Warinschi,et al.  On the Minimal Assumptions of Group Signature Schemes , 2004, ICICS.

[28]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[29]  Aggelos Kiayias,et al.  Group Signatures: Provable Security, Efficient Constructions and Anonymity from Trapdoor-Holders , 2004, IACR Cryptol. ePrint Arch..

[30]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[31]  Mihir Bellare,et al.  Foundations of Group Signatures: The Case of Dynamic Groups , 2005, CT-RSA.

[32]  Kaoru Kurosawa,et al.  Tag-KEM/DEM: A New Framework for Hybrid Encryption and A New Analysis of Kurosawa-Desmedt KEM , 2005, EUROCRYPT.

[33]  Hideki Imai,et al.  An Efficient Group Signature Scheme from Bilinear Maps , 2005, ACISP.

[34]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[35]  Jan Camenisch,et al.  Practical Group Signatures without Random Oracles , 2005, IACR Cryptol. ePrint Arch..

[36]  Alfred Menezes,et al.  Topics in Cryptology – CT-RSA 2005 , 2005 .

[37]  Aggelos Kiayias,et al.  Group Signatures with Efficient Concurrent Join , 2005, EUROCRYPT.

[38]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[39]  David Pointcheval,et al.  Dynamic Fully Anonymous Short Group Signatures , 2006, VIETCRYPT.

[40]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[41]  Kefei Chen,et al.  Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3-7, 2006, Proceedings , 2006, ASIACRYPT.

[42]  Eike Kiltz,et al.  Chosen-Ciphertext Security from Tag-Based Encryption , 2006, TCC.

[43]  Brent Waters,et al.  Compact Group Signatures Without Random Oracles , 2006, EUROCRYPT.

[44]  Brent Waters,et al.  Full-Domain Subgroup Hiding and Constant-Size Group Signatures , 2007, Public Key Cryptography.

[45]  Jens Groth,et al.  Fully Anonymous Group Signatures without Random Oracles , 2007, IACR Cryptol. ePrint Arch..

[46]  Tatsuaki Okamoto,et al.  Public Key Cryptography - PKC 2007, 10th International Conference on Practice and Theory in Public-Key Cryptography, Beijing, China, April 16-20, 2007, Proceedings , 2007, Public Key Cryptography.

[47]  Hovav Shacham,et al.  A Cramer-Shoup Encryption Scheme from the Linear Assumption and from Progressively Weaker Linear Variants , 2007, IACR Cryptol. ePrint Arch..

[48]  Kaoru Kurosawa,et al.  Advances in Cryptology - ASIACRYPT 2007, 13th International Conference on the Theory and Application of Cryptology and Information Security, Kuching, Malaysia, December 2-6, 2007, Proceedings , 2007, International Conference on the Theory and Application of Cryptology and Information Security.

[49]  Phong Q. Nguyen Progress in Cryptology - VIETCRYPT 2006 , 2007 .

[50]  Nigel P. Smart,et al.  Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.

[51]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[52]  Mihir Bellare,et al.  Two-tier signatures from the Fiat-Shamir transform, with applications to strongly unforgeable and one-time signatures , 2008, IET Inf. Secur..

[53]  Jan Camenisch,et al.  A public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks , 2009, IACR Cryptol. ePrint Arch..

[54]  Periklis A. Papakonstantinou,et al.  On the Impossibility of Basing Identity Based Encryption on Trapdoor Permutations , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[55]  Sherman S. M. Chow Real Traceable Signatures , 2009, Selected Areas in Cryptography.

[56]  Moti Yung,et al.  A New Randomness Extraction Paradigm for Hybrid Encryption , 2009, EUROCRYPT.

[57]  Goichiro Hanaoka,et al.  On the Theoretical Gap between Group Signatures with and without Unlinkability , 2009, AFRICACRYPT.

[58]  Bogdan Warinschi,et al.  Groth-Sahai proofs revisited , 2010, IACR Cryptol. ePrint Arch..

[59]  Bart Preneel Progress in Cryptology - AFRICACRYPT 2009, Second International Conference on Cryptology in Africa, Gammarth, Tunisia, June 21-25, 2009. Proceedings , 2009, AFRICACRYPT.

[60]  Tal Rabin Advances in Cryptology - CRYPTO 2010, 30th Annual Cryptology Conference, Santa Barbara, CA, USA, August 15-19, 2010. Proceedings , 2010, CRYPTO.

[61]  Jan Camenisch,et al.  Get Shorty via Group Signatures without Encryption , 2010, SCN.

[62]  Aggelos Kiayias,et al.  Multi-query Computationally-Private Information Retrieval with Constant Communication Rate , 2010, Public Key Cryptography.

[63]  Jonathan M. McCune,et al.  A Contractual Anonymity System , 2010 .

[64]  Masayuki Abe,et al.  Signing on Elements in Bilinear Groups for Modular Protocol Design , 2010, IACR Cryptol. ePrint Arch..

[65]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures and Commitments to Group Elements , 2010, CRYPTO.

[66]  Jianying Zhou,et al.  Information and Communications Security , 2013, Lecture Notes in Computer Science.