Shortening the Libert-Peters-Yung Revocable Group Signature Scheme by Using the Random Oracle Methodology

In EUROCRYPT 2012, Libert, Peters and Yung (LPY) proposed the first scalable revocable group signature (R-GS) scheme in the standard model which achieves constant signing/verification costs and other costs regarding signers are at most logarithmic in N , where N is the maximum number of group members. However, although the LPY R-GS scheme is asymptotically quite efficient, this scheme is not sufficiently efficient in practice. For example, the signature size of the LPY scheme is roughly 10 times larger than that of the RSA signature (in 160-bit security). In this paper, we propose a compact R-GS scheme secure in the random oracle model that is efficient not only in the asymptotic sense but also in practical parameter settings. We achieve the same efficiency as the LPY scheme in an asymptotic sense, and the signature size is nearly equal to that of the RSA signature (in 160-bit security). It is particularly worth noting that our R-GS scheme has the smallest signature size compared to those of previous R-GS schemes which enable constant signing/verification costs. Our technique, which we call parallel Boneh–Boyen–Shacham group signature technique, helps to construct a R-GS scheme without following the technique used in LPY, i.e., we directly apply the Naor–Naor–Lotspiech framework without using any identity-based encryption. keywords: group signature, revocation, scalability.

[1]  Hideki Imai,et al.  An Efficient Group Signature Scheme from Bilinear Maps , 2005, ACISP.

[2]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[3]  Yusuke Sakai,et al.  Revocable Group Signature with Constant-Size Revocation List , 2015, Comput. J..

[4]  Thorsten Kleinjung,et al.  Breaking '128-bit Secure' Supersingular Binary Curves (or how to solve discrete logarithms in 𝔽24·1223 and 𝔽212·367) , 2014, IACR Cryptol. ePrint Arch..

[5]  Kaigui Bian,et al.  Group Signatures with Probabilistic Revocation: A Computationally-Scalable Approach for Providing Privacy-Preserving Authentication , 2015, CCS.

[6]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[7]  David Pointcheval,et al.  Short Randomizable Signatures , 2016, CT-RSA.

[8]  Aggelos Kiayias,et al.  Group Signatures with Efficient Concurrent Join , 2005, EUROCRYPT.

[9]  Nobuo Funabiki,et al.  Revocable Group Signature Schemes with Constant Costs for Signing and Verifying , 2009, Public Key Cryptography.

[10]  Kazuo Ohta,et al.  On the Security of Dynamic Group Signatures: Preventing Signature Hijacking , 2012, Public Key Cryptography.

[11]  Ronald Cramer,et al.  A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack , 1998, CRYPTO.

[12]  Daniel Slamanig,et al.  Fully-Anonymous Short Dynamic Group Signatures Without Encryption , 2016, IACR Cryptol. ePrint Arch..

[13]  Huaxiong Wang,et al.  Lattice-based Group Signature Scheme with Verifier-local Revocation , 2014, IACR Cryptol. ePrint Arch..

[14]  Nobuo Funabiki,et al.  Verifier-Local Revocation Group Signature Schemes with Backward Unlinkability from Bilinear Maps , 2005, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[15]  Toru Nakanishi,et al.  Revocable Group Signatures with Compact Revocation List Using Vector Commitments , 2016, WISA.

[16]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[17]  Jung Yeon Hwang,et al.  Short Group Signatures with Controllable Linkability , 2011, 2011 Workshop on Lightweight Security & Privacy: Devices, Protocols, and Applications.

[18]  V. Shoup,et al.  Information technology-Security techniques-Encryption algorithms-Part 2 : Asymmetric Ciphers , 2004 .

[19]  Yi Mu,et al.  Constant-Size Dynamic $k$ -Times Anonymous Authentication , 2013, IEEE Systems Journal.

[20]  Huaxiong Wang,et al.  Constant-Size Group Signatures from Lattices , 2018, Public Key Cryptography.

[21]  Damien Stehlé,et al.  Lattice-Based Group Signatures with Logarithmic Signature Size , 2013, ASIACRYPT.

[22]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[23]  Jan Camenisch,et al.  Floppy-Sized Group Signatures from Lattices , 2018, IACR Cryptol. ePrint Arch..

[24]  Keita Emura,et al.  A Revocable Group Signature Scheme with Scalability from Simple Assumptions and Its Implementation , 2018, ISC.

[25]  Hoeteck Wee,et al.  Shorter IBE and Signatures via Asymmetric Pairings , 2012, Pairing.

[26]  Benoît Libert,et al.  Group Signatures with Verifier-Local Revocation and Backward Unlinkability in the Standard Model , 2009, CANS.

[27]  Nobuo Funabiki,et al.  Efficient Proofs for CNF Formulas on Attributes in Pairing-Based Anonymous Credential System , 2012, ICISC.

[28]  Paulo S. L. M. Barreto,et al.  Constructing Elliptic Curves with Prescribed Embedding Degrees , 2002, SCN.

[29]  Mihir Bellare,et al.  Foundations of Group Signatures: The Case of Dynamic Groups , 2005, CT-RSA.

[30]  Aggelos Kiayias,et al.  Group Signatures: Provable Security, Efficient Constructions and Anonymity from Trapdoor-Holders , 2004, IACR Cryptol. ePrint Arch..

[31]  Zhenfeng Zhang,et al.  Simpler Efficient Group Signatures from Lattices , 2015, Public Key Cryptography.

[32]  Daniel Slamanig,et al.  Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable Linkability , 2016, CT-RSA.

[33]  Nuttapong Attrapadung,et al.  Expressive Key-Policy Attribute-Based Encryption with Constant-Size Ciphertexts , 2011, Public Key Cryptography.

[34]  Nobuo Funabiki,et al.  Revocable Group Signatures with Compact Revocation List Using Accumulators , 2013, ICISC.

[35]  Jan Camenisch,et al.  Fully Anonymous Attribute Tokens from Lattices , 2012, SCN.

[36]  Jan Camenisch,et al.  Anonymous Attestation Using the Strong Diffie Hellman Assumption Revisited , 2016, TRUST.

[37]  Jan Camenisch,et al.  Get Shorty via Group Signatures without Encryption , 2010, SCN.

[38]  Antoine Joux,et al.  A Heuristic Quasi-Polynomial Algorithm for Discrete Logarithm in Finite Fields of Small Characteristic , 2014, EUROCRYPT.

[39]  Hovav Shacham,et al.  A Cramer-Shoup Encryption Scheme from the Linear Assumption and from Progressively Weaker Linear Variants , 2007, IACR Cryptol. ePrint Arch..

[40]  Yusuke Sakai,et al.  A Revocable Group Signature Scheme from Identity-Based Revocation Techniques: Achieving Constant-Size Revocation List , 2014, ACNS.

[41]  Mark Manulis,et al.  Group Signature with Constant Revocation Costs for Signers and Verifiers , 2011, CANS.

[42]  Jens Groth,et al.  Foundations of Fully Dynamic Group Signatures , 2016, Journal of Cryptology.

[43]  Huaxiong Wang,et al.  Lattice-Based Group Signatures: Achieving Full Dynamicity with Ease , 2017, ACNS.

[44]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[45]  Moti Yung,et al.  Concise Mercurial Vector Commitments and Independent Zero-Knowledge Sets with Short Proofs , 2010, TCC.

[46]  David Pointcheval,et al.  Dynamic Fully Anonymous Short Group Signatures , 2006, VIETCRYPT.

[47]  Huaxiong Wang,et al.  Group Signatures from Lattices: Simpler, Tighter, Shorter, Ring-Based , 2015, Public Key Cryptography.

[48]  Jonathan Katz,et al.  A Group Signature Scheme from Lattice Assumptions , 2010, IACR Cryptol. ePrint Arch..

[49]  Thomas Ristenpart,et al.  The Power of Proofs-of-Possession: Securing Multiparty Signatures against Rogue-Key Attacks , 2007, EUROCRYPT.

[50]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[51]  Moti Yung,et al.  Practical "Signatures with Efficient Protocols" from Simple Assumptions , 2016, AsiaCCS.

[52]  Jens Groth,et al.  Fully Anonymous Group Signatures without Random Oracles , 2007, IACR Cryptol. ePrint Arch..

[53]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[54]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[55]  Kaoru Kurosawa,et al.  Multi-recipient Public-Key Encryption with Shortened Ciphertext , 2002, Public Key Cryptography.

[56]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[57]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[58]  Dan Boneh,et al.  Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups , 2008, Journal of Cryptology.

[59]  Hovav Shacham,et al.  Group signatures with verifier-local revocation , 2004, CCS '04.

[60]  Moti Yung,et al.  Short Group Signatures via Structure-Preserving Signatures: Standard Model Security from Simple Assumptions , 2015, CRYPTO.

[61]  Huaxiong Wang,et al.  Signature Schemes with Efficient Protocols and Dynamic Group Signatures from Lattice Assumptions , 2016, ASIACRYPT.

[62]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[63]  Aggelos Kiayias,et al.  Secure scalable group signature with dynamic joins and separable authorities , 2006, Int. J. Secur. Networks.

[64]  Moti Yung,et al.  Scalable Group Signatures with Revocation , 2012, EUROCRYPT.

[65]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[66]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[67]  Yevgeniy Dodis,et al.  Public Key Broadcast Encryption for Stateless Receivers , 2002, Digital Rights Management Workshop.

[68]  Moti Yung,et al.  Group Signatures with Almost-for-Free Revocation , 2012, CRYPTO.