Practical Dynamic Group Signatures Without Knowledge Extractors

Dynamic group signature (DGS) allows a user to generate a signature on behalf of a group, while preserving anonymity. Although many existing DGS schemes have been proposed in the random oracle model for achieving efficiency, their security proofs require knowledge extractors that cause loose security reductions. In this paper, we first propose a new practicalDGS scheme whose security can be proven without knowledge extractors in the random oracle model. Moreover, our scheme can also be proven in the strong security model where an adversary is allowed to generate group managers’ keys maliciously. The efficiency of our scheme is comparable to existing secureDGS schemes in the random oracle model using knowledge extractors. The security of our scheme is based on a new complexity assumption that is obtained by generalizing the Pointcheval-Sanders (PS) assumption. Although our generalized PS (GPS) assumption is interactive, we prove that, under the symmetric discrete logarithm (SDL) assumption, the new GPS assumption holds in the algebraic group model.

[1]  David Pointcheval,et al.  Dynamic Fully Anonymous Short Group Signatures , 2006, VIETCRYPT.

[2]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[3]  Jens Groth,et al.  Foundations of Fully Dynamic Group Signatures , 2016, Journal of Cryptology.

[4]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[5]  Jens Groth,et al.  Fully Anonymous Group Signatures without Random Oracles , 2007, IACR Cryptol. ePrint Arch..

[6]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[7]  Daniel Slamanig,et al.  Highly-Efficient Fully-Anonymous Dynamic Group Signatures , 2018, AsiaCCS.

[8]  Moti Yung,et al.  Practical "Signatures with Efficient Protocols" from Simple Assumptions , 2016, AsiaCCS.

[9]  Kazuo Ohta,et al.  On the Security of Dynamic Group Signatures: Preventing Signature Hijacking , 2012, Public Key Cryptography.

[10]  Anja Lehmann,et al.  Short Threshold Dynamic Group Signatures , 2020, IACR Cryptol. ePrint Arch..

[11]  Aggelos Kiayias,et al.  Group Signatures with Efficient Concurrent Join , 2005, EUROCRYPT.

[12]  Brent Waters,et al.  Full-Domain Subgroup Hiding and Constant-Size Group Signatures , 2007, Public Key Cryptography.

[13]  Mihir Bellare,et al.  The Knowledge-of-Exponent Assumptions and 3-Round Zero-Knowledge Protocols , 2004, CRYPTO.

[14]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[15]  Georg Fuchsbauer,et al.  A Classification of Computational Assumptions in the Algebraic Group Model , 2020, IACR Cryptol. ePrint Arch..

[16]  Jan Camenisch,et al.  Get Shorty via Group Signatures without Encryption , 2010, SCN.

[17]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[18]  Eli Ben-Sasson,et al.  Secure Sampling of Public Parameters for Succinct Zero Knowledge Proofs , 2015, 2015 IEEE Symposium on Security and Privacy.

[19]  Mehdi Tibouchi,et al.  Tightly Secure Signatures From Lossy Identification Schemes , 2015, Journal of Cryptology.

[20]  Markulf Kohlweiss,et al.  On the Non-malleability of the Fiat-Shamir Transform , 2012, INDOCRYPT.

[21]  Michel Abdalla,et al.  Practical Dynamic Group Signature with Efficient Concurrent Joins and Batch Verifications , 2020, IACR Cryptol. ePrint Arch..

[22]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.

[23]  Juan A. Garay,et al.  Strengthening Zero-Knowledge Protocols Using Signatures , 2003, Journal of Cryptology.

[24]  Jiangtao Li,et al.  Enhanced Privacy ID: A Direct Anonymous Attestation Scheme with Enhanced Revocation Capabilities , 2007, IEEE Transactions on Dependable and Secure Computing.

[25]  Christian Hanser,et al.  Structure-Preserving Signatures on Equivalence Classes and their Application to Anonymous Credentials , 2014, IACR Cryptol. ePrint Arch..

[26]  Georg Fuchsbauer,et al.  NIZKs with an Untrusted CRS: Security in the Face of Parameter Subversion , 2016, IACR Cryptol. ePrint Arch..

[27]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[28]  Eike Kiltz,et al.  The Algebraic Group Model and its Applications , 2018, IACR Cryptol. ePrint Arch..

[29]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[30]  Mihir Bellare,et al.  Foundations of Group Signatures: The Case of Dynamic Groups , 2005, CT-RSA.

[31]  Olivier Sanders,et al.  Group Signature Without Random Oracles from Randomizable Signatures , 2020, ProvSec.

[32]  Jonathan Katz,et al.  Efficient Signature Schemes with Tight Reductions to the Diffie-Hellman Problems , 2007, Journal of Cryptology.

[33]  Marc Fischlin,et al.  Adaptive proofs of knowledge in the random oracle model , 2015, IET Inf. Secur..

[34]  David Pointcheval,et al.  Short Randomizable Signatures , 2016, CT-RSA.

[35]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[36]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[37]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[38]  Jan Camenisch,et al.  One TPM to Bind Them All: Fixing TPM 2.0 for Provably Secure Anonymous Attestation , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[39]  Marc Fischlin,et al.  Communication-Efficient Non-interactive Proofs of Knowledge with Online Extractors , 2005, CRYPTO.

[40]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[41]  Jan Camenisch,et al.  Group Signatures: Better Efficiency and New Theoretical Aspects , 2004, SCN.

[42]  Jacques Stern,et al.  Security Arguments for Digital Signatures and Blind Signatures , 2015, Journal of Cryptology.

[43]  Jens Groth,et al.  Optimal Structure-Preserving Signatures in Asymmetric Bilinear Groups , 2011, CRYPTO.

[44]  Moti Yung,et al.  Short Group Signatures via Structure-Preserving Signatures: Standard Model Security from Simple Assumptions , 2015, CRYPTO.

[45]  Marc Fischlin,et al.  Signatures from Sequential-OR Proofs , 2020, IACR Cryptol. ePrint Arch..

[46]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.