Skipping the q in Group Signatures

The notion of group signatures was introduced to allow group members to sign anonymously on behalf of a group. A group manager allows a user to join a group, and another will be able to open a signature to revoke its anonymity. Several schemes have already been proposed to fulfil these properties, however very few of them are proven in the standard model. Of those proven in the standard model, most schemes rely on a so-called q-assumptions. The underlying idea of a q-assumptions is that to prove the security of the scheme, we are given a challenge long enough to allow the simulator to answer queries. Another common solution is to rely on an interactive hypothesis. We provide one of the first schemes proven in the standard model, requiring a constant-size non-interactive hypothesis. We then compare its efficiency to existing schemes, and show that this trade-off is acceptable as most schemes with better efficiency rely on either an interactive or a q-hypothesis. The exception to this is the recent independent work Libert, Peters and Yung (CRYPTO 2015), who presented an efficient group signature scheme in the standard model relying on standard assumptions.

[1]  David Pointcheval,et al.  Traceable Signature with Stepping Capabilities , 2012, Cryptography and Security.

[2]  Chanathip Namprempre,et al.  The Power of RSA Inversion Oracles and the Security of Chaum's RSA-Based Blind Signature Scheme , 2002, Financial Cryptography.

[3]  Mihir Bellare,et al.  Foundations of Group Signatures: The Case of Dynamic Groups , 2005, CT-RSA.

[4]  Eike Kiltz,et al.  Tightly-Secure Signatures from Chameleon Hash Functions , 2015, Public Key Cryptography.

[5]  Marc Fischlin,et al.  Non-interactive and Re-usable Universally Composable String Commitments with Adaptive Security , 2011, ASIACRYPT.

[6]  Marc Fischlin,et al.  A Closer Look at PKI: Security and Efficiency , 2007, Public Key Cryptography.

[7]  Georg Fuchsbauer,et al.  Fair Blind Signatures without Random Oracles , 2010, AFRICACRYPT.

[8]  Tibor Jager,et al.  Tightly secure signatures and public-key encryption , 2012, Designs, Codes and Cryptography.

[9]  Jonathan Katz,et al.  A Group Signature Scheme from Lattice Assumptions , 2010, IACR Cryptol. ePrint Arch..

[10]  Georg Fuchsbauer,et al.  Transferable Constant-Size Fair E-Cash , 2009, IACR Cryptol. ePrint Arch..

[11]  Olivier Blazy,et al.  Group Signatures Without q-Assumptions , 2015, IACR Cryptol. ePrint Arch..

[12]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[13]  Georg Fuchsbauer,et al.  Achieving Optimal Anonymity in Transferable E-Cash with a Judge , 2011, AFRICACRYPT.

[14]  Huaxiong Wang,et al.  Constant-Size Group Signatures from Lattices , 2018, Public Key Cryptography.

[15]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[16]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[17]  Xavier Boyen,et al.  The Uber-Assumption Family , 2008, Pairing.

[18]  Olivier Blazy,et al.  A code-based group signature scheme , 2015, Designs, Codes and Cryptography.

[19]  Sébastien Canard,et al.  Divisible E-Cash Systems Can Be Truly Anonymous , 2007, EUROCRYPT.

[20]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[21]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[22]  Kazuo Ohta,et al.  Shortening the Libert-Peters-Yung Revocable Group Signature Scheme by Using the Random Oracle Methodology , 2019, IACR Cryptol. ePrint Arch..

[23]  Benoît Libert,et al.  Group Signatures with Verifier-Local Revocation and Backward Unlinkability in the Standard Model , 2009, CANS.

[24]  Daniel Slamanig,et al.  Highly-Efficient Fully-Anonymous Dynamic Group Signatures , 2018, AsiaCCS.

[25]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[26]  David Pointcheval,et al.  Dynamic Fully Anonymous Short Group Signatures , 2006, VIETCRYPT.

[27]  Georg Fuchsbauer,et al.  Efficient Signatures of Knowledge and DAA in the Standard Model , 2013, ACNS.

[28]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[29]  Georg Fuchsbauer,et al.  Signatures on Randomizable Ciphertexts , 2011, Public Key Cryptography.

[30]  Melissa Chase,et al.  Déjà Q All Over Again: Tighter and Broader Reductions of q-Type Assumptions , 2016, ASIACRYPT.

[31]  Brent Waters,et al.  Compact Group Signatures Without Random Oracles , 2006, EUROCRYPT.

[32]  Markulf Kohlweiss,et al.  Compact E-Cash and Simulatable VRFs Revisited , 2009, Pairing.

[33]  Hovav Shacham,et al.  Group signatures with verifier-local revocation , 2004, CCS '04.

[34]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[35]  Jens Groth,et al.  Fully Anonymous Group Signatures without Random Oracles , 2007, IACR Cryptol. ePrint Arch..

[36]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[37]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[38]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[39]  Jens Groth,et al.  Foundations of Fully Dynamic Group Signatures , 2016, Journal of Cryptology.

[40]  Huaxiong Wang,et al.  Lattice-Based Group Signatures: Achieving Full Dynamicity with Ease , 2017, ACNS.

[41]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[42]  Melissa Chase,et al.  Deja Q: Using Dual Systems to Revisit q-Type Assumptions , 2014, IACR Cryptol. ePrint Arch..

[43]  Marc Fischlin,et al.  Round-Optimal Composable Blind Signatures in the Common Reference String Model , 2006, CRYPTO.

[44]  Emmanuel Bresson,et al.  Separation Results on the "One-More" Computational Problems , 2008, CT-RSA.

[45]  Moti Yung,et al.  Short Group Signatures via Structure-Preserving Signatures: Standard Model Security from Simple Assumptions , 2015, CRYPTO.

[46]  Dawn Xiaodong Song,et al.  Quasi-Efficient Revocation in Group Signatures , 2002, Financial Cryptography.

[47]  Aggelos Kiayias,et al.  Secure scalable group signature with dynamic joins and separable authorities , 2006, Int. J. Secur. Networks.

[48]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures and Commitments to Group Elements , 2010, Journal of Cryptology.

[49]  Georg Fuchsbauer,et al.  Batch Groth-Sahai , 2010, ACNS.

[50]  Huaxiong Wang,et al.  Adaptive Oblivious Transfer with Access Control from Lattice Assumptions , 2017, ASIACRYPT.

[51]  Léo Ducas,et al.  Anonymity from Asymmetry: New Constructions for Anonymous HIBE , 2010, CT-RSA.

[52]  Olivier Sanders,et al.  Short Group Signature in the Standard Model , 2018, IACR Cryptol. ePrint Arch..

[53]  Shuichi Katsumata,et al.  Group Signatures without NIZK: From Lattices in the Standard Model , 2019, IACR Cryptol. ePrint Arch..

[54]  Vadim Lyubashevsky,et al.  Lattice-Based Group Signatures and Zero-Knowledge Proofs of Automorphism Stability , 2018, IACR Cryptol. ePrint Arch..

[55]  Anja Lehmann,et al.  Group Signatures with Selective Linkability , 2019, IACR Cryptol. ePrint Arch..

[56]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.