Collusion Resistant Revocable Ring Signatures and Group Signatures from Hard Homogeneous Spaces

Both ring signatures and group signatures are useful privacy tools, allowing signers to hide their identities within a set of other public keys, while allowing their signatures to be validated with respect to the entire set. Group signature schemes and revocable ring signature schemes both provide the additional ability for certain authorized members to revoke the anonymity on a signature and reveal the true signer—allowing management of abuse in the scheme. This work consists of two parts. Firstly, we introduce a stronger security notion—collusion resistance—for revocable ring signatures and show how to derive a group signature scheme from it, which provides a new approach to obtaining group signatures. This improves on the existing weak security model (e.g. with selfless anonymity) which fails to guarantee anonymity of members whose keys are exposed. Our stronger notion requires that the scheme remains secure against full key exposure in the anonymity game, and allows collusion among arbitrary members in the revocability game. Secondly (and more concretely), we construct a practical collusion-resistant revocable ring signature scheme based on hard homogenous spaces (HHS), and thus obtain a group signature scheme based on isogenies. To the best of our knowledge, the schemes given in this work are the first efficient post-quantum (collusion-resistant) revocable ring signature scheme, and the first efficient isogeny-based group signature scheme in the literature.

[1]  Luca De Feo,et al.  SQISign: compact post-quantum signatures from quaternions and isogenies , 2020, IACR Cryptol. ePrint Arch..

[2]  Tsz Hon Yuen,et al.  Ring signatures without random oracles , 2006, ASIACCS '06.

[3]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[4]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[5]  Huaxiong Wang,et al.  Lattice-based Group Signature Scheme with Verifier-local Revocation , 2014, IACR Cryptol. ePrint Arch..

[6]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[7]  Jonathan Katz,et al.  A Group Signature Scheme from Lattice Assumptions , 2010, IACR Cryptol. ePrint Arch..

[8]  Amit Sahai,et al.  Pseudonym Systems , 1999, Selected Areas in Cryptography.

[9]  Silvio Micali,et al.  Improving the exact security of digital signature schemes , 2001, Journal of Cryptology.

[10]  Anton Stolbunov,et al.  Reductionist Security Arguments for Public-Key Cryptographic Schemes Based on Group Action , 2009 .

[11]  Koutarou Suzuki,et al.  Traceable Ring Signature , 2007, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[12]  Masayuki Abe,et al.  1-out-of-n Signatures from a Variety of Keys , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[13]  Tanja Lange,et al.  Group Signatures and Accountable Ring Signatures from Isogeny-based Assumptions , 2021, IACR Cryptol. ePrint Arch..

[14]  Steven D. Galbraith,et al.  Compact, Efficient and UC-Secure Isogeny-Based Oblivious Transfer , 2020, IACR Cryptol. ePrint Arch..

[15]  Sikhar Patranabis,et al.  Cryptographic Group Actions and Applications , 2020, IACR Cryptol. ePrint Arch..

[16]  Greg Kuperberg A Subexponential-Time Quantum Algorithm for the Dihedral Hidden Subgroup Problem , 2005, SIAM J. Comput..

[17]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[18]  Damien Stehlé,et al.  Lattice-Based Group Signatures with Logarithmic Signature Size , 2013, ASIACRYPT.

[19]  Tanja Lange,et al.  CSIDH: An Efficient Post-Quantum Commutative Group Action , 2018, IACR Cryptol. ePrint Arch..

[20]  Souradyuti Paul,et al.  A New Constant-Size Accountable Ring Signature Scheme Without Random Oracles , 2017, Inscrypt.

[21]  Shouhuai Xu,et al.  Accountable Ring Signatures: A Smart Card Approach , 2004, CARDIS.

[22]  Eiichiro Fujisaki Sub-linear Size Traceable Ring Signatures without Random Oracles , 2011, CT-RSA.

[23]  Steven D. Galbraith,et al.  SeaSign: Compact isogeny signatures from class group actions , 2019, IACR Cryptol. ePrint Arch..

[24]  Zhenfeng Zhang,et al.  Simpler Efficient Group Signatures from Lattices , 2015, Public Key Cryptography.

[25]  Pierre-Louis Cayrel,et al.  A Lattice-Based Threshold Ring Signature Scheme , 2010, LATINCRYPT.

[26]  Shuichi Katsumata,et al.  Calamari and Falafl: Logarithmic (Linkable) Ring Signatures from Isogenies and Lattices , 2020, IACR Cryptol. ePrint Arch..

[27]  Jens Groth,et al.  Foundations of Fully Dynamic Group Signatures , 2016, Journal of Cryptology.

[28]  Rafael Misoczki,et al.  G-Merkle: A Hash-Based Group Signature Scheme From Standard Assumptions , 2018, IACR Cryptol. ePrint Arch..

[29]  Vadim Lyubashevsky,et al.  Lattice-Based Group Signatures and Zero-Knowledge Proofs of Automorphism Stability , 2018, IACR Cryptol. ePrint Arch..

[30]  Frederik Vercauteren,et al.  CSI-FiSh: Efficient Isogeny based Signatures through Class Group Computations , 2019, IACR Cryptol. ePrint Arch..

[31]  Serge Fehr,et al.  Security of the Fiat-Shamir Transformation in the Quantum Random-Oracle Model , 2019, IACR Cryptol. ePrint Arch..

[32]  Gilles Brassard,et al.  Quantum cryptanalysis of hash and claw-free functions , 1997, SIGA.

[33]  Shuichi Katsumata,et al.  Group Signatures without NIZK: From Lattices in the Standard Model , 2019, IACR Cryptol. ePrint Arch..

[34]  Mihir Bellare,et al.  Foundations of Group Signatures: The Case of Dynamic Groups , 2005, CT-RSA.

[35]  Claus Fieker,et al.  Fast heuristic algorithms for computing relations in the class group of a quadratic order, with applications to isogeny evaluation , 2016 .

[36]  Jonathan Katz,et al.  Improved Non-Interactive Zero Knowledge with Applications to Post-Quantum Signatures , 2018, IACR Cryptol. ePrint Arch..

[37]  Jens Groth,et al.  Short Accountable Ring Signatures Based on DDH , 2015, ESORICS.

[38]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[39]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[40]  Yi Mu,et al.  Revocable Ring Signature , 2007, Journal of Computer Science and Technology.

[41]  Joseph K. Liu,et al.  Linkable Spontaneous Anonymous Group Signature for Ad Hoc Groups (Extended Abstract) , 2004, ACISP.

[42]  Mihir Bellare,et al.  Multi-signatures in the plain public-Key model and a general forking lemma , 2006, CCS '06.

[43]  Aggelos Kiayias,et al.  Group Signatures with Efficient Concurrent Join , 2005, EUROCRYPT.

[44]  Shuichi Katsumata,et al.  Group signatures and more from isogenies and lattices: generic, simple, and efficient , 2023, Designs, Codes and Cryptography.

[45]  Chris Peikert,et al.  He Gives C-Sieves on the CSIDH , 2020, IACR Cryptol. ePrint Arch..

[46]  Ron Steinfeld,et al.  Revocable and Linkable Ring Signature , 2019, Inscrypt.

[47]  Huaxiong Wang,et al.  Provably Secure Group Signature Schemes From Code-Based Assumptions , 2015, IEEE Transactions on Information Theory.

[48]  Alexander Rostovtsev,et al.  Public-Key Cryptosystem Based on Isogenies , 2006, IACR Cryptol. ePrint Arch..

[49]  Huaxiong Wang,et al.  Group Signatures from Lattices: Simpler, Tighter, Shorter, Ring-Based , 2015, Public Key Cryptography.

[50]  David Jao,et al.  Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies , 2011, J. Math. Cryptol..

[51]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[52]  Luca De Feo,et al.  Threshold Schemes from Isogeny Assumptions , 2020, IACR Cryptol. ePrint Arch..

[53]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[54]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[55]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.