Efficient traceable signatures in the standard model

Traceable signatures (TS), suggested by Kiayias, Tsiounis and Yung, extend group signatures to address various basic traceability issues beyond merely identifying the anonymous signer of a rogue signature. Namely, they enable the efficient tracing of all signatures produced by a misbehaving party without opening the identity of other parties. They also allow users to provably claim ownership of a previously signed anonymous signature. To date, known TS systems all rely on the random oracle model. In this work we present the first realization of the primitive that avoids resorting to the random oracle methodology in its security proofs. Furthermore, our realization's efficiency is comparable to that of nowadays' fastest and shortest standard model group signatures.

[1]  Hovav Shacham,et al.  Randomizable Proofs and Delegatable Anonymous Credentials , 2009, CRYPTO.

[2]  Xavier Boyen,et al.  Expressive Subgroup Signatures , 2008, SCN.

[3]  Brent Waters,et al.  Full-Domain Subgroup Hiding and Constant-Size Group Signatures , 2007, Public Key Cryptography.

[4]  Mihir Bellare,et al.  Foundations of Group Signatures: The Case of Dynamic Groups , 2005, CT-RSA.

[5]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[6]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[7]  Rafail Ostrovsky,et al.  Non-interactive Zaps and New Techniques for NIZK , 2006, CRYPTO.

[8]  Moti Yung,et al.  Short Traceable Signatures Based on Bilinear Pairings , 2006, IWSEC.

[9]  Jens Groth,et al.  Fully Anonymous Group Signatures without Random Oracles , 2007, IACR Cryptol. ePrint Arch..

[10]  David Pointcheval,et al.  Dynamic Fully Anonymous Short Group Signatures , 2006, VIETCRYPT.

[11]  Hideki Imai,et al.  An Efficient Group Signature Scheme from Bilinear Maps , 2005, ACISP.

[12]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[13]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[14]  Tal Rabin,et al.  On the Security of Joint Signature and Encryption , 2002, EUROCRYPT.

[15]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[16]  Marc Fischlin,et al.  A Closer Look at PKI: Security and Efficiency , 2007, Public Key Cryptography.

[17]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[18]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[19]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[20]  Brent Waters,et al.  Compact Group Signatures Without Random Oracles , 2006, EUROCRYPT.

[21]  Moti Yung,et al.  Fair Traceable Multi-Group Signatures , 2008, Financial Cryptography.

[22]  Alexander W. Dent,et al.  The Hardness of the DHK Problem in the Generic Group Model , 2006, IACR Cryptol. ePrint Arch..

[23]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[24]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[25]  Reihaneh Safavi-Naini,et al.  Efficient and Provably Secure Trapdoor-Free Group Signature Schemes from Bilinear Pairings , 2004, ASIACRYPT.

[26]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[27]  Rafail Ostrovsky,et al.  Perfect Non-Interactive Zero Knowledge for NP , 2006, IACR Cryptol. ePrint Arch..

[28]  Rafail Ostrovsky,et al.  Sequential Aggregate Signatures and Multisignatures Without Random Oracles , 2006, EUROCRYPT.

[29]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[30]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[31]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[32]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[33]  Jan Camenisch,et al.  Practical Group Signatures without Random Oracles , 2005, IACR Cryptol. ePrint Arch..

[34]  Moti Yung,et al.  Efficient traceable signatures in the standard model , 2011, Theor. Comput. Sci..

[35]  Aggelos Kiayias,et al.  Efficient Secure Group Signatures with Dynamic Joins and Keeping Anonymity Against Group Managers , 2005, Mycrypt.

[36]  Hovav Shacham,et al.  Group signatures with verifier-local revocation , 2004, CCS '04.

[37]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[38]  Markulf Kohlweiss,et al.  P-signatures and Noninteractive Anonymous Credentials , 2008, TCC.

[39]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[40]  Stephen R. Tate,et al.  Traceable Signature: Better Efficiency and Beyond , 2006, ICCSA.

[41]  Eike Kiltz,et al.  Programmable Hash Functions and Their Applications , 2008, Journal of Cryptology.

[42]  Sherman S. M. Chow Real Traceable Signatures , 2009, Selected Areas in Cryptography.

[43]  Jan Camenisch,et al.  Efficient Blind Signatures Without Random Oracles , 2004, SCN.

[44]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[45]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.

[46]  Serge Fehr,et al.  Perfect NIZK with Adaptive Soundness , 2007, TCC.

[47]  Georg Fuchsbauer,et al.  Batch Groth-Sahai , 2010, ACNS.