A scalable post-quantum hash-based group signature

We present a construction for hash-based one-time group signature schemes, and develop a traceable post-quantum multi-time group signature upon it. A group signature scheme allows group members to anonymously sign a message on behalf of the whole group. The signatures are unforgeable and the scheme enables authorized openers to trace the signature back to the original signer when needed. Our construction utilizes three nested layers to build the group signature scheme. The first layer is key management; it deploys a transversal design to assign keys to the group members and the openers, providing the construction with traceability. The second layer utilizes hash pools to build the group public verification key, to connect group members together, and to provide anonymity. The final layer is a post-quantum hash-based signature scheme, that adds unforgeability to our construction. We extend our scheme to multi-time signatures by using Merkle trees, and show that this process keeps the scalability property of Merkle-based signatures, while it supports the group members signing any number of messages.

[1]  Zhenfeng Zhang,et al.  Simpler Efficient Group Signatures from Lattices , 2015, Public Key Cryptography.

[2]  Matthieu Finiasz,et al.  How to Achieve a McEliece-Based Digital Signature Scheme , 2001, ASIACRYPT.

[3]  Xin-She Yang,et al.  Introduction to Algorithms , 2021, Nature-Inspired Optimization Algorithms.

[4]  Mihir Bellare,et al.  Foundations of Group Signatures: The Case of Dynamic Groups , 2005, CT-RSA.

[5]  Douglas R. Stinson,et al.  All or Nothing at All , 2016, Electron. J. Comb..

[6]  Johannes A. Buchmann,et al.  Merkle Signatures with Virtually Unlimited Signature Capacity , 2007, ACNS.

[7]  Brent Waters,et al.  Compact Group Signatures Without Random Oracles , 2006, EUROCRYPT.

[8]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[9]  Douglas R. Stinson,et al.  Something About All or Nothing (Transforms) , 2001, Des. Codes Cryptogr..

[10]  Douglas R. Stinson,et al.  Key predistribution for homogeneous wireless sensor networks with group deployment of nodes , 2010, TOSN.

[11]  Jonathan Katz,et al.  A Group Signature Scheme from Lattice Assumptions , 2010, IACR Cryptol. ePrint Arch..

[12]  Huaxiong Wang,et al.  Group Signatures from Lattices: Simpler, Tighter, Shorter, Ring-Based , 2015, Public Key Cryptography.

[13]  Ronald L. Rivest,et al.  All-or-Nothing Encryption and the Package Transform , 1997, FSE.

[14]  Moti Yung,et al.  Scalable Group Signatures with Revocation , 2012, EUROCRYPT.

[15]  Huaxiong Wang,et al.  Provably Secure Group Signature Schemes From Code-Based Assumptions , 2015, IEEE Transactions on Information Theory.

[16]  Sasu Tarkoma,et al.  Theory and Practice of Bloom Filters for Distributed Systems , 2012, IEEE Communications Surveys & Tutorials.

[17]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[18]  Lea Rausch,et al.  Optimal Parameters for XMSS MT , 2013, CD-ARES Workshops.

[19]  Leonid Reyzin,et al.  Better than BiBa: Short One-Time Signatures with Fast Signing and Verifying , 2002, ACISP.

[20]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[21]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[22]  Jie Cui,et al.  Linear (2, p, p)-AONTs exist for all primes p , 2019, Des. Codes Cryptogr..

[23]  Huaxiong Wang,et al.  Lattice-based Group Signature Scheme with Verifier-local Revocation , 2014, IACR Cryptol. ePrint Arch..

[24]  Moti Yung,et al.  Group Signatures with Almost-for-Free Revocation , 2012, CRYPTO.

[25]  David Chaum,et al.  Provably Unforgeable Signatures , 1992, CRYPTO.

[26]  Hovav Shacham,et al.  Group signatures with verifier-local revocation , 2004, CCS '04.

[27]  Andreas Hülsing,et al.  W-OTS+ - Shorter Signatures for Hash-Based Signature Schemes , 2013, AFRICACRYPT.

[28]  Johannes A. Buchmann,et al.  XMSS - A Practical Forward Secure Signature Scheme based on Minimal Security Assumptions , 2011, IACR Cryptol. ePrint Arch..

[29]  Eugène van Heyst,et al.  How to Make Efficient Fail-stop Signatures , 1992, EUROCRYPT.

[30]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[31]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[32]  Ian Goldberg,et al.  Some Results on the Existence of $t$ -All-or-Nothing Transforms Over Arbitrary Alphabets , 2018, IEEE Transactions on Information Theory.

[33]  Michael Schneider,et al.  Merkle Tree Traversal Revisited , 2008, PQCrypto.

[34]  Rafael Misoczki,et al.  G-Merkle: A Hash-Based Group Signature Scheme From Standard Assumptions , 2018, IACR Cryptol. ePrint Arch..

[35]  Damien Stehlé,et al.  Lattice-Based Group Signatures with Logarithmic Signature Size , 2013, ASIACRYPT.

[36]  Douglas R. Stinson,et al.  Short one-time signatures , 2011, Adv. Math. Commun..

[37]  Leslie Lamport,et al.  Constructing Digital Signatures from a One Way Function , 2016 .