Simpler Efficient Group Signatures from Lattices

A group signature allows a group member to anonymously sign messages on behalf of the group. In the past few years, new group signatures based on lattice problems have appeared: the most efficient lattice-based constructions are due to Laguillaumie et al. (Asiacrypt ’13) and Langlois et al. (PKC ’14). Both have at least \(O(n^2\log ^2 n \log N)\)-bit group public key and \(O(n\log ^3 n\log N)\)-bit signature, where \(n\) is the security parameter and \(N\) is the maximum number of group members. In this paper, we present a simpler lattice-based group signature, which is more efficient by a \(O(\log N)\) factor in both the group public key and the signature size. We achieve this by using a new non-interactive zero-knowledge (NIZK) proof corresponding to a simple identity-encoding function. The security of our group signature can be reduced to the hardness of SIS and LWE in the random oracle model.

[1]  Brent Waters,et al.  Compact Group Signatures Without Random Oracles , 2006, EUROCRYPT.

[2]  Jacques Stern,et al.  Efficient Revocation in Group Signatures , 2001, Public Key Cryptography.

[3]  Wei-Cheng Lin Sign , 2011 .

[4]  Dan Boneh,et al.  Attribute-Based Encryption for Arithmetic Circuits , 2013, IACR Cryptol. ePrint Arch..

[5]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[6]  Mihir Bellare,et al.  Multi-signatures in the plain public-Key model and a general forking lemma , 2006, CCS '06.

[7]  Damien Stehlé,et al.  Lattice-Based Group Signatures with Logarithmic Signature Size , 2013, ASIACRYPT.

[8]  Chris Peikert,et al.  Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices , 2006, TCC.

[9]  Dan Boneh,et al.  Efficient Lattice (H)IBE in the Standard Model , 2010, EUROCRYPT.

[10]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[11]  Chris Peikert,et al.  Public-key cryptosystems from the worst-case shortest vector problem: extended abstract , 2009, STOC '09.

[12]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[13]  Craig Gentry,et al.  Fully Homomorphic Encryption without Bootstrapping , 2011, IACR Cryptol. ePrint Arch..

[14]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[15]  Vinod Vaikuntanathan,et al.  Functional Encryption for Inner Product Predicates from Learning with Errors , 2011, IACR Cryptol. ePrint Arch..

[16]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[17]  Dan Boneh,et al.  Lattice Basis Delegation in Fixed Dimension and Shorter-Ciphertext Hierarchical IBE , 2010, CRYPTO.

[18]  Jiangtao Li,et al.  Flexible and scalable digital signatures in TPM 2.0 , 2013, CCS.

[19]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, Journal of Cryptology.

[20]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[21]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[22]  Dawn Song,et al.  Quasi-Efficient Revocation of Group Signatures , 2003 .

[23]  Jan Camenisch,et al.  Better Zero-Knowledge Proofs for Lattice Encryption and Their Application to Group Signatures , 2014, ASIACRYPT.

[24]  Jonathan Katz,et al.  A Group Signature Scheme from Lattice Assumptions , 2010, IACR Cryptol. ePrint Arch..

[25]  Damien Stehlé,et al.  Improved Zero-Knowledge Proofs of Knowledge for the ISIS Problem, and Applications , 2013, Public Key Cryptography.

[26]  W. Marsden I and J , 2012 .

[27]  Miklós Ajtai,et al.  Generating hard instances of lattice problems (extended abstract) , 1996, STOC '96.

[28]  Jan Camenisch,et al.  Fully Anonymous Attribute Tokens from Lattices , 2012, SCN.

[29]  Daniele Micciancio,et al.  Pseudorandom Knapsacks and the Sample Complexity of LWE Search-to-Decision Reductions , 2011, CRYPTO.

[30]  Vinod Vaikuntanathan,et al.  Lattice-based FHE as secure as PKE , 2014, IACR Cryptol. ePrint Arch..

[31]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2009, JACM.

[32]  Huaxiong Wang,et al.  Group Signatures from Lattices: Simpler, Tighter, Shorter, Ring-Based , 2015, Public Key Cryptography.

[33]  Dawn Xiaodong Song,et al.  Quasi-Efficient Revocation in Group Signatures , 2002, Financial Cryptography.

[34]  Moti Yung,et al.  Scalable Group Signatures with Revocation , 2012, EUROCRYPT.

[35]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[36]  Hovav Shacham,et al.  Group signatures with verifier-local revocation , 2004, CCS '04.

[37]  Craig Gentry,et al.  (Leveled) fully homomorphic encryption without bootstrapping , 2012, ITCS '12.

[38]  David Cash,et al.  Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems , 2009, CRYPTO.

[39]  Jacques Stern,et al.  A new paradigm for public key identification , 1996, IEEE Trans. Inf. Theory.

[40]  Brent Waters,et al.  Full-Domain Subgroup Hiding and Constant-Size Group Signatures , 2007, Public Key Cryptography.

[41]  Vadim Lyubashevsky,et al.  Lattice-Based Identification Schemes Secure Under Active Attacks , 2008, Public Key Cryptography.

[42]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[43]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[44]  Miklós Ajtai,et al.  Generating Hard Instances of the Short Basis Problem , 1999, ICALP.

[45]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[46]  Craig Gentry,et al.  How to Compress (Reusable) Garbled Circuits , 2013, IACR Cryptol. ePrint Arch..

[47]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[48]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[49]  Moti Yung,et al.  Group Signatures with Almost-for-Free Revocation , 2012, CRYPTO.

[50]  Chris Peikert,et al.  Generating Shorter Bases for Hard Random Lattices , 2009, Theory of Computing Systems.

[51]  Vadim Lyubashevsky,et al.  Lattice Signatures Without Trapdoors , 2012, IACR Cryptol. ePrint Arch..

[52]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[53]  Daniele Micciancio,et al.  Statistical Zero-Knowledge Proofs with Efficient Provers: Lattice Problems and More , 2003, CRYPTO.

[54]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[55]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[56]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures and Commitments to Group Elements , 2010, Journal of Cryptology.

[57]  Xavier Boyen,et al.  Lattice Mixing and Vanishing Trapdoors A Framework for Fully Secure Short Signatures and more , 2010 .

[58]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[59]  Jens Groth,et al.  Fully Anonymous Group Signatures without Random Oracles , 2007, IACR Cryptol. ePrint Arch..