An Identity-Based Group Signature with Membership Revocation in the Standard Model

Group signatures allow group members to sign an arbitrary number of messages on behalf of the group without revealing their identity. Under certain circumstances the group manager holding a tracing key can reveal the identity of the signer from the signature. Practical group signature schemes should support membership revocation where the revoked member loses the capability to sign a message on behalf of the group without influencing the other non-revoked members. A model known as \emph{verifier-local revocation} supports membership revocation. In this model the trusted revocation authority sends revocation messages to the verifiers and there is no need for the trusted revocation authority to contact non-revoked members to update their secret keys. Previous constructions of verifier-local revocation group signature schemes either have a security proof in the random oracle model or are non-identity based. A security proof in the random oracle model is only a heuristic proof and non-identity-based group signature suffer from standard Public Key Infrastructure (PKI) problems, i.e. the group public key is not derived from the group identity and therefore has to be certified. In this work we construct the first verifier-local revocation group signature scheme which is identity-based and which has a security proof in the standard model. In particular, we give a formal security model for the proposed scheme and prove that the scheme has the property of selfless-anonymity under the decision Linear (DLIN) assumption and it is fully-traceable under the Computation Diffie-Hellman (CDH) assumption. The proposed scheme is based on prime order bilinear groups.

[1]  Jan Camenisch,et al.  Group Signatures: Better Efficiency and New Theoretical Aspects , 2004, SCN.

[2]  Peter Gutmann,et al.  PKI: It's Not Dead, Just Resting , 2002, Computer.

[3]  Jan Camenisch,et al.  Efficient and Generalized Group Signatures , 1997, EUROCRYPT.

[4]  Nobuo Funabiki,et al.  Verifier-Local Revocation Group Signature Schemes with Backward Unlinkability from Bilinear Maps , 2005, ASIACRYPT.

[5]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[6]  Aggelos Kiayias,et al.  Group Signatures with Efficient Concurrent Join , 2005, EUROCRYPT.

[7]  Dawn Xiaodong Song,et al.  Practical forward secure group signature schemes , 2001, CCS '01.

[8]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[9]  Dawn Song,et al.  Quasi-Efficient Revocation of Group Signatures , 2003 .

[10]  Hovav Shacham,et al.  Group signatures with verifier-local revocation , 2004, CCS '04.

[11]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[12]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[13]  Marc Fischlin,et al.  Unlinkability of Sanitizable Signatures , 2010, Public Key Cryptography.

[14]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[15]  Brent Waters,et al.  Compact Group Signatures Without Random Oracles , 2006, EUROCRYPT.

[16]  Jens Groth,et al.  Fully Anonymous Group Signatures without Random Oracles , 2007, IACR Cryptol. ePrint Arch..

[17]  Brent Waters,et al.  Full-Domain Subgroup Hiding and Constant-Size Group Signatures , 2007, Public Key Cryptography.

[18]  Bogdan Warinschi,et al.  Identity Based Group Signatures from Hierarchical Identity-Based Encryption , 2009, Pairing.

[19]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[20]  Benoît Libert,et al.  Group Signatures with Verifier-Local Revocation and Backward Unlinkability in the Standard Model , 2009, CANS.

[21]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[22]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[23]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.