Practical Dynamic Group Signature with Efficient Concurrent Joins and Batch Verifications

Dynamic group signatures (DGS) enable a user to generate a signature on behalf of a group of users, allowing a prospective user to join via an appropriate join protocol. A natural security requirement in the dynamic setting is to permit an adversary to concurrently perform join protocol executions. To date, most of DGS schemes do not provide the efficient concurrent join protocols in their security analysis, because of the need to use knowledge extractors. Also, DGS schemes have to provide efficient batch verifications for practical applications such as Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) communication, where a large number of group signatures should be verified in a very short time. In this paper, we propose a new practical DGS scheme that supports not only efficient concurrent joins but also batch verifications. The concurrent security is proven by showing that our join protocols are simulated without any knowledge extractor in security analysis. To do this, we introduce a modified Pointcheval-Sanders (PS) problem that can guarantee efficiently checking equality of discrete logarithms. In terms of efficiency, when considering a type-3 pairing, our DGS scheme has the advantages that the signature generation and verification are faster and especially our batch verification is at least 7 times faster in case of verifying 100 signatures, compared to other comparable pairing-based DGS schemes in the literature.

[1]  Marc Fischlin,et al.  Adaptive proofs of knowledge in the random oracle model , 2015, IET Inf. Secur..

[2]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[3]  Daniel Slamanig,et al.  Highly-Efficient Fully-Anonymous Dynamic Group Signatures , 2018, AsiaCCS.

[4]  David Pointcheval,et al.  Short Randomizable Signatures , 2016, CT-RSA.

[5]  Jens Groth,et al.  Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures , 2006, ASIACRYPT.

[6]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[7]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[8]  Zhiyi Fang,et al.  Securing Vehicular Ad Hoc Networks , 2007, 2007 2nd International Conference on Pervasive Computing and Applications.

[9]  Kazuo Ohta,et al.  On the Security of Dynamic Group Signatures: Preventing Signature Hijacking , 2012, Public Key Cryptography.

[10]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[11]  Christian Hanser,et al.  Structure-Preserving Signatures on Equivalence Classes and their Application to Anonymous Credentials , 2014, IACR Cryptol. ePrint Arch..

[12]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[13]  Aggelos Kiayias,et al.  Group Signatures with Efficient Concurrent Join , 2005, EUROCRYPT.

[14]  Bogdan Warinschi,et al.  How Not to Prove Yourself: Pitfalls of the Fiat-Shamir Heuristic and Applications to Helios , 2012, ASIACRYPT.

[15]  Jan Camenisch,et al.  Get Shorty via Group Signatures without Encryption , 2010, SCN.

[16]  Bogdan Warinschi,et al.  Adaptive Proofs Have Straightline Extractors (in the Random Oracle Model) , 2017, ACNS.

[17]  David Pointcheval,et al.  Dynamic Fully Anonymous Short Group Signatures , 2006, VIETCRYPT.

[18]  Razvan Barbulescu,et al.  Updating Key Size Estimations for Pairings , 2018, Journal of Cryptology.

[19]  Marc Fischlin,et al.  Communication-Efficient Non-interactive Proofs of Knowledge with Online Extractors , 2005, CRYPTO.

[20]  Paulo S. L. M. Barreto,et al.  Pairing-Friendly Elliptic Curves of Prime Order , 2005, Selected Areas in Cryptography.

[21]  Juan A. Garay,et al.  Strengthening Zero-Knowledge Protocols Using Signatures , 2003, Journal of Cryptology.

[22]  Mihir Bellare,et al.  Foundations of Group Signatures: The Case of Dynamic Groups , 2005, CT-RSA.

[23]  Mihir Bellare,et al.  Fast Batch Verification for Modular Exponentiation and Digital Signatures , 1998, IACR Cryptol. ePrint Arch..

[24]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[25]  Amit Sahai,et al.  Pseudonym Systems , 1999, Selected Areas in Cryptography.

[26]  Jan Camenisch,et al.  Compact E-Cash , 2005, EUROCRYPT.

[27]  Jan Camenisch,et al.  One TPM to Bind Them All: Fixing TPM 2.0 for Provably Secure Anonymous Attestation , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[28]  Craig Costello,et al.  Exponentiating in Pairing Groups , 2013, IACR Cryptol. ePrint Arch..

[29]  Moti Yung,et al.  Practical "Signatures with Efficient Protocols" from Simple Assumptions , 2016, AsiaCCS.

[30]  Jan Camenisch,et al.  Group Signatures: Better Efficiency and New Theoretical Aspects , 2004, SCN.

[31]  Ricardo Neisse,et al.  Privacy-preserving attribute-based credentials in cooperative intelligent transport systems , 2017, 2017 IEEE Vehicular Networking Conference (VNC).

[32]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[33]  Jan Camenisch,et al.  Universally Composable Direct Anonymous Attestation , 2016, Public Key Cryptography.

[34]  Mihir Bellare,et al.  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2005, Journal of Cryptology.

[35]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[36]  Hovav Shacham,et al.  Group signatures with verifier-local revocation , 2004, CCS '04.

[37]  Matthew Green,et al.  Practical Short Signature Batch Verification , 2009, CT-RSA.

[38]  William Whyte,et al.  A security credential management system for V2V communications , 2013, 2013 IEEE Vehicular Networking Conference.

[39]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.