Traceable Identity-Based Group Signature

Group signature is a useful cryptographic primitive, which makes every group member sign messages on behalf of a group they belong to. Namely group signature allows that group member anonymously signs any message without revealing his/her specific identity. However, group signature may make the signers abuse their signing rights if there are no measures of keeping them from abusing signing rights in the group signature schemes. So, group manager must be able to trace (or reveal) the identity of the signer by the signature when the result of the signature needs to be arbitrated, and some revoked group members must fully lose their capability of signing a message on behalf of the group they belong to. A practical model meeting the requirement is verifier-local revocation, which supports the revocation of group member. In this model, the verifiers receive the group member revocation messages from the trusted authority when the relevant signatures need to be verified. With the rapid development of identity-based cryptography, several identity-based group signature (IBGS) schemes have been proposed. Compared with group signature based on public key cryptography, IBGS can simplify key management and be used for more applications. Although some identity-based group signature schemes have been proposed, few identity-based group signature schemes are constructed in the standard model and focus on the traceability of signature. In this paper, we present a fully traceable (and verifier-local revocation) identity-based group signature (TIBGS) scheme, which has a security reduction to the computational Diffie-Hellman (CDH) assumption. Also, we give a formal security model for traceable identity-based group signature and prove that the proposed scheme has the properties of traceability and anonymity.

[1]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[2]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[3]  Paulo S. L. M. Barreto,et al.  Efficient and Provably-Secure Identity-Based Signatures and Signcryption from Bilinear Maps , 2005, ASIACRYPT.

[4]  Moti Yung,et al.  Group Signatures with Almost-for-Free Revocation , 2012, CRYPTO.

[5]  Benoît Libert,et al.  Group Signatures with Verifier-Local Revocation and Backward Unlinkability in the Standard Model , 2009, CANS.

[6]  Tsz Hon Yuen,et al.  ID-Based Ring Signature Scheme Secure in the Standard Model , 2006, IWSEC.

[7]  Kwangjo Kim,et al.  ID-Based Blind Signature and Ring Signature from Pairings , 2002, ASIACRYPT.

[8]  Tsz Hon Yuen,et al.  Secure ID-based linkable and revocable-iff-linked ring signature with constant-size construction , 2013, Theor. Comput. Sci..

[9]  Jacques Stern,et al.  Efficient Revocation in Group Signatures , 2001, Public Key Cryptography.

[10]  Pieter H. Hartel,et al.  An Identity-Based Group Signature with Membership Revocation in the Standard Model , 2010 .

[11]  Kenneth G. Paterson,et al.  Efficient Identity-Based Signatures Secure in the Standard Model , 2006, ACISP.

[12]  Harendra Singh,et al.  ID-based proxy signature scheme with message recovery , 2012, J. Syst. Softw..

[13]  Florian Hess,et al.  Efficient Identity Based Signature Schemes Based on Pairings , 2002, Selected Areas in Cryptography.

[14]  Atsuko Miyaji,et al.  An r-Hiding Revocable Group Signature Scheme: Group Signatures with the Property of Hiding the Number of Revoked Users , 2014, J. Appl. Math..

[15]  Nobuo Funabiki,et al.  Verifier-Local Revocation Group Signature Schemes with Backward Unlinkability from Bilinear Maps , 2005, ASIACRYPT.

[16]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[17]  Yi Mu,et al.  Identity-Based Proxy Signature from Pairings , 2007, ATC.

[18]  Nobuo Funabiki,et al.  Revocable Group Signature Schemes with Constant Costs for Signing and Verifying , 2009, Public Key Cryptography.

[19]  Fengtong Wen,et al.  An ID-based Proxy Signature Scheme Secure Against Proxy Key Exposure , 2011 .

[20]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[21]  Dan Boneh,et al.  Generalized Identity Based and Broadcast Encryption Schemes , 2008, ASIACRYPT.

[22]  Claudio Soriente,et al.  An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials , 2009, IACR Cryptol. ePrint Arch..

[23]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[24]  Lan Nguyen,et al.  Accumulators from Bilinear Pairings and Applications , 2005, CT-RSA.

[25]  Hovav Shacham,et al.  Group signatures with verifier-local revocation , 2004, CCS '04.

[26]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[27]  Dawn Xiaodong Song,et al.  Quasi-Efficient Revocation in Group Signatures , 2002, Financial Cryptography.

[28]  Moti Yung,et al.  Scalable Group Signatures with Revocation , 2012, EUROCRYPT.

[29]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[30]  Jung Hee Cheon,et al.  An Identity-Based Signature from Gap Diffie-Hellman Groups , 2003, Public Key Cryptography.

[31]  Dongdai Lin,et al.  Shorter Verifier-Local Revocation Group Signatures from Bilinear Maps , 2006, CANS.