On the Theoretical Gap between Group Signatures with and without Unlinkability

We investigate a theoretical gap between unlinkability of group signature schemes and their other requirements, and show that this gap is significantly large. Specifically, we clarify that if unlinkability is achieved from any other property of group signature schemes, then it becomes possible to construct a chosen-ciphertext secure cryptosystem from any one-way function . This result implies that it would be possible to drastically improve efficiency of group signature schemes if unlinkability is not taken into account. We also demonstrate to construct a significantly more efficient scheme (without unlinkability) than the best known full-fledged scheme.

[1]  Steven Myers,et al.  Towards a Separation of Semantic and CCA Security for Public Key Encryption , 2007, TCC.

[2]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[3]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[4]  Mihir Bellare,et al.  Foundations of Group Signatures: The Case of Dynamic Groups , 2005, CT-RSA.

[5]  Ueli Maurer,et al.  A Non-interactive Public-Key Distribution System , 1996, Des. Codes Cryptogr..

[6]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[7]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[8]  Kefei Chen,et al.  Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3-7, 2006, Proceedings , 2006, ASIACRYPT.

[9]  Hideki Imai,et al.  An Efficient Group Signature Scheme from Bilinear Maps , 2005, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[10]  Holger Petersen,et al.  How to Convert any Digital Signature Scheme into a Group Signature Scheme , 1997, Security Protocols Workshop.

[11]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[12]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[13]  Reihaneh Safavi-Naini,et al.  Efficient and Provably Secure Trapdoor-Free Group Signature Schemes from Bilinear Pairings , 2004, ASIACRYPT.

[14]  Pil Joong Lee,et al.  Advances in Cryptology — ASIACRYPT 2001 , 2001, Lecture Notes in Computer Science.

[15]  Donald W. Davies,et al.  Advances in Cryptology — EUROCRYPT ’91 , 2001, Lecture Notes in Computer Science.

[16]  Joan Feigenbaum,et al.  Advances in Cryptology-Crypto 91 , 1992 .

[17]  Chanathip Namprempre,et al.  Security Proofs for Identity-Based Identification and Signature Schemes , 2004, EUROCRYPT.

[18]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[19]  Joseph K. Liu,et al.  Linkable Spontaneous Anonymous Group Signature for Ad Hoc Groups (Extended Abstract) , 2004, ACISP.

[20]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[21]  Alfred Menezes,et al.  Topics in Cryptology – CT-RSA 2005 , 2005 .

[22]  Nicholas Pippenger,et al.  On the evaluation of powers and related problems , 1976, 17th Annual Symposium on Foundations of Computer Science (sfcs 1976).

[23]  Luca Trevisan,et al.  Notions of Reducibility between Cryptographic Primitives , 2004, TCC.

[24]  Constantin Popescu AN EFFICIENT ID-BASED GROUP SIGNATURE SCHEME , 2002 .

[25]  Ueli Maurer,et al.  Non-interactive Public-Key Cryptography , 1991, EUROCRYPT.

[26]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[27]  Ahmad-Reza Sadeghi,et al.  Linkable Democratic Group Signatures , 2006, IACR Cryptol. ePrint Arch..

[28]  Bogdan Warinschi,et al.  On the Minimal Assumptions of Group Signature Schemes , 2004, ICICS.

[29]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[30]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[31]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[32]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[33]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[34]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[35]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[36]  Yuliang Zheng,et al.  Advances in Cryptology — ASIACRYPT 2002 , 2002, Lecture Notes in Computer Science.

[37]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[38]  Javier Herranz,et al.  On the Generic Construction of Identity-Based Signatures with Additional Properties , 2006, ASIACRYPT.

[39]  Xiaohui Liang,et al.  Short Group Signature Without Random Oracles , 2007, ICICS.

[40]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[41]  Kenneth G. Paterson,et al.  Efficient Identity-Based Signatures Secure in the Standard Model , 2006, ACISP.