Group Signature with Constant Revocation Costs for Signers and Verifiers

Membership revocation, being an important property for applications of group signatures, represents a bottleneck in today's schemes. Most revocation methods require linear amount of work to be performed by unrevoked signers or verifiers, who usually have to obtain fresh update information (sometimes of linear size) published by the group manager. We overcome these disadvantages by proposing a novel group signature scheme, where computation costs for unrevoked signers and potential verifiers remain constant, and so is the length of the update information that must be fetched by these parties from the data published by the group manager. We achieve this complexity by increasing the amount of work at the group manager's side, which growths quadratic with the total number of members. This increase is acceptable since algorithms of the group manager are typically executed on resourceful devices. Our scheme uses a slightly modified version of the pairing-based dynamic accumulator, introduced by Camenisch, Kohlweiss, and Soriente (PKC 2009), which we implicitly combine with the short (non-revocable) group signature scheme by Boneh, Boyen, and Shacham (CRYPTO 2004). We prove that our revocable scheme satisfies the desired security properties of anonymity, traceability, and non-frameability in the random oracle model, although for better efficiency we resort to a somewhat stronger hardness assumption.

[1]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[2]  A. Maximov,et al.  Fast computation of large distributions and its cryptographic applications , 2005 .

[3]  Gene Tsudik,et al.  Some Open Issues and New Directions in Group Signatures , 1999, Financial Cryptography.

[4]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[5]  Nobuo Funabiki,et al.  Verifier-Local Revocation Group Signature Schemes with Backward Unlinkability from Bilinear Maps , 2005, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[6]  Claudio Soriente,et al.  An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials , 2009, IACR Cryptol. ePrint Arch..

[7]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[8]  Dongdai Lin,et al.  A Shorter Group Signature with Verifier-Location Revocation and Backward Unlinkability , 2006, IACR Cryptol. ePrint Arch..

[9]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[10]  Shouhuai Xu,et al.  Accumulating Composites and Improved Group Signing , 2003, ASIACRYPT.

[11]  Masakatsu Nishigaki,et al.  Advances in Information and Computer Security - 6th International Workshop, IWSEC 2011, Tokyo, Japan, November 8-10, 2011. Proceedings , 2011, IWSEC.

[12]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[13]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[14]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[15]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[16]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[17]  Dongdai Lin,et al.  Shorter Verifier-Local Revocation Group Signatures from Bilinear Maps , 2006, CANS.

[18]  Dawn Song,et al.  Quasi-Efficient Revocation of Group Signatures , 2003 .

[19]  Chi Sung Laih,et al.  Advances in Cryptology - ASIACRYPT 2003 , 2003 .

[20]  Jacques Stern,et al.  Efficient Revocation in Group Signatures , 2001, Public Key Cryptography.

[21]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[22]  Alfred Menezes,et al.  Topics in Cryptology – CT-RSA 2005 , 2005 .

[23]  Stanislaw Jarecki,et al.  Public Key Cryptography – PKC 2009 , 2009, Lecture Notes in Computer Science.

[24]  Mark Manulis,et al.  Cryptology and Network Security , 2012, Lecture Notes in Computer Science.

[25]  Zhou Sujing,et al.  A Shorter Group Signature with Verifier-Location Revocation and Backward Unlinkability. , 2004 .

[26]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[27]  Donald W. Davies,et al.  Advances in Cryptology — EUROCRYPT ’91 , 2001, Lecture Notes in Computer Science.

[28]  Walter Fumy,et al.  Advances in Cryptology — EUROCRYPT ’97 , 2001, Lecture Notes in Computer Science.

[29]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[30]  Toru Nakanishi,et al.  A Group Signature Scheme with Efficient Membership Revocation for Reasonable Groups , 2004, ACISP.

[31]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[32]  Nobuo Funabiki,et al.  Efficient Revocable Group Signature Schemes Using Primes , 2008, J. Inf. Process..

[33]  Nobuo Funabiki,et al.  Group Signature Schemes with Membership Revocation for Large Groups , 2005, ACISP.

[34]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[35]  Nobuo Funabiki,et al.  A Short Verifier-Local Revocation Group Signature Scheme with Backward Unlinkability , 2006, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[36]  Benoît Libert,et al.  Group Signatures with Verifier-Local Revocation and Backward Unlinkability in the Standard Model , 2009, CANS.

[37]  Ernest F. Brickell,et al.  Advances in Cryptology — CRYPTO’ 92 , 2001, Lecture Notes in Computer Science.

[38]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[39]  Nobuo Funabiki,et al.  Revocable Group Signature Schemes with Constant Costs for Signing and Verifying , 2009, Public Key Cryptography.

[40]  Eli Biham,et al.  Differential Cryptanalysis of the Full 16-Round DES , 1992, Annual International Cryptology Conference.

[41]  Jan Camenisch,et al.  Group Signatures: Better Efficiency and New Theoretical Aspects , 2004, SCN.

[42]  Duncan S. Wong,et al.  Efficient Group Signature with Forward Secure Revocation , 2009, FGIT-SecTech.

[43]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[44]  Dan Boneh,et al.  Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups , 2008, Journal of Cryptology.

[45]  Hovav Shacham,et al.  Group signatures with verifier-local revocation , 2004, CCS '04.

[46]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[47]  Mihir Bellare,et al.  Foundations of Group Signatures: The Case of Dynamic Groups , 2005, CT-RSA.

[48]  Ueli Maurer,et al.  Advances in Cryptology — EUROCRYPT ’96 , 2001, Lecture Notes in Computer Science.

[49]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.