Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

Group signature implies public-key encryption with non-interactive opening

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

In this paper, we show that public-key encryption with non-interactive opening (PKENO) can be constructed from an arbitrary group signature (GS) scheme which is secure in the dynamic group setting and provides opening soundness. Moreover, the resulting PKENO construction is efficient if the underlying GS scheme is efficient and the message space of the PKENO scheme is restricted to short messages. Hence, our result not only shows that the existence of this type of GS implies the existence of PKENO, but also that designing a practical GS scheme is as difficult as designing a practical PKENO scheme. Our transform is constructed by carefully investigating the relationship between the functionalities of GS and that of PKENO, and developing a novel (but specific) multiple encryption technique. This multiple encryption technique plays an important role for simultaneously achieving both practical efficiency and security.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. Intuitively, opening soundness guarantees that, for a given message/signature pair \((m,\sigma )\), the group manager cannot convince a verifier that \(\sigma \) was constructed by one signer while, at the same time, being able to convince another verifier that \(\sigma \) was constructed by a different signer. We note that similar security requirements are considered for other types of signature schemes providing signer anonymity (e.g. partial signatures [5] and convertible undeniable signatures [32]), and that the generic construction of a GS scheme presented in [7] provides opening soundness. Note, however, that not all GS scheme which are secure in the model of [7] provides this property e.g. [25] does not. See Sect. 2.1 for a formal definition of opening soundness.

  2. Actually the Groth GS scheme (and its variant by Sakai et al.) adopt a different syntax from the BSZ model, thus the security definitions under which the security of the schemes are proven also need to be modified from the BSZ model (See [34] for further discussion). Fortunately these security definitions are sufficiently strong to instantiate our generic constructions with the Groth scheme.

  3. One might think that it is sufficient to output a special symbol, e.g. \(\bot \), to indicate that (some of) the signatures are untraceable. However, this is not the case. In a construction where this approach is taken, a malicious receiver will be able to claim that a ciphertext, which is actually valid, is invalid by outputting \(\bot \). Since a verifier cannot distinguish between traceable and untraceable signatures, he will not be able to detect that the claim made by the receiver is incorrect, and if \(\bot \) is accepted as a valid proof, the verifier would be convinced that the ciphertext in question is invalid when this might not the case.

  4. Notice that in this case, outputting the secret key \({ sk}\) as a proof will play a crucial role in proving the soundness of the proposed scheme. See the first paragraph of Sect. 3.2 for details.

References

  1. Abdalla, M., Warinschi, B.: On the minimal assumptions of group signature schemes. In: Proceedings of ICICS 2004, pp. 1–13. Springer, Berlin (2004)

  2. Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A practical and provably secure coalition-resistant group signature scheme. In: Proceedings of CRYPTO 2000, pp. 255–270. Springer, Berlin (2000)

  3. Ateniese, G., Tsudik, G.: Some open issues and new directions in group signatures. In: Proceedings of FC ’99, pp. 196–211. Springer, Berlin (1999)

  4. Barak, B., Mahmoody-Ghidary, M.: Lower bounds on signatures from symmetric primitives. In: Proceedings of FOCS ’07. 48th Annual IEEE Symposium on, pp. 680–688 (2007)

  5. Bellare, M., Duan, S.: Partial signatures and their applications. Cryptology ePrint Archive, Report 2009/336 (2009)

  6. Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Proceedings of EUROCRYPT 2003, pp. 614–629. Springer, Berlin (2003)

  7. Bellare, M., Shi, H., Zhang, C.: Foundations of group signatures: the case of dynamic groups. In: Proceedings of CT-RSA 2005, pp. 136–153. Springer, Berlin (2005)

  8. Bellare, M., Shoup, S.: Two-tier signatures, strongly unforgeable signatures, and Fiat-Shamir without random oracles. In: Proceedings of PKC 2007, pp. 201–216. Springer, Berlin (2007)

  9. Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Proceedings of CRYPTO 2004, pp. 41–55. Springer, Berlin (2004)

  10. Bringer, J., Chabanne, H., Pointcheval, D., Zimmer, S.: An application of the Boneh and Shacham group signature scheme to biometric authentication. In: Proceedings of IWSEC 2008, pp. 219–230. Springer, Berlin (2008)

  11. Camenisch, J., Groth, J.: Group signatures: better efficiency and new theoretical aspects. In: Proceedings of SCN 2004, pp. 120–133. Springer, Berlin (2005)

  12. Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited (preliminary version). In: Proceedings of STOC ’98, pp. 209–218. ACM, New York (1998)

  13. Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. In: Proceedings of EUROCRYPT 2004, pp. 207–222. Springer, Berlin (2004)

  14. Chaum, D., van Heyst, E.: Group signatures. In: Proceedings of EUROCRYPT ’91, pp. 257–265. Springer, Berlin (1991)

  15. Chen, L., Pedersen, T.P.: New group signature schemes (extended abstract). In: Proceedings of EUROCRYPT ’94, pp. 171–181. Springer, Berlin (1994)

  16. Damgård, I., Hofheinz, D., Kiltz, E., Thorbek, R.: Public-key encryption with non-interactive opening. In: Proceedings of CT-RSA 2008, pp. 239–255. Springer, Berlin (2008)

  17. Delerablée, C., Pointcheval, D.: Dynamic fully anonymous short group signatures. In: Proceedings of VIETCRYPT 2006, pp. 193–210. Springer, Berlin (2006)

  18. Dodis, Y., Katz, J.: Chosen-ciphertext security of multiple encryption. In: Proceedings of TCC 2005, pp. 188–209. Springer, Berlin (2005)

  19. Emura, K., Hanaoka, G., Sakai, Y.: Group signature implies PKE with non-interactive opening and threshold PKE. In: Proceedings of IWSEC 2010, pp. 181–198. Springer, Berlin (2010)

  20. Furukawa, J., Imai, H.: An efficient group signature scheme from bilinear maps. IEICE Trans. 89–A(5), 1328–1338 (2006)

    Article  Google Scholar 

  21. Galindo, D., Libert, B., Fischlin, M., Fuchsbauer, G., Lehmann, A., Manulis, M., Schröder, D.: Public-key encryption with non-interactive opening: New constructions and stronger definitions. In: Proceedings of AFRICACRYPT 2010, pp. 333–350. Springer, Berlin (2010)

  22. Galindo, D.: Breaking and repairing Damgård et al. public key encryption scheme with non-interactive opening. In: Proceedings of CT-RSA 2009, pp. 389–398. Springer, Berlin (2009)

  23. Goldreich, O.: Foundations of Cryptography: Volume 1, Basic Tools. Cambridge University Press, New York (2001)

    Book  Google Scholar 

  24. Goldreich, O.: Foundations of Cryptography: Volume 2, Basic Applications. Cambridge University Press, New York (2004)

    Book  Google Scholar 

  25. Groth, J.: Fully anonymous group signatures without random oracles. In: Proceedings of ASIACRYPT 2007, pp. 164–180. Springer, Berlin (2007)

  26. Groth, J.: Simulation-sound NIZK proofs for a practical language and constant size group signatures. In: Proceedings of ASIACRYPT 2006, pp. 444–459. Springer, Berlin (2006)

  27. Isshiki, T., Mori, K., Sako, K., Teranishi, I., Yonezawa, S.: Using group signatures for identity management and its implementation. In: Proceedings of Digital Identity Management 2006, pp. 73–78. ACM, New York (2006)

  28. Lai, J., Deng, R.H., Liu, S., Kou, W.: Efficient CCA-secure PKE from identity-based techniques. In: Proceedings of CT-RSA 2010, pp. 132–147. Springer, Berlin (2010)

  29. Myers, S., Shelat, A.: Bit encryption is complete. In: Proceedings of FOCS 2009, pp. 607–616. IEEE Computer Society, Los Alamitos (2009)

  30. Nakanishi, T., Sugiyama, Y.: An efficient anonymous survey for attribute statistics using a group signature scheme with attribute tracing. IEICE Trans. 86–A(10), 2560–2568 (2003)

    Google Scholar 

  31. Ohtake, G., Fujii, A., Hanaoka, G., Ogawa, K.: On the theoretical gap between group signatures with and without unlinkability. In: Proceedings of AFRICACRYPT 2009, pp. 149–166. Springer, Berlin (2009)

  32. Phong, L.T., Kurosawa, K., Ogata, W.: Provably secure convertible undeniable signatures with unambiguity. In: Proceedings of SCN 2010, pp. 291–308. Springer, Berlin (2010)

  33. Rompel, J.: One-way functions are necessary and sufficient for secure signatures. In: Proceedings of STOC ’90, pp. 387–394. ACM, New York (1990)

  34. Sakai, Y., Schuldt, J.C.N., Emura, K., Hanaoka, G., Ohta, K.: On the security of dynamic group signatures: preventing signature hijacking. Cryptology ePrint Archive (2012). http://eprint.iacr.org/

  35. Sakai, Y., Schuldt, J.C.N., Emura, K., Hanaoka, G., Ohta, K.: On the security of dynamic group signatures: Preventing signature hijacking. In: Proceedings of PKC 2012, pp. 715–732. Springer, Berlin (2012)

  36. Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332 (2004)

  37. Zhang, R., Hanaoka, G., Shikata, J., Imai, H.: On the security of multiple encryption or CCA-security+CCA-security=CCA-security? In: Proceedings of PKC 2004, pp. 360–374. Springer, Berlin (2004)

Download references

Author information

Authors and Affiliations

  1. Network Security Research Institute, National Institute of Information and Communications Technology, Tokyo, Japan

    Keita Emura

  2. Research Institute for Secure Systems, National Institute of Advanced Industrial Science and Technology, Tokyo, Japan

    Goichiro Hanaoka

  3. Department of Informatics, The University of Electro-Communications, Tokyo, Japan

    Yusuke Sakai

  4. Information Security Group, Royal Holloway, University of London, London, UK

    Jacob C. N. Schuldt

Authors
  1. Keita Emura
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Goichiro Hanaoka
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yusuke Sakai
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jacob C. N. Schuldt
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yusuke Sakai.

Additional information

A preliminary version of this paper appears as part of [19]. This is the full version. The construction in this paper has been rewritten to correct some mistakes which appeared in [19]. Specifically, we make use of the opening soundness property for group signatures, defined in [35], to correctly handle the proof soundness of the constructed PKENO. Part of this work was done while the first author was a postdoctoral researcher at Center for Highly Dependable Embedded Systems Technology, Japan Advanced Institute of Science and Technology, and the fourth author was a postdoctoral researcher at Research Institute for Secure Systems, National Institute of Advanced Industrial Science and Technology, Japan. The third author is supported by a JSPS Fellowship for Young Scientists.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Emura, K., Hanaoka, G., Sakai, Y. et al. Group signature implies public-key encryption with non-interactive opening. Int. J. Inf. Secur. 13, 51–62 (2014). https://doi.org/10.1007/s10207-013-0204-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-013-0204-y

Keywords

Search

Navigation