Sphinx-in-the-Head: Group Signatures from Symmetric Primitives
Article No.: 11, Pages 1 - 35
Abstract
Group signatures and their variants have been widely used in privacy-sensitive scenarios such as anonymous authentication and attestation. In this paper, we present a new post-quantum group signature scheme from symmetric primitives. Using only symmetric primitives makes the scheme less prone to unknown attacks than basing the design on newly proposed hard problems whose security is less well-understood. However, symmetric primitives do not have rich algebraic properties, and this makes it extremely challenging to design a group signature scheme on top of them. It is even more challenging if we want a group signature scheme suitable for real-world applications, one that can support large groups and require few trust assumptions. Our scheme is based on MPC-in-the-head non-interactive zero-knowledge proofs, and we specifically design a novel hash-based group credential scheme, which is rooted in the SPHINCS+ signature scheme but with various modifications to make it MPC (multi-party computation) friendly. The security of the scheme has been proved under the fully dynamic group signature model. We provide an implementation of the scheme and demonstrate the feasibility of handling a group size as large as 260. This is the first group signature scheme from symmetric primitives that supports such a large group size and meets all the security requirements.
References
[1]
Quentin Alamélou, Olivier Blazy, Stéphane Cauchie, and Philippe Gaborit. 2017. A code-based group signature scheme. Designs, Codes and Cryptography 82, 1 (2017), 469–493.
[2]
Martin Albrecht and Gregory Bard. Accessed in Oct. 2023. The M4RI Library. https://bitbucket.org/malb/m4ri
[3]
Rachid El Bansarkhani and Rafael Misoczki. 2018. G-Merkle: A hash-based group signature scheme from standard assumptions. In PQCrypto. 441–463.
[4]
Carsten Baum and Ariel Nof. 2020. Concretely-efficient zero-knowledge arguments for arithmetic circuits and their application to lattice-based cryptography. In PKC. 495–526.
[5]
Mihir Bellare, Ran Canetti, and Hugo Krawczyk. 1996. Pseudorandom functions revisited: The cascade construction and its concrete security. In Proceedings of the 37th Symposium on Foundations of Computer Science, IEEE.
[6]
Daniel J. Bernstein, Andreas Hülsing, Stefan Kölbl, Ruben Niederhagen, Joost Rijneveld, and Peter Schwabe. 2019. The SPHINCS\({}^{\mbox{+}}\) signature framework. In ACM CCS. 2129–2146.
[7]
Ward Beullens, Samuel Dobson, Shuichi Katsumata, Yi-Fu Lai, and Federico Pintore. 2022. Group signatures and more from isogenies and lattices: Generic, simple, and efficient. In EUROCRYPT, Orr Dunkelman and Stefan Dziembowski (Eds.). 95–126.
[8]
Dan Boneh, Saba Eskandarian, and Ben Fisch. 2019. Post-quantum EPID signatures from symmetric primitives. In CT-RSA. 251–271.
[9]
Dan Boneh and Hovav Shacham. 2004. Group signatures with verifier-local revocation. In ACM CCS. 168–177.
[10]
Jonathan Bootle, Andrea Cerulli, Pyrros Chaidos, Essam Ghadafi, and Jens Groth. 2020. Foundations of fully dynamic group signatures. Journal of Cryptology 33, 4 (2020), 1822–1870.
[11]
Cecilia Boschini, Jan Camenisch, and Gregory Neven. 2018. Floppy-sized group signatures from lattices. In International Conference on Applied Cryptography and Network Security. Springer, 163–182.
[12]
Cecilia Boschini, Jan Camenisch, and Gregory Neven. 2018. Relaxed lattice-based signatures with short zero-knowledge proofs. In International Conference on Information Security. Springer, 3–22.
[13]
Cecilia Boschini, Jan Camenisch, Max Ovsiankin, and Nicholas Spooner. 2020. Efficient post-quantum snarks for RSIS and RLWE and their applications to privacy. In PQCrypto, Jintai Ding and Jean-Pierre Tillich (Eds.). 247–267.
[14]
Ernie Brickell and Jiangtao Li. 2012. Enhanced privacy ID: A direct anonymous attestation scheme with enhanced revocation capabilities. IEEE Trans. Dependable Secur. Comput. 9, 3 (2012), 345–360.
[15]
Ernest F. Brickell, Jan Camenisch, and Liqun Chen. 2004. Direct anonymous attestation. In ACM CCS. 132–145.
[16]
Maxime Buser, Joseph K. Liu, Ron Steinfeld, Amin Sakzad, and Shifeng Sun. 2019. DGM: A dynamic and revocable group Merkle signature. In ESORICS. 194–214.
[17]
Jan Camenisch and Els Van Herreweghen. 2002. Design and implementation of the idemix anonymous credential system. In ACM CCS. 21–30.
[18]
Jan Camenisch and Anna Lysyanskaya. 2002. Dynamic accumulators and application to efficient revocation of anonymous credentials. In CRYPTO. 61–76.
[19]
Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, and Greg Zaverucha. 2017. Post-quantum zero-knowledge and signatures from symmetric-key primitives. In ACM CCS. 1825–1842.
[20]
David Chaum and Eugène van Heyst. 1991. Group signatures. In EUROCRYPT, Donald W. Davies (Ed.). 257–265.
[21]
Kai-Min Chung, Yao-Ching Hsieh, Mi-Ying Huang, Yu-Hsuan Huang, Tanja Lange, and Bo-Yin Yang. 2021. Group Signatures and Accountable Ring Signatures from Isogeny-based Assumptions. Cryptology ePrint Archive, Paper 2021/1368. https://eprint.iacr.org/2021/1368
[22]
Cyprien Delpech de Saint Guilhem, Emmanuela Orsini, and Titouan Tanguy. 2021. Limbo: Efficient zero-knowledge MPCitH-based arguments. In ACM CCS. 3022–3036.
[23]
Rafaël del Pino, Vadim Lyubashevsky, and Gregor Seiler. 2018. Lattice-based group signatures and zero-knowledge proofs of automorphism stability. In ACM CCS. 574–591.
[24]
Christoph Dobraunig, Daniel Kales, Christian Rechberger, Markus Schofnegger, and Greg Zaverucha. 2022. Shorter signatures based on tailor-made minimalist symmetric-key crypto. In ACM CCS. 843–857.
[25]
Muhammed F. Esgin, Raymond K. Zhao, Ron Steinfeld, Joseph K. Liu, and Dongxi Liu. 2019. MatRiCT: Efficient, scalable and post-quantum blockchain confidential transactions protocol. In ACM CCS, Lorenzo Cavallaro, Johannes Kinder, XiaoFeng Wang, and Jonathan Katz (Eds.). 567–584.
[26]
Martianus Frederic Ezerman, Hyung Tae Lee, San Ling, Khoa Nguyen, and Huaxiong Wang. 2020. Provably secure group signature schemes from code-based assumptions. IEEE Transactions on Information Theory 66, 9 (2020), 5754–5773.
[27]
Free Software Foundation, Inc.2022. GCC, the GNU Compiler Collection. https://gcc.gnu.org
[28]
Irene Giacomelli, Jesper Madsen, and Claudio Orlandi. 2016. ZKBoo: Faster zero-knowledge for Boolean circuits. In USENIX Security. 1069–1083.
[29]
Oded Goldreich. 2009. Foundations of Cryptography: Volume 2, Basic Applications. Cambridge University Press.
[30]
Xiuju Huang, Jiashuo Song, and Zichen Li. 2022. Dynamic Group Signature Scheme on Lattice with Verifier-local Revocation. Cryptology ePrint Archive, Paper 2022/022. https://eprint.iacr.org/2022/022
[31]
A. Huelsing, D. Butin, S. Gazdag, J. Rijneveld, and A. Mohaisen. 2018. XMSS: Extended Merkle Signature Scheme. RFC 8391. RFC Editor.
[32]
Intel. 2021. Intel Enhanced Privacy ID (EPID) Security Technology. https://www.intel.com/content/www/us/en/developer/articles/technical/intel-enhanced-privacy-id-epid-security-technology.html
[33]
Yuval Ishai, Eyal Kushilevitz, Rafail Ostrovsky, and Amit Sahai. 2007. Zero-knowledge from secure multiparty computation. In STOC. 21–30.
[34]
Daniel Kales and Greg Zaverucha. 2022. Efficient Lifting for Shorter Zero-Knowledge Proofs and Post-Quantum Signatures. Cryptology ePrint Archive, Paper 2022/588. https://eprint.iacr.org/2022/588
[35]
Meenakshi Kansal, Ratna Dutta, and Sourav Mukhopadhyay. 2017. Forward Secure Efficient Group Signature in Dynamic Setting using Lattices. Cryptology ePrint Archive, Paper 2017/1128. https://eprint.iacr.org/2017/1128
[36]
Shuichi Katsumata and Shota Yamada. 2019. Group signatures without NIZK: From lattices in the standard model. In EUROCRYPT. 312–344.
[37]
Jonathan Katz, Vladimir Kolesnikov, and Xiao Wang. 2018. Improved non-interactive zero knowledge with applications to post-quantum signatures. In ACM CCS. 525–537.
[38]
Aggelos Kiayias and Moti Yung. 2003. Extracting group signatures from traitor tracing schemes. In EUROCRYPT. 630–648.
[39]
Seongkwang Kim, Jincheol Ha, Mincheol Son, ByeongHak Lee, Dukjae Moon, Joohee Lee, Sangyup Lee, Jihoon Kwon, Jihoon Cho, Hyojin Yoon, and Jooyoung Lee. 2022/1387. AIM: Symmetric primitive for shorter signatures with stronger security. Cryptology ePrint Archive (2022/1387).
[40]
Fabien Laguillaumie, Adeline Langlois, Benoît Libert, and Damien Stehlé. 2013. Lattice-based group signatures with logarithmic signature size. In International Conference on the Theory and Application of Cryptology and Information Security. Springer, 41–61.
[41]
Yi-Fu Lai and Samuel Dobson. 2021. Collusion Resistant Revocable Ring Signatures and Group Signatures from Hard Homogeneous Spaces. Cryptology ePrint Archive, Paper 2021/1365. https://eprint.iacr.org/2021/1365
[42]
Leslie Lamport. 1979. Constructing digital signatures from a one-way function. Tech. Report: SRI International Computer Science Laboratory (1979).
[43]
Adeline Langlois, San Ling, Khoa Nguyen, and Huaxiong Wang. 2014. Lattice-based group signature scheme with verifier-local revocation. In International Workshop on Public Key Cryptography. Springer, 345–361.
[44]
Benoît Libert, San Ling, Fabrice Mouhartem, Khoa Nguyen, and Huaxiong Wang. 2016. Signature schemes with efficient protocols and dynamic group signatures from lattice assumptions. In International Conference on the Theory and Application of Cryptology and Information Security. Springer, 373–403.
[45]
San Ling, Khoa Nguyen, and Huaxiong Wang. 2015. Group signatures from lattices: Simpler, tighter, shorter, ring-based. In IACR International Workshop on Public Key Cryptography. Springer, 427–449.
[46]
San Ling, Khoa Nguyen, Huaxiong Wang, and Yanhong Xu. 2017. Lattice-based group signatures: Achieving full dynamicity with ease. In International Conference on Applied Cryptography and Network Security. Springer, 293–312.
[47]
San Ling, Khoa Nguyen, Huaxiong Wang, and Yanhong Xu. 2018. Constant-size group signatures from lattices. In IACR International Workshop on Public Key Cryptography. Springer, 58–88.
[48]
Vadim Lyubashevsky, Ngoc Khanh Nguyen, Maxime Plançon, and Gregor Seiler. 2021. Shorter lattice-based group signatures via “almost free” encryption and other optimizations. In ASIACRYPT, Mehdi Tibouchi and Huaxiong Wang (Eds.). 218–248.
[49]
Ralph C. Merkle. 1987. A digital signature based on a conventional encryption function. In CRYPTO. 369–378.
[50]
Ralph C. Merkle. 1989. A certified digital signature. In CRYPTO, Gilles Brassard (Ed.). 218–238.
[51]
Khoa Nguyen, Hanh Tang, Huaxiong Wang, and Neng Zeng. 2019. New code-based privacy-preserving cryptographic constructions. In International Conference on the Theory and Application of Cryptology and Information Security. Springer, 25–55.
[52]
NIST. 2017-2022. Post-Quantum Cryptography Standardization. https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization
[53]
NIST. 2022. NIST Announces First Four Quantum-Resistant Cryptographic Algorithms. https://nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms
[54]
Satyam Omar and Sahadeo Padhye. 2021. Multivariate linkable group signature scheme. In Proceedings of the International Conference on Computing and Communication Systems. Springer, 623–632.
[55]
Yusuke Sakai, Jacob C. N. Schuldt, Keita Emura, Goichiro Hanaoka, and Kazuo Ohta. 2012. On the security of dynamic group signatures: Preventing signature hijacking. In International Workshop on Public Key Cryptography. Springer, 715–732.
[56]
Claus-Peter Schnorr. 1989. Efficient identification and signatures for smart cards. In CRYPTO. 239–252.
[57]
Masoumeh Shafieinejad and Navid Nasr Esfahani. 2021. A scalable post-quantum hash-based group signature. Des. Codes Cryptogr. 89, 5 (2021), 1061–1090.
[58]
Guangdong Yang, Shaohua Tang, and Li Yang. 2011. A novel group signature scheme based on MPKC. In International Conference on Information Security Practice and Experience. Springer, 181–195.
[59]
Mahmoud Yehia, Riham AlTawy, and T. Aaron Gulliver. 2021. GM\({}^{\mbox{MT}}\): A revocable group Merkle multi-tree signature scheme. In CANS. 136–157.
[60]
Mahmoud Yehia, Riham AlTawy, and T. Aaron Gulliver. 2021. Security analysis of DGM and GM group signature schemes instantiated with XMSS-T. In Inscrypt. 61–81.
[61]
Greg Zaverucha, Sebastian Ramacher, Daniel Kales, and Steven Goldfeder. 2020. Reference Implementation of the Picnic Post-quantum Signature Scheme. https://github.com/Microsoft/Picnic
Index Terms
- Sphinx-in-the-Head: Group Signatures from Symmetric Primitives
Recommendations
Floppy-Sized Group Signatures from Lattices
Applied Cryptography and Network SecurityAbstractWe present the first lattice-based group signature scheme whose cryptographic artifacts are of size small enough to be usable in practice: for a group of users, signatures take 910 kB and public keys are 501 kB. Our scheme builds upon two ...
Efficient group signatures from bilinear pairing
CISC'05: Proceedings of the First SKLOIS conference on Information Security and CryptologyThis paper presents two types of group signature schemes from bilinear pairings: the mini type and the improved type. The size of the group public keys and the length of the signatures in both schemes are constant. An on-line third party is introduced ...
Universal forgery on a group signature scheme using self-certified public keys
A group signature scheme allows any group member to sign messages on behalf of the group in an anonymous and unlinkable fashion. In the event of a dispute, a designated group manager can reveal the identity of the signer. In 1999, Tseng and Jan proposed ...
Comments
Information & Contributors
Information
Published In
February 2024
369 pages
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 05 February 2024
Online AM: 27 December 2023
Accepted: 06 December 2023
Revised: 11 September 2023
Received: 04 January 2023
Published in TOPS Volume 27, Issue 1
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- European Union’s Horizon research and innovation
- National Natural Science Foundation of China
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 311Total Downloads
- Downloads (Last 12 months)311
- Downloads (Last 6 weeks)35
Reflects downloads up to 10 Nov 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in