Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content

Advertisement

SpringerLink
Log in

Practical dynamic group signatures without knowledge extractors

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

A dynamic group signature (\(\mathcal {DGS}\)) allows a user to generate a signature on behalf of a group, while preserving anonymity. Although many existing \(\mathcal {DGS}\) schemes have been proposed in the random oracle model for achieving efficiency, their security proofs require knowledge extractors that cause loose security reductions. In this paper, we first propose a new practical \(\mathcal {DGS}\) scheme whose security can be proven without knowledge extractors in the random oracle model. Moreover, our scheme can also be proven in the strong security model where an adversary is allowed to generate the group managers’ keys maliciously. The efficiency of our scheme is comparable to existing secure \(\mathcal {DGS}\) schemes in the random oracle model using knowledge extractors. The security of our scheme is based on a new complexity assumption that is obtained by generalizing the Pointcheval–Sanders (PS) assumption. Although our generalized PS (GPS) assumption is interactive, we prove that, under the (2,1)-discrete logarithm assumption, the new GPS assumption holds in the algebraic group model.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Notes

  1. For simplicity, we omit \(\lambda \) in related notation throughout this paper.

  2. This means that users can join but not leave the group.

  3. As explained in Sect. 1.2, we do not want a full-fledged structure-preserving signature as it would expose us to the associated negative results [2] such as the impossibility of unilateral signatures (that is, signatures only containing elements of \(\mathbb {G}_1\)).

  4. In [34], the authors mentioned that the KEA holds in the AGM, but a concrete reduction was not provided.

  5. According to Bellare et al. [5], our setup algorithm can be non-trusted if a bilinear-group generation algorithm is deterministic and public. Also, the element h is computable by anyone and thus publicly verifiable from the generated bilinear group.

  6. This notion is slightly different from that of [51].

References

  1. Abdalla M., Fouque P., Lyubashevsky V., Tibouchi M.: Tightly-secure signatures from lossy identification schemes. In: Pointcheval D., Johansson T. (eds.) EUROCRYPT 2012. Lecture Notes in Computer Science, vol. 7237, pp. 572–590. Springer, Heidelberg (2012).

  2. Abe M., Groth J., Haralambiev K., Ohkubo M.: Optimal structure-preserving signatures in asymmetric bilinear groups. In: CRYPTO 2011. Lecture Notes in Computer Science, vol. 6841, pp. 649–666. Springer, Heidelberg (2011).

    MATH  Google Scholar 

  3. Barreto P.S.L.M., Lynn B., Scott M.: Constructing elliptic curves with prescribed embedding degrees. In: Cimato S., Galdi C., Persiano G. (eds.) SCN 2002. Lecture Notes in Computer Science, vol. 2576, pp. 257–267. Springer, Heidelberg (2003).

    Google Scholar 

  4. Bauer B., Fuchsbauer G., Loss J.: A classification of computational assumptions in the algebraic group model. In: Micciancio D., Ristenpart T. (eds.) CRYPTO 2020, Part II. Lecture Notes in Computer Science, vol. 12171, pp. 121–151. Springer, Heidelberg (2020).

    MATH  Google Scholar 

  5. Bellare M., Fuchsbauer G., Scafuro A.: Nizks with an untrusted CRS: security in the face of parameter subversion. In: Cheon J.H., Takagi T. (eds.) ASIACRYPT 2016, Part II. Lecture Notes in Computer Science, vol. 10032, pp. 777–804 (2016).

  6. Bellare M., Palacio A.: The knowledge-of-exponent assumptions and 3-round zero-knowledge protocols. In: Franklin M.K. (ed.) CRYPTO 2004. Lecture Notes in Computer Science, vol. 3152, pp. 273–289. Springer, Heidelberg (2004).

    Google Scholar 

  7. Bellare M., Micciancio D., Warinschi B.: Foundations of group signatures: Formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham E. (ed.) EUROCRYPT 2003. Lecture Notes in Computer Science, vol. 2656, pp. 614–629. Springer, Heidelberg (2003).

  8. Bellare M., Shi H., Zhang C.: Foundations of group signatures: The case of dynamic groups. In: Menezes A. (ed.) CT-RSA 2005. Lecture Notes in Computer Science, vol. 3376, pp. 136–153. Springer, Heidelberg (2005).

    Google Scholar 

  9. Ben-Sasson E., Chiesa A., Green M., Tromer E., Virza M.: Secure sampling of public parameters for succinct zero knowledge proofs. In: SP 2015, pp. 287–304. IEEE Computer Society, Heidelberg (2015).

  10. Bernhard D., Fischlin M., Warinschi B.: Adaptive proofs of knowledge in the random oracle model. In: Katz J. (ed.) PKC 2015. Lecture Notes in Computer Science, vol. 9020, pp. 629–649. Springer, Heidelberg (2015).

    MATH  Google Scholar 

  11. Bichsel P., Camenisch J., Neven G., Smart N.P., Warinschi B.: Get shorty via group signatures without encryption. In: Garay J.A., Prisco R.D. (eds.) SCN 2010. Lecture Notes in Computer Science, vol. 6280, pp. 381–398. Springer, Heidelberg (2010).

    Google Scholar 

  12. Boneh D., Shacham H.: Group signatures with verifier-local revocation. In: Atluri V., Pfitzmann B., McDaniel P.D. (eds.) CCS 2004, pp. 168–177. ACM, New York (2004).

    Google Scholar 

  13. Boneh D., Boyen X., Shacham H.: Short group signatures. In: Franklin M.K. (ed.) CRYPTO 2004. Lecture Notes in Computer Science, vol. 3152, pp. 41–55. Springer, Heidelberg (2004).

    Google Scholar 

  14. Bootle J., Cerulli A., Chaidos P., Ghadafi E., Groth J., Petit C.: Short accountable ring signatures based on DDH. In: Pernul G., Ryan P.Y.A., Weippl E.R. (eds.) ESORICS 2015, Part I. Lecture Notes in Computer Science, vol. 9326, pp. 243–265. Springer, Heidelberg (2015).

    Google Scholar 

  15. Bootle J., Cerulli A., Chaidos P., Ghadafi E., Groth J.: Foundations of fully dynamic group signatures 33, 1822–1870 (2020).

    Google Scholar 

  16. Bowe S.: BLS12-381: New zk-SNARK elliptic curve construction. Zcash Company Posts. https://electriccoin.co/blog/new-snark-curve/ (2017).

  17. Boyen X., Waters B.: Full-domain subgroup hiding and constant-size group signatures. In: Okamoto T., Wang X. (eds.) PKC 2007. Lecture Notes in Computer Science, vol. 4450, pp. 1–15. Springer, Heidelberg (2007).

    Google Scholar 

  18. Brickell E., Li J.: Enhanced privacy ID: a direct anonymous attestation scheme with enhanced revocation capabilities. In: Ning P., Yu T. (eds.) WPES 2007, pp. 21–30. ACM, New York (2007).

    Google Scholar 

  19. Brickell E.F., Camenisch J., Chen L.: Direct anonymous attestation. In: Atluri V., Pfitzmann B., McDaniel P.D. (eds.) CCS 2004, pp. 132–145. ACM, New York (2004).

    Google Scholar 

  20. Camenisch J., Chen L., Drijvers M., Lehmann A., Novick D., Urian R.: One TPM to bind them all: Fixing TPM 2.0 for provably secure anonymous attestation. In: SP 2017, pp. 901–920. IEEE Computer Society, Heidelberg (2017).

  21. Camenisch J., Groth J.: Group signatures: better efficiency and new theoretical aspects. In: Blundo C., Cimato S. (eds.) SCN 2004. Lecture Notes in Computer Science, vol. 3352, pp. 120–133. Springer, Heidelberg (2004).

    Google Scholar 

  22. Camenisch J., Lysyanskaya A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin M.K. (ed.) CRYPTO 2004. Lecture Notes in Computer Science, vol. 3152, pp. 56–72. Springer, Heidelberg (2004).

    Google Scholar 

  23. Camenisch J., Stadler M.: Efficient group signature schemes for large groups (extended abstract). In: Kaliski B.S. Jr. (ed.) CRYPTO 1997. Lecture Notes in Computer Science, vol. 1294, pp. 410–424. Springer, Heidelberg (1997).

    Google Scholar 

  24. Camenisch J., Drijvers M., Lehmann A., Neven G., Towa P.: Short threshold dynamic group signatures. In: Galdi C., Kolesnikov V. (eds.) SCN 2020. Lecture Notes in Computer Science, vol. 12238, pp. 401–423. Springer, Heidelberg (2020).

    Google Scholar 

  25. Chaum D., van Heyst E.: Group signatures. In: Davies D.W. (ed.) EUROCRYPT 1991. Lecture Notes in Computer Science, vol. 547, pp. 257–265. Springer, Heidelberg (1991).

    Google Scholar 

  26. Clarisse R., Sanders O.: Group signature without random oracles from randomizable signatures. In: Nguyen K., Wu W., Lam K., Wang H. (eds.) ProvSec 2020. Lecture Notes in Computer Science, vol. 12505, pp. 3–23. Springer, Heidelberg (2020).

    Google Scholar 

  27. Damgård I.: Towards practical public key systems secure against chosen ciphertext attacks. In: Feigenbaum J. (ed.) Advances in Cryptology - CRYPTO 1991. Lecture Notes in Computer Science, vol. 576, pp. 445–456. Springer, Heidelberg (1991).

    Google Scholar 

  28. Delerablée C., Pointcheval D.: Dynamic fully anonymous short group signatures. In: Nguyen P.Q. (ed.) VIETCRYPT 2006. Lecture Notes in Computer Science, vol. 4341, pp. 193–210. Springer, Heidelberg (2006).

    Google Scholar 

  29. Derler D., Slamanig D.: Highly-efficient fully-anonymous dynamic group signatures. In: Kim J., Ahn G., Kim S., Kim Y., López J., Kim T. (eds.) AsiaCCS 2018, pp. 551–565. ACM, New York (2018).

    Google Scholar 

  30. Faust S., Kohlweiss M., Marson G.A., Venturi D.: On the non-malleability of the fiat-shamir transform. In: Galbraith S.D., Nandi M. (eds.) INDOCRYPT 2012. Lecture Notes in Computer Science, vol. 7668, pp. 60–79. Springer, Heidelberg (2012).

    Google Scholar 

  31. Fiat A., Shamir A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko A.M. (ed.) CRYPTO 1986. Lecture Notes in Computer Science, vol. 263, pp. 186–194. Springer, Heidelberg (1986).

    Google Scholar 

  32. Fischlin M.: Communication-efficient non-interactive proofs of knowledge with online extractors. In: Shoup V. (ed.) CRYPTO 2005. Lecture Notes in Computer Science, vol. 3621, pp. 152–168. Springer, Heidelberg (2005).

    Google Scholar 

  33. Fischlin M., Harasser P., Janson C.: Signatures from sequential-or proofs. In: Canteaut A., Ishai Y. (eds.) EUROCRYPT 2020, Part III. Lecture Notes in Computer Science, vol. 12107, pp. 212–244. Springer, Heidelberg (2020).

    Google Scholar 

  34. Fuchsbauer G., Kiltz E., Loss J.: The algebraic group model and its applications. In: Shacham H., Boldyreva A. (eds.) CRYPTO 2018, Part II. Lecture Notes in Computer Science, vol. 10992, pp. 33–62. Springer, Heidelberg (2018).

    Google Scholar 

  35. Galbraith S.D., Paterson K.G., Smart N.P.: Pairings for cryptographers. Discret. Appl. Math. 156(16), 3113–3121 (2008).

    MathSciNet  MATH  Google Scholar 

  36. Garay J.A., MacKenzie P.D., Yang K.: Strengthening zero-knowledge protocols using signatures. In: Biham E. (ed.) EUROCRYPT 2003. Lecture Notes in Computer Science, vol. 2656, pp. 177–194. Springer, Heidelberg (2003).

    Google Scholar 

  37. Goh E., Jarecki S., Katz J., Wang N.: Efficient signature schemes with tight reductions to the Diffie-Hellman problems. J. Cryptol. 20(4), 493–514 (2007).

    MathSciNet  MATH  Google Scholar 

  38. Goldwasser S., Micali S., Rivest R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988).

    MathSciNet  MATH  Google Scholar 

  39. Groth J.: Fully anonymous group signatures without random oracles. In: Kurosawa K. (ed.) ASIACRYPT 2007. Lecture Notes in Computer Science, vol. 4833, pp. 164–180. Springer, Heidelberg (2007).

    Google Scholar 

  40. Hanser C., Slamanig D.: Structure-preserving signatures on equivalence classes and their application to anonymous credentials. In: Sarkar P., Iwata T. (eds.) ASIACRYPT 2014. Lecture Notes in Computer Science, vol. 8873, pp. 491–511. Springer, Heidelberg (2014).

    Google Scholar 

  41. Intel: A Cost-Effective Foundation for End-to-End IoT Security, White Paper. https://www.intel.in/content/www/in/en/internet-of-things/white-papers/iot-identity-intel-epid-iot-security-white-paper.html (2016).

  42. Kiayias A., Yung M.: Group signatures with efficient concurrent join. In: Cramer R. (ed.) EUROCRYPT 2005. Lecture Notes in Computer Science, vol. 3494, pp. 198–214. Springer, Heidelberg (2005).

    Google Scholar 

  43. Kim H., Lee Y., Abdalla M., Park J.H.: Practical Dynamic Group Signature with Efficient Concurrent Joins and Batch Verifications. Cryptology ePrint Archive, Report 2020/921. https://eprint.iacr.org/2020/921 (2020).

  44. Lee J.: Dory: efficient, transparent arguments for generalised inner products and polynomial commitments. In: Nissim K., Waters B. (eds.) TCC 2021, Part II. Lecture Notes in Computer Science, vol. 13043, pp. 1–34. Springer, Heidelberg (2021).

    Google Scholar 

  45. Libert B., Peters T., Yung M.: Short group signatures via structure-preserving signatures: standard model security from simple assumptions. In: Gennaro R., Robshaw M. (eds.) CRYPTO 2015, Part II. Lecture Notes in Computer Science, vol. 9216, pp. 296–316. Springer, Heidelberg (2015).

    Google Scholar 

  46. Libert B., Mouhartem F., Peters T., Yung M.: Practical “signatures with efficient protocols" from simple assumptions. In: Chen X., Wang X., Huang X. (eds.) AsiaCCS 2016, pp. 511–522. ACM, New York (2016).

    Google Scholar 

  47. Naor M., Yung M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: Ortiz H. (ed.) STOC 1990, pp. 427–437. ACM, New York (1990).

    Google Scholar 

  48. Paillier P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern J. (ed.) EUROCRYPT 1999. Lecture Notes in Computer Science, vol. 1592, pp. 223–238. Springer, Heidelberg (1999).

    Google Scholar 

  49. Pointcheval D., Sanders O.: Short randomizable signatures. In: Sako K. (ed.) CT-RSA 2016. Lecture Notes in Computer Science, vol. 9610, pp. 111–126. Springer, Heidelberg (2016).

    Google Scholar 

  50. Pointcheval D., Stern J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361–396 (2000).

    MATH  Google Scholar 

  51. Sakai Y., Schuldt J.C.N., Emura K., Hanaoka G., Ohta K.: On the security of dynamic group signatures: preventing signature hijacking. In: Fischlin M., Buchmann J.A., Manulis M. (eds.) PKC 2012. Lecture Notes in Computer Science, vol. 7293, pp. 715–732. Springer, Heidelberg (2012).

    Google Scholar 

  52. TCG https://trustedcomputinggroup.org/authentication/ (2015).

Download references

Acknowledgements

This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No.2021-0-00532, Blockchain privacy preserving techniques based on data encryption).

Author information

Authors and Affiliations

  1. Korea University, Seoul, Korea

    Hyoseung Kim

  2. Orange Labs, Applied Crypto Group, Cesson-Sévigné, France

    Olivier Sanders

  3. DIENS, École Normale Supérieure, CNRS, PSL University, Paris, France

    Michel Abdalla

  4. INRIA, Paris, France

    Michel Abdalla

  5. Sangmyung University, Seoul, Korea

    Jong Hwan Park

Authors
  1. Hyoseung Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Olivier Sanders
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michel Abdalla
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jong Hwan Park
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jong Hwan Park.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Additional information

Communicated by K. Matsuura.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kim, H., Sanders, O., Abdalla, M. et al. Practical dynamic group signatures without knowledge extractors. Des. Codes Cryptogr. 91, 853–893 (2023). https://doi.org/10.1007/s10623-022-01129-w

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-022-01129-w

Keywords

Mathematics Subject Classification

Search

Navigation