Abstract
A dynamic group signature (\(\mathcal {DGS}\)) allows a user to generate a signature on behalf of a group, while preserving anonymity. Although many existing \(\mathcal {DGS}\) schemes have been proposed in the random oracle model for achieving efficiency, their security proofs require knowledge extractors that cause loose security reductions. In this paper, we first propose a new practical \(\mathcal {DGS}\) scheme whose security can be proven without knowledge extractors in the random oracle model. Moreover, our scheme can also be proven in the strong security model where an adversary is allowed to generate the group managers’ keys maliciously. The efficiency of our scheme is comparable to existing secure \(\mathcal {DGS}\) schemes in the random oracle model using knowledge extractors. The security of our scheme is based on a new complexity assumption that is obtained by generalizing the Pointcheval–Sanders (PS) assumption. Although our generalized PS (GPS) assumption is interactive, we prove that, under the (2,1)-discrete logarithm assumption, the new GPS assumption holds in the algebraic group model.
Similar content being viewed by others
Notes
For simplicity, we omit \(\lambda \) in related notation throughout this paper.
This means that users can join but not leave the group.
In [34], the authors mentioned that the KEA holds in the AGM, but a concrete reduction was not provided.
According to Bellare et al. [5], our setup algorithm can be non-trusted if a bilinear-group generation algorithm is deterministic and public. Also, the element h is computable by anyone and thus publicly verifiable from the generated bilinear group.
This notion is slightly different from that of [51].
References
Abdalla M., Fouque P., Lyubashevsky V., Tibouchi M.: Tightly-secure signatures from lossy identification schemes. In: Pointcheval D., Johansson T. (eds.) EUROCRYPT 2012. Lecture Notes in Computer Science, vol. 7237, pp. 572–590. Springer, Heidelberg (2012).
Abe M., Groth J., Haralambiev K., Ohkubo M.: Optimal structure-preserving signatures in asymmetric bilinear groups. In: CRYPTO 2011. Lecture Notes in Computer Science, vol. 6841, pp. 649–666. Springer, Heidelberg (2011).
Barreto P.S.L.M., Lynn B., Scott M.: Constructing elliptic curves with prescribed embedding degrees. In: Cimato S., Galdi C., Persiano G. (eds.) SCN 2002. Lecture Notes in Computer Science, vol. 2576, pp. 257–267. Springer, Heidelberg (2003).
Bauer B., Fuchsbauer G., Loss J.: A classification of computational assumptions in the algebraic group model. In: Micciancio D., Ristenpart T. (eds.) CRYPTO 2020, Part II. Lecture Notes in Computer Science, vol. 12171, pp. 121–151. Springer, Heidelberg (2020).
Bellare M., Fuchsbauer G., Scafuro A.: Nizks with an untrusted CRS: security in the face of parameter subversion. In: Cheon J.H., Takagi T. (eds.) ASIACRYPT 2016, Part II. Lecture Notes in Computer Science, vol. 10032, pp. 777–804 (2016).
Bellare M., Palacio A.: The knowledge-of-exponent assumptions and 3-round zero-knowledge protocols. In: Franklin M.K. (ed.) CRYPTO 2004. Lecture Notes in Computer Science, vol. 3152, pp. 273–289. Springer, Heidelberg (2004).
Bellare M., Micciancio D., Warinschi B.: Foundations of group signatures: Formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham E. (ed.) EUROCRYPT 2003. Lecture Notes in Computer Science, vol. 2656, pp. 614–629. Springer, Heidelberg (2003).
Bellare M., Shi H., Zhang C.: Foundations of group signatures: The case of dynamic groups. In: Menezes A. (ed.) CT-RSA 2005. Lecture Notes in Computer Science, vol. 3376, pp. 136–153. Springer, Heidelberg (2005).
Ben-Sasson E., Chiesa A., Green M., Tromer E., Virza M.: Secure sampling of public parameters for succinct zero knowledge proofs. In: SP 2015, pp. 287–304. IEEE Computer Society, Heidelberg (2015).
Bernhard D., Fischlin M., Warinschi B.: Adaptive proofs of knowledge in the random oracle model. In: Katz J. (ed.) PKC 2015. Lecture Notes in Computer Science, vol. 9020, pp. 629–649. Springer, Heidelberg (2015).
Bichsel P., Camenisch J., Neven G., Smart N.P., Warinschi B.: Get shorty via group signatures without encryption. In: Garay J.A., Prisco R.D. (eds.) SCN 2010. Lecture Notes in Computer Science, vol. 6280, pp. 381–398. Springer, Heidelberg (2010).
Boneh D., Shacham H.: Group signatures with verifier-local revocation. In: Atluri V., Pfitzmann B., McDaniel P.D. (eds.) CCS 2004, pp. 168–177. ACM, New York (2004).
Boneh D., Boyen X., Shacham H.: Short group signatures. In: Franklin M.K. (ed.) CRYPTO 2004. Lecture Notes in Computer Science, vol. 3152, pp. 41–55. Springer, Heidelberg (2004).
Bootle J., Cerulli A., Chaidos P., Ghadafi E., Groth J., Petit C.: Short accountable ring signatures based on DDH. In: Pernul G., Ryan P.Y.A., Weippl E.R. (eds.) ESORICS 2015, Part I. Lecture Notes in Computer Science, vol. 9326, pp. 243–265. Springer, Heidelberg (2015).
Bootle J., Cerulli A., Chaidos P., Ghadafi E., Groth J.: Foundations of fully dynamic group signatures 33, 1822–1870 (2020).
Bowe S.: BLS12-381: New zk-SNARK elliptic curve construction. Zcash Company Posts. https://electriccoin.co/blog/new-snark-curve/ (2017).
Boyen X., Waters B.: Full-domain subgroup hiding and constant-size group signatures. In: Okamoto T., Wang X. (eds.) PKC 2007. Lecture Notes in Computer Science, vol. 4450, pp. 1–15. Springer, Heidelberg (2007).
Brickell E., Li J.: Enhanced privacy ID: a direct anonymous attestation scheme with enhanced revocation capabilities. In: Ning P., Yu T. (eds.) WPES 2007, pp. 21–30. ACM, New York (2007).
Brickell E.F., Camenisch J., Chen L.: Direct anonymous attestation. In: Atluri V., Pfitzmann B., McDaniel P.D. (eds.) CCS 2004, pp. 132–145. ACM, New York (2004).
Camenisch J., Chen L., Drijvers M., Lehmann A., Novick D., Urian R.: One TPM to bind them all: Fixing TPM 2.0 for provably secure anonymous attestation. In: SP 2017, pp. 901–920. IEEE Computer Society, Heidelberg (2017).
Camenisch J., Groth J.: Group signatures: better efficiency and new theoretical aspects. In: Blundo C., Cimato S. (eds.) SCN 2004. Lecture Notes in Computer Science, vol. 3352, pp. 120–133. Springer, Heidelberg (2004).
Camenisch J., Lysyanskaya A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin M.K. (ed.) CRYPTO 2004. Lecture Notes in Computer Science, vol. 3152, pp. 56–72. Springer, Heidelberg (2004).
Camenisch J., Stadler M.: Efficient group signature schemes for large groups (extended abstract). In: Kaliski B.S. Jr. (ed.) CRYPTO 1997. Lecture Notes in Computer Science, vol. 1294, pp. 410–424. Springer, Heidelberg (1997).
Camenisch J., Drijvers M., Lehmann A., Neven G., Towa P.: Short threshold dynamic group signatures. In: Galdi C., Kolesnikov V. (eds.) SCN 2020. Lecture Notes in Computer Science, vol. 12238, pp. 401–423. Springer, Heidelberg (2020).
Chaum D., van Heyst E.: Group signatures. In: Davies D.W. (ed.) EUROCRYPT 1991. Lecture Notes in Computer Science, vol. 547, pp. 257–265. Springer, Heidelberg (1991).
Clarisse R., Sanders O.: Group signature without random oracles from randomizable signatures. In: Nguyen K., Wu W., Lam K., Wang H. (eds.) ProvSec 2020. Lecture Notes in Computer Science, vol. 12505, pp. 3–23. Springer, Heidelberg (2020).
Damgård I.: Towards practical public key systems secure against chosen ciphertext attacks. In: Feigenbaum J. (ed.) Advances in Cryptology - CRYPTO 1991. Lecture Notes in Computer Science, vol. 576, pp. 445–456. Springer, Heidelberg (1991).
Delerablée C., Pointcheval D.: Dynamic fully anonymous short group signatures. In: Nguyen P.Q. (ed.) VIETCRYPT 2006. Lecture Notes in Computer Science, vol. 4341, pp. 193–210. Springer, Heidelberg (2006).
Derler D., Slamanig D.: Highly-efficient fully-anonymous dynamic group signatures. In: Kim J., Ahn G., Kim S., Kim Y., López J., Kim T. (eds.) AsiaCCS 2018, pp. 551–565. ACM, New York (2018).
Faust S., Kohlweiss M., Marson G.A., Venturi D.: On the non-malleability of the fiat-shamir transform. In: Galbraith S.D., Nandi M. (eds.) INDOCRYPT 2012. Lecture Notes in Computer Science, vol. 7668, pp. 60–79. Springer, Heidelberg (2012).
Fiat A., Shamir A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko A.M. (ed.) CRYPTO 1986. Lecture Notes in Computer Science, vol. 263, pp. 186–194. Springer, Heidelberg (1986).
Fischlin M.: Communication-efficient non-interactive proofs of knowledge with online extractors. In: Shoup V. (ed.) CRYPTO 2005. Lecture Notes in Computer Science, vol. 3621, pp. 152–168. Springer, Heidelberg (2005).
Fischlin M., Harasser P., Janson C.: Signatures from sequential-or proofs. In: Canteaut A., Ishai Y. (eds.) EUROCRYPT 2020, Part III. Lecture Notes in Computer Science, vol. 12107, pp. 212–244. Springer, Heidelberg (2020).
Fuchsbauer G., Kiltz E., Loss J.: The algebraic group model and its applications. In: Shacham H., Boldyreva A. (eds.) CRYPTO 2018, Part II. Lecture Notes in Computer Science, vol. 10992, pp. 33–62. Springer, Heidelberg (2018).
Galbraith S.D., Paterson K.G., Smart N.P.: Pairings for cryptographers. Discret. Appl. Math. 156(16), 3113–3121 (2008).
Garay J.A., MacKenzie P.D., Yang K.: Strengthening zero-knowledge protocols using signatures. In: Biham E. (ed.) EUROCRYPT 2003. Lecture Notes in Computer Science, vol. 2656, pp. 177–194. Springer, Heidelberg (2003).
Goh E., Jarecki S., Katz J., Wang N.: Efficient signature schemes with tight reductions to the Diffie-Hellman problems. J. Cryptol. 20(4), 493–514 (2007).
Goldwasser S., Micali S., Rivest R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988).
Groth J.: Fully anonymous group signatures without random oracles. In: Kurosawa K. (ed.) ASIACRYPT 2007. Lecture Notes in Computer Science, vol. 4833, pp. 164–180. Springer, Heidelberg (2007).
Hanser C., Slamanig D.: Structure-preserving signatures on equivalence classes and their application to anonymous credentials. In: Sarkar P., Iwata T. (eds.) ASIACRYPT 2014. Lecture Notes in Computer Science, vol. 8873, pp. 491–511. Springer, Heidelberg (2014).
Intel: A Cost-Effective Foundation for End-to-End IoT Security, White Paper. https://www.intel.in/content/www/in/en/internet-of-things/white-papers/iot-identity-intel-epid-iot-security-white-paper.html (2016).
Kiayias A., Yung M.: Group signatures with efficient concurrent join. In: Cramer R. (ed.) EUROCRYPT 2005. Lecture Notes in Computer Science, vol. 3494, pp. 198–214. Springer, Heidelberg (2005).
Kim H., Lee Y., Abdalla M., Park J.H.: Practical Dynamic Group Signature with Efficient Concurrent Joins and Batch Verifications. Cryptology ePrint Archive, Report 2020/921. https://eprint.iacr.org/2020/921 (2020).
Lee J.: Dory: efficient, transparent arguments for generalised inner products and polynomial commitments. In: Nissim K., Waters B. (eds.) TCC 2021, Part II. Lecture Notes in Computer Science, vol. 13043, pp. 1–34. Springer, Heidelberg (2021).
Libert B., Peters T., Yung M.: Short group signatures via structure-preserving signatures: standard model security from simple assumptions. In: Gennaro R., Robshaw M. (eds.) CRYPTO 2015, Part II. Lecture Notes in Computer Science, vol. 9216, pp. 296–316. Springer, Heidelberg (2015).
Libert B., Mouhartem F., Peters T., Yung M.: Practical “signatures with efficient protocols" from simple assumptions. In: Chen X., Wang X., Huang X. (eds.) AsiaCCS 2016, pp. 511–522. ACM, New York (2016).
Naor M., Yung M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: Ortiz H. (ed.) STOC 1990, pp. 427–437. ACM, New York (1990).
Paillier P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern J. (ed.) EUROCRYPT 1999. Lecture Notes in Computer Science, vol. 1592, pp. 223–238. Springer, Heidelberg (1999).
Pointcheval D., Sanders O.: Short randomizable signatures. In: Sako K. (ed.) CT-RSA 2016. Lecture Notes in Computer Science, vol. 9610, pp. 111–126. Springer, Heidelberg (2016).
Pointcheval D., Stern J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361–396 (2000).
Sakai Y., Schuldt J.C.N., Emura K., Hanaoka G., Ohta K.: On the security of dynamic group signatures: preventing signature hijacking. In: Fischlin M., Buchmann J.A., Manulis M. (eds.) PKC 2012. Lecture Notes in Computer Science, vol. 7293, pp. 715–732. Springer, Heidelberg (2012).
TCG https://trustedcomputinggroup.org/authentication/ (2015).
Acknowledgements
This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No.2021-0-00532, Blockchain privacy preserving techniques based on data encryption).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Additional information
Communicated by K. Matsuura.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Kim, H., Sanders, O., Abdalla, M. et al. Practical dynamic group signatures without knowledge extractors. Des. Codes Cryptogr. 91, 853–893 (2023). https://doi.org/10.1007/s10623-022-01129-w
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-022-01129-w
Keywords
- Algebraic group model
- Group signatures
- Knowledge extractors
- PS assumptions
- Random oracle model
- Subverted CRS