Similar articles

Abstract: For group signature (GS) supporting membership revocation, verifier-local revocation (VLR) mechanism seems to be a more flexible choice, because it requires only that verifiers download up-to-date revocation information for signature verification, and the signers are not involved. As a post-quantum secure cryptographic counterpart of classical number-theoretic cryptographic constructions, the first lattice-based VLR group signature (VLR-GS) was introduced by Langlois et al. (2014). However, none of the contemporary lattice-based VLR-GS schemes provide backward unlinkability (BU), which is an important property to ensure that previously issued signatures remain anonymous and unlinkable even after the corresponding signer (i.e., member) is revoked. In this study, we introduce the first lattice-based VLR-GS scheme with BU security (VLR-GS-BU), and thus resolve a prominent open problem posed by previous works. Our new scheme enjoys an O(logN) factor saving for bit-sizes of the group public-key (GPK) and the member's signing secret-key, and it is free of any public-key encryption. In the random oracle model, our scheme is proven secure under two well-known hardness assumptions of the short integer solution (SIS) problem and learning with errors (LWE) problem.

格上后向无关联性安全的验证者本地撤销群签名

[1]Agrawal S, Boneh D, Boyen X, 2010. Efficient lattice (H)IBE in the standard model. Proc 29^th Annual Int Conf on the Theory and Applications of Cryptographic Techniques, p.553-572.

[2]Ajtai M, 1996. Generating hard instances of lattice problems (extended abstract). Proc 28^th ACM Symp on Theory of Computing, p.99-108.

[3]Alwen J, Peikert C, 2011. Generating shorter bases for hard random lattices. Theor Comput Syst, 48(3):535-553.

[4]Bellare M, Micciancio D, Warinschi B, 2003. Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. Proc 22^nd Int Conf on the Theory and Applications of Cryptographic Techniques, p.614-629.

[5]Bellare M, Shi HX, Zhang C, 2005. Foundations of group signatures: the case of dynamic groups. Cryptographers’ Track at the RSA Conf, p.136-153.

[6]Boneh D, Shacham H, 2004. Group signatures with verifier-local revocation. Proc 11^th ACM Conf on Computer and Communications Security, p.168-177.

[7]Bootle J, Cerulli A, Chaidos P, et al., 2016. Foundations of fully dynamic group signatures. Proc 14^th Int Conf on the Applied Cryptography and Network Security, p.117-136.

[8]Cash D, Hofheinz D, Kiltz E, et al., 2010. Bonsai trees, or how to delegate a lattice basis. Proc 29^th Int Conf on the Theory and Applications of Cryptographic Techniques, p.523-552.

[9]Chaum D, van Heyst E, 1991. Group signatures. Workshop on the Theory and Application of Cryptographic Techniques, p.257-265.

[10]Emura K, Hayashi T, 2018. A revocable group signature scheme with scalability from simple assumptions and its implementation. Proc 21^st Int Conf on Information Security, p.442-460.

[11]Gao W, Hu YP, Zhang YH, et al., 2017. Lattice-based group signature with verifier-local revocation. J Shanghai Jiao Tong Univ (Sci), 22(3):313-321.

[12]Gentry C, Peikert C, Vaikuntanathan V, 2008. Trapdoors for hard lattices and new cryptographic constructions. Proc 40^th Annual ACM Symp on Theory of Computing, p.197-206.

[13]Gordon SD, Katz J, Vaikuntanathan V, 2010. A group signature scheme from lattice assumptions. Proc 16^th Int Conf on the Theory and Application of Cryptology and Information Security, p.395-412.

[14]Huang JY, Huang Q, Susilo W, 2020. Leakage-resilient group signature: definitions and constructions. Inform Sci, 509:119-132.

[15]Ishida A, Sakai Y, Emura K, et al., 2018. Fully anonymous group signature with verifier-local revocation. Proc 11^th Int Conf on Security and Cryptography for Networks, p.23-42.

[16]Kawachi A, Tanaka K, Xagawa K, 2008. Concurrently secure identification schemes based on the worst-case hardness of lattice problems. Proc 14^th Int Conf on the Theory and Application of Cryptology and Information Security, p.372-389.

[17]Langlois A, Ling S, Nguyen K, et al., 2014. Lattice-based group signature scheme with verifier-local revocation. Proc 17^th Int Conf on Practice and Theory in Public-Key Cryptography, p.345-361.

[18]Libert B, Vergnaud D, 2009. Group signatures with verifier-local revocation and backward unlinkability in the standard model. Proc 8^th Int Conf on Cryptology and Network Security, p.498-517.

[19]Ling S, Nguyen K, Stehlé D, et al., 2013. Improved zero-knowledge proofs of knowledge for the ISIS problem, and applications. Proc 16^th Int Conf on Practice and Theory in Public-Key Cryptography, p.107-124.

[20]Ling S, Nguyen K, Roux-Langlois A, et al., 2018. A lattice-based group signature scheme with verifier-local revocation. Theor Comput Sci, 730:1-20.

[21]Micciancio D, Peikert C, 2012. Trapdoors for lattices: simpler, tighter, faster, smaller. Proc 31^st Annual Int Conf on the Theory and Applications of Cryptographic Techniques, p.700-718.

[22]Micciancio D, Peikert C, 2013. Hardness of SIS and LWE with small parameters. Proc 33^rd Annual Cryptology Conf, p.21-39.

[23]Nakanishi T, Funabiki N, 2005. Verifier-local revocation group signature schemes with backward unlinkability from bilinear maps. Proc 11^th Int Conf on the Theory and Application of Cryptology and Information Security, p.533-548.

[24]Nakanishi T, Funabiki N, 2006. A short verifier-local revocation group signature scheme with backward unlinkability. Proc 1^st Int Workshop on Security, p.17-32.

[25]Nguyen PQ, Zhang J, Zhang ZF, 2015. Simpler efficient group signatures from lattices. Proc 18^th IACR Int Conf on Practice and Theory in Public-Key Cryptography, p.401-426.

[26]Perera MNS, Koshiba T, 2018a. Achieving full security for lattice-based group signatures with verifier-local revocation. Proc 20^th Int Conf on Information and Communications Security, p.287-302.

[27]Perera MNS, Koshiba T, 2018b. Zero-knowledge proof for lattice-based group signature schemes with verifier-local revocation. Proc 21^st Int Conf on Network-Based Information Systems, p.772-782.

[28]Perera MNS, Koshiba T, 2018c. Achieving strong security and verifier-local revocation for dynamic group signatures from lattice assumptions. Proc 14^th Int Conf on Security and Trust Management, p.3-19.

[29]Regev O, 2005. On lattices, learning with errors, random linear codes, and cryptography. Proc 37^th Annual ACM Symp on Theory of Computing, p.84-93.

[30]Song DX, 2001. Practical forward secure group signature schemes. Proc 8^th ACM Conf on Computer and Communications Security, p.225-234.

[31]Zhang YH, Hu YP, Gao W, et al., 2016. Simpler efficient group signature scheme with verifier-local revocation from lattices. KSII Trans Int Inform Syst, 10(1):414-430.

[32]Zhang YH, Hu YP, Zhang QK, et al., 2019a. On new zero-knowledge proofs for lattice-based group signatures with verifier-local revocation. Proc 22^nd Int Conf on Information Security, p.190-208.

[33]Zhang YH, Liu XM, Hu YP, et al., 2019b. Lattice-based group signatures with verifier-local revocation: achieving shorter key-sizes and explicit traceability with ease. Proc 18^th Int Conf on Cryptology and Network Security, p.120-140.