[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content

A Light-Weight Group Signature Scheme with Time-Token Dependent Linking

  • Conference paper
Lightweight Cryptography for Security and Privacy (LightSec 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9542))

Included in the following conference series:

Abstract

Group signature is a central topic of cryptography with anonymity, and its several applications have been considered so far, e.g., privacy-preserving vehicle communications. Since anonymity (a.k.a. unlinkability) is quite strong in certain situations and it requires heavy cryptographic costs, group signatures with relaxed anonymity also have been proposed. For example, group signatures with controllable linkability was proposed by Hwang et al., (LightSec 2011) where an authority called Linker can anonymously check whether two group signatures are made by the same signer or not by using a linking key. However, the linking algorithm requires a heavy computation, i.e., bilinear pairings. In this paper, we propose the notion group signatures with time-token dependent Linking (GS-TDL), where a signer is unlinkable unless it generates multiple signatures at the same time period. It is particularly worth noting that our linking algorithm does not require cryptographic computations (i.e., comparisons to determine two elements are the same). Moreover, the signature size is 25 % shorter than that of the Hwang et al. scheme, and is 34 % shorter than that of the Boneh-Boeyn-Shacham short group signature scheme. Our GS-TDL scheme supports verifier-local revocation (VLR), which maintains constant signing and verification costs by using the linkable part of signatures. These appear to be related to independent interests. Finally, we provide our experimental results (using the TEPLA library on a cheap and constrained computational power device, Raspberry Pi).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 27.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 34.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    We remark that these schemes [14, 2830] also achieve only CPA-anonymity (i.e., no opening oracle access is allowed in anonymity game) as in ours.

  2. 2.

    Even if a random nonce is included as a part of signed message, no linking algorithm works and this leads to a wag-the-dog situation. Even if a time T is included, e.g., sign M||T by using a message-dependent linking group signature scheme, anyone can manipulate T and such a signer-driven anonymous system must be avoided because vehicles have incentive to hide identity. On the contrary, in GS-TDL, time T is authorized by TGU and no vehicle can manipulate T.

  3. 3.

    As a remark, the case that an adversary generates a valid signature using a revoked user’s signing key cannot be captured by unforgeability since the open algorithm is not defined. Instead, we consider the case that a signature is invalid when the corresponding signer is revoked in correctness, though it might be additionally defined such as revocation soundness.

  4. 4.

    This condition must be required to exclude the trivially-broken case, e.g., \(\mathcal {A}\) honestly generates \(t_{T_0}\) and sets \(t_{T_1}\) as arbitrary value. Then, \(\mathcal {A}\) can check whether \(\sigma ^*\) is valid or not. If yes, then \(b=0\) and \(b=1\) otherwise.

  5. 5.

    That is, the \(\mathsf{TSK}\) oracle returns \(\mathsf {tsk}\) if all identities input in the \(\mathsf{USK}\) oracle were revoked.

  6. 6.

    We can assume that two group signatures input are valid. That is, the signature verification has been done before running the link algorithm. Then our linking algorithm does not require cryptographic computations (i.e., comparisons to determine two elements are the same).

  7. 7.

    https://www.openssl.org.

  8. 8.

    https://wiki.gnome.org/Projects/GLib.

References

  1. TEPLA: University of Tsukuba Elliptic Curve and Pairing Library. http://www.cipher.risk.tsukuba.ac.jp/tepla/index_e.html

  2. Abe, M., Chow, S.S.M., Haralambiev, K., Ohkubo, M.: Double-trapdoor anonymous tags for traceable signatures. Int. J. Inf. Sec. 12(1), 19–31 (2013)

    Article  Google Scholar 

  3. Abe, M., Fuchsbauer, G., Groth, J., Haralambiev, K., Ohkubo, M.: Structure-preserving signatures and commitments to group elements. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 209–236. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  4. Attrapadung, N., Emura, K., Hanaoka, G., Sakai, Y.: A revocable group signature scheme from identity-based revocation techniques: achieving constant-size revocation list. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 419–437. Springer, Heidelberg (2014)

    Google Scholar 

  5. Attrapadung, N., Emura, K., Hanaoka, G., Sakai, Y.: Revocable group signature with constant-size revocation list. Comput. J. 58(10), 2698–2715 (2015). This is the full version of [4]

    Article  MATH  Google Scholar 

  6. Baldimtsi, F., Lysyanskaya, A.: Anonymous credentials light. In: ACM CCS, pp. 1087–1098 (2013)

    Google Scholar 

  7. Barbulescu, R., Gaudry, P., Joux, A., Thomé, E.: A heuristic quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441. Springer, Heidelberg (2014)

    Google Scholar 

  8. Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Selected Areas in Cryptography, pp. 319–331 (2005)

    Google Scholar 

  9. Belenkiy, M., Chase, M., Kohlweiss, M., Lysyanskaya, A.: Compact E-cash and simulatable VRFs revisited. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 114–131. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  10. Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: EUROCRYPT, pp. 614–629 (2003)

    Google Scholar 

  11. Bellare, M., Shi, H., Zhang, C.: Foundations of group signatures: the case of dynamic groups. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 136–153. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  12. Bichsel, P., Camenisch, J., Neven, G., Smart, N.P., Warinschi, B.: Get shorty via group signatures without encryption. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 381–398. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  13. Boneh, D., Boyen, X.: Short signatures without random oracles and the SDH assumption in bilinear groups. J. Cryptology 21(2), 149–177 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  14. Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  15. Boneh, D., Shacham, H.: Group signatures with verifier-local revocation. In: ACM CCS, pp. 168–177 (2004)

    Google Scholar 

  16. Camenisch, J., Hohenberger, S., Kohlweiss, M., Lysyanskaya, A., Meyerovich, M.: How to win the clone wars: efficient periodic n-times anonymous authentication. In: ACM CCS, pp. 201–210 (2006)

    Google Scholar 

  17. Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)

    Chapter  Google Scholar 

  18. Delerablée, C., Pointcheval, D.: Dynamic fully anonymous short group signatures. In: Nguyên, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 193–210. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  19. Emura, K., Hanaoka, G., Sakai, Y., Schuldt, J.C.N.: Group signature implies public-key encryption with non-interactive opening. Int. J. Inf. Sec. 13(1), 51–62 (2014)

    Article  Google Scholar 

  20. Emura, K., Kanaoka, A., Ohta, S., Takahashi, T.: Building secure and anonymous communication channel: formal model and its prototype implementation. In: ACM Symposium on Applied, Computing, pp. 1641–1648 (2014)

    Google Scholar 

  21. Hohenberger, S., Ferrara, A.L., Green, M., Pedersen, M.Ø.: Practical short signature batch verification. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 309–324. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  22. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)

    Chapter  Google Scholar 

  23. Franklin, M., Zhang, H.: Unique group signatures. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 643–660. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  24. Furukawa, J., Imai, H.: An efficient group signature scheme from bilinear maps. IEICE Trans. 89–A(5), 1328–1338 (2006)

    Article  Google Scholar 

  25. Granger, R., Kleinjung, T., Zumbrägel, J.: Breaking ‘128-bit secure’ supersingular binary curves. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 126–145. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  26. Groth, J.: Fully anonymous group signatures without random oracles. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 164–180. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  27. Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  28. Hwang, J.Y., Chen, L., Cho, H.S., Nyang, D.: Short dynamic group signature scheme supporting controllable linkability. IEEE Trans. Inf. Forensics Secur. 10(6), 1109–1124 (2015)

    Article  Google Scholar 

  29. Hwang, J.Y., Lee, S. Chung,, B.-H., Cho, H.S., Nyang, D.: Short group signatures with controllable linkability. In: LightSec, pp. 44–52 (2011)

    Google Scholar 

  30. Hwang, J.Y., Lee, S., Chung, B.-H., Cho, H.S., Nyang, D.: Group signatures with controllable linkability for dynamic membership. Inf. Sci. 222, 761–778 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  31. Isern-Deyà, A.P., Rotger, L.H., Payeras-Capellà, M., Puigserver, M.M.: On the practicability of using group signatures on mobile devices,: implementation and performance analysis on the android platform. Int. J. Inf. Sec. 14(4), 335–345 (2015)

    Article  Google Scholar 

  32. Kiayias, A., Tsiounis, Y., Yung, M.: Traceable signatures. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 571–589. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  33. Kiayias, A., Yung, M.: Secure scalable group signature with dynamic joins and separable authorities. IJSN 1(1/2), 24–45 (2006)

    Article  Google Scholar 

  34. Langlois, A., Ling, S., Nguyen, K., Wang, H.: Lattice-based group signature scheme with verifier-local revocation. In: Public Key Cryptography, pp. 345–361 (2014)

    Google Scholar 

  35. Libert, B., Peters, T., Yung, M.: Group signatures with almost-for-free revocation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 571–589. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  36. Libert, B., Peters, T., Yung, M.: Scalable group signatures with revocation. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 609–627. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  37. Libert, B., Peters, T., Yung, M.: Short group signatures via structure-preserving signatures: standard model security from simple assumptions. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 296–316. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  38. Libert, B., Vergnaud, D.: Group signatures with verifier-local revocation and backward unlinkability in the standard model. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 498–517. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  39. Malina, L., Vives-Guasch, A., Castellà-Roca, J., Viejo, A., Hajny, J.: Efficient group signatures for privacy-preserving vehicular networks. Telecommun. Syst. 58(4), 293–311 (2015)

    Article  Google Scholar 

  40. Mamun, M.S.I., Miyaji, A.: Secure VANET applications with a refined group signature. In: PST, pp. 199–206 (2014)

    Google Scholar 

  41. Nakanishi, T., Fujiwara, T., Watanabe, H.: A linkable group signature and its application to secret voting. JIP 40(7), 3085–3096 (1999)

    MathSciNet  Google Scholar 

  42. Nakanishi, T., Funabiki, N.: Verifier-local revocation group signature schemes with backward unlinkability from bilinear maps. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 533–548. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  43. Nakanishi, T., Funabiki, N.: A short verifier-local revocation group signature scheme with backward unlinkability. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 17–32. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  44. Ohtake, G., Fujii, A., Hanaoka, G., Ogawa, K.: On the theoretical gap between group signatures with and without unlinkability. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 149–166. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  45. Sakai, Y., Schuldt, J.C.N., Emura, K., Hanaoka, G., Ohta, K.: On the security of dynamic group signatures: preventing signature hijacking. In: Public Key Cryptography, pp. 715–732 (2012)

    Google Scholar 

  46. Sánchez, A.H., Rodríguez-Henríquez, F.: NEON implementation of an attribute-based encryption scheme. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 322–338. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  47. Unterluggauer, T., Slamanig, D., Spreitzer, R.: Adding controllable linkability to pairing-based group signatures for free. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds.) ISC 2014. LNCS, vol. 8783, pp. 388–400. Springer, Heidelberg (2014)

    Google Scholar 

  48. Wu, Q., Domingo-Ferrer, J., González-Nicolás, Ú.: Balanced trustworthiness, safety, and privacy in vehicle-to-vehicle communications. IEEE T. Veh. Technol. 59(2), 559–573 (2010)

    Article  Google Scholar 

  49. Yang, L., Tang, S., Yang, G.: A novel group signature scheme based on MPKC. In: Bao, F., Weng, J. (eds.) ISPEC 2011. LNCS, vol. 6672, pp. 181–195. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  50. Zavattoni, E., Perez, L.J.D., Mitsunari, S., Sánchez-Ramírez, A.H., Teruya, T., Rodríguez-Henríquez, F.: Software implementation of an attribute-based encryption scheme. IEEE Trans. Comput. 64(5), 1429–1441 (2015)

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgement

We would like to thank anonymous reviewers of LightSec 2015 and Dr. Ryo Nojima for their helpful comments and suggestions.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Keita Emura .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Emura, K., Hayashi, T. (2016). A Light-Weight Group Signature Scheme with Time-Token Dependent Linking. In: Güneysu, T., Leander, G., Moradi, A. (eds) Lightweight Cryptography for Security and Privacy. LightSec 2015. Lecture Notes in Computer Science(), vol 9542. Springer, Cham. https://doi.org/10.1007/978-3-319-29078-2_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-29078-2_3

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-29077-5

  • Online ISBN: 978-3-319-29078-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics