Abstract
Group signatures are signatures providing signer anonymity where signers can produce signatures on behalf of the group that they belong to. Although such anonymity is quite attractive considering privacy issues, it is not trivial to check whether a signer has been revoked or not. Thus, how to revoke the rights of signers is one of the major topics in the research on group signatures. In particular, scalability, where the signing and verification costs and the signature size are constant in terms of the number of signers N, and other costs regarding signers are at most logarithmic in N, is quite important. In this paper, we propose a revocable group signature scheme which is currently more efficient compared to previous all scalable schemes. Moreover, our revocable group signature scheme is secure under simple assumptions (in the random oracle model), whereas all scalable schemes are secure under q-type assumptions. Finally, we implemented our scheme by employing the Barreto-Lynn-Scott curves over a 455-bit prime field (BLS455), and the Barreto-Naehrig curves over a 382-bit prime field (BN382), respectively, by using the RELIC library. We showed that the running times of our signing algorithm were approximately 21 ms (BLS455) and 17 ms (BN382), and those of our verification algorithm were approximately 31 ms (BLS455) and 24 ms (BN382), respectively.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
We can easily see that the underlying sigma protocol has unique responses. Let all values, except \(\mathsf{resp}=(s_\mathsf {ID},s_\theta ,s_u)\), be fixed. Then, assume that an accepted response \((s^\prime _\mathsf {ID},s^\prime _\theta ,s^\prime _u)\ne (s_\mathsf {ID},s_\theta ,s_u)\) exists. Then, from \(g^{s_\theta }\cdot C_1^{-c}=g^{s^\prime _\theta }\cdot C_1^{-c}\), \(s_\theta =s^\prime _\theta \) holds. From \(v_1^{s_{\mathsf {ID}}}\cdot X_{\mathsf {ID}}^{s_\theta }\cdot C_{ID}^{-c}=v_1^{s^\prime _{\mathsf {ID}}}\cdot X_{\mathsf {ID}}^{s^\prime _\theta }\cdot C_{ID}^{-c}\) and \(s_\theta =s^\prime _\theta \), \(s_{\mathsf {ID}}=s^\prime _{\mathsf {ID}}\) holds. From \({v_2}^{s_u}\cdot {X_u}^{s_\theta }\cdot C_u^{-c}={v_2}^{s^\prime _u}\cdot {X_u}^{s^\prime _\theta }\cdot C_u^{-c}\) and \(s_\theta =s^\prime _\theta \), \(s_u=s^\prime _u\) holds. Thus, \((s^\prime _\mathsf {ID},s^\prime _\theta ,s^\prime _u)=(s_\mathsf {ID},s_\theta ,s_u)\) holds and this shows that the sigma protocol has unique responses, and the NIZK proof system converted by the Fiat-Shamir transformation is simulation sound.
References
Intel Enhanced Privacy ID (EPID) Security Technology. https://software.intel.com/en-us/articles/intel-enhanced-privacy-id-epid-security-technology
Intel Software Guard Extensions (Intel SGX). https://software.intel.com/en-us/sgx
Akane, M., Nogami, Y., Morikawa, Y.: Fast ate pairing computation of embedding degree 12 using subfield-twisted elliptic curve. IEICE Trans. 92-A(2), 508–516 (2009)
Aranha, D.F., Gouvêa, C.P.L.: RELIC is an Efficient LIbrary for Cryptography. https://github.com/relic-toolkit/relic
Attrapadung, N., Emura, K., Hanaoka, G., Sakai, Y.: A revocable group signature scheme from identity-based revocation techniques: achieving constant-size revocation list. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 419–437. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07536-5_25
Attrapadung, N., Emura, K., Hanaoka, G., Sakai, Y.: Revocable group signature with constant-size revocation list. Comput. J. 58(10), 2698–2715 (2015)
Barbulescu, R., Duquesne, S.: Updating key size estimations for pairings. IACR Cryptology ePrint Archive 2017:334 (2017)
Barbulescu, R., Duquesne, S.: Updating key size estimations for pairings. J. Cryptol. (2018). https://doi.org/10.1007/s00145-018-9280-5
Barreto, P.S.L.M., Lynn, B., Scott, M.: Constructing elliptic curves with prescribed embedding degrees. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 257–267. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36413-7_19
Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006). https://doi.org/10.1007/11693383_22
Begum, N., Nakanishi, T., Sadiah, S., Islam, M.E.: Implementation of a revocable group signature scheme with compact revocation list using accumulator. In: CANDAR, pp. 610–615 (2016)
Bellare, M., Boldyreva, A., Kurosawa, K., Staddon, J.: Multirecipient encryption schemes: how to save on bandwidth and computation without sacrificing security. IEEE Trans. Inf. Theor. 53(11), 3927–3943 (2007)
Bichsel, P., Camenisch, J., Neven, G., Smart, N.P., Warinschi, B.: Get shorty via group signatures without encryption. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 381–398. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15317-4_24
Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_3
Boneh, D., Shacham, H.: Group signatures with verifier-local revocation. In: ACM CCS, pp. 168–177 (2004)
Bootle, J., Cerulli, A., Chaidos, P., Ghadafi, E., Groth, J.: Foundations of fully dynamic group signatures. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 117–136. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39555-5_7
Brickell, E., Li, J.: Enhanced privacy ID from bilinear pairing for hardware authentication and attestation. In: IEEE SocialCom, pp. 768–775 (2010)
Camenisch, J., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_5
Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46416-6_22
Cheon, J.H.: Discrete logarithm problems with auxiliary inputs. J. Cryptol. 23(3), 457–476 (2010)
Chow, S.S.M., Zhang, H., Zhang, T.: Real hidden identity-based signatures. In: Kiayias, A. (ed.) FC 2017. LNCS, vol. 10322, pp. 21–38. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70972-7_2
Cramer, R., Damgård, I., MacKenzie, P.D.: Efficient zero-knowledge proofs of knowledge without intractability assumptions. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 354–372. Springer, Heidelberg (2000). https://doi.org/10.1007/978-3-540-46588-1_24
Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167–226 (2003)
Delerablée, C., Pointcheval, D.: Dynamic fully anonymous short group signatures. In: Nguyen, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 193–210. Springer, Heidelberg (2006). https://doi.org/10.1007/11958239_13
Derler, D., Slamanig, D.: Highly-efficient fully-anonymous dynamic group signatures. In: ACM AsiaCCS, pp. 551–565 (2018)
Emura, K., Hayashi, T.: Road-to-vehicle communications with time-dependent anonymity: a lightweight construction and its experimental results. IEEE Trans. Veh. Technol. 67(2), 1582–1597 (2018)
Emura, K., Hayashi, T., Ishida, A.: Group signatures with time-bound keys revisited: a new model and an efficient construction. In: ACM AsiaCCS, pp. 777–788 (2017)
Emura, K., Miyaji, A., Omote, K.: An \(r\)-hiding revocable group signature scheme: group signatures with the property of hiding the number of revoked users. J. Appl. Math. 2014, 983040:1–983040:14 (2014)
Fan, C.-I., Hsu, R.-H., Manulis, M.: Group signature with constant revocation costs for signers and verifiers. In: Lin, D., Tsudik, G., Wang, X. (eds.) CANS 2011. LNCS, vol. 7092, pp. 214–233. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25513-7_16
Faust, S., Kohlweiss, M., Marson, G.A., Venturi, D.: On the non-malleability of the Fiat-Shamir transform. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 60–79. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34931-7_5
Furukawa, J., Imai, H.: An efficient group signature scheme from bilinear maps. IEICE Trans. 89-A(5), 1328–1338 (2006)
Groth, J.: Fully anonymous group signatures without random Oracles. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 164–180. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76900-2_10
Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_24
Kiayias, A., Yung, M.: Secure scalable group signature with dynamic joins and separable authorities. IJSN 1(1/2), 24–45 (2006)
Kiayias, A., Zhou, H.: Hidden identity-based signatures. IET Inf. Secur. 3(3), 119–127 (2009)
Kiltz, E., Wee, H.: Quasi-adaptive NIZK for linear subspaces revisited. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 101–128. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_4
Kumar, V., Li, H., Park, J.J., Bian, K., Yang, Y.: Group signatures with probabilistic revocation: a computationally-scalable approach for providing privacy-preserving authentication. In: ACM CCS, pp. 1334–1345 (2015)
Langlois, A., Ling, S., Nguyen, K., Wang, H.: Lattice-based group signature scheme with verifier-local revocation. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 345–361. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54631-0_20
Libert, B., Mouhartem, F., Peters, T., Yung, M.: Practical “signatures with efficient protocols” from simple assumptions. In: ACM AsiaCCS, pp. 511–522 (2016)
Libert, B., Peters, T., Yung, M.: Group signatures with almost-for-free revocation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 571–589. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_34
Libert, B., Peters, T., Yung, M.: Scalable group signatures with revocation. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 609–627. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_36
Libert, B., Peters, T., Yung, M.: Short group signatures via structure-preserving signatures: standard model security from simple assumptions. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 296–316. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48000-7_15
Libert, B., Vergnaud, D.: Group signatures with verifier-local revocation and backward unlinkability in the standard model. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 498–517. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10433-6_34
Nakanishi, T., Fujii, H., Hira, Y., Funabiki, N.: Revocable group signature schemes with constant costs for signing and verifying. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 463–480. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00468-1_26
Nakanishi, T., Funabiki, N.: Verifier-local revocation group signature schemes with backward unlinkability from bilinear maps. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 533–548. Springer, Heidelberg (2005). https://doi.org/10.1007/11593447_29
Nakanishi, T., Funabiki, N.: A short verifier-local revocation group signature scheme with backward unlinkability. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 17–32. Springer, Heidelberg (2006). https://doi.org/10.1007/11908739_2
Nakanishi, T., Funabiki, N.: Revocable group signatures with compact revocation list using accumulators. IEICE Trans. 98-A(1), 117–131 (2015)
Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_3
Ohara, K., Emura, K., Hanaoka, G., Ishida, A., Ohta, K., Sakai, Y.: Shortening the Libert-Peters-Yung revocable group signature scheme by using the random Oracle methodology. IACR Cryptology ePrint Archive 2016:477 (2016)
Pointcheval, D., Sanders, O.: Short randomizable signatures. In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 111–126. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29485-8_7
Rahaman, S., Cheng, L., Yao, D.D., Li, H., Park, J.J.: Provably secure anonymous-yet-accountable crowdsensing with scalable sublinear revocation. In: PoPETs, vol. 2017, no. 4, pp. 384–403 (2017)
Sadiah, S., Nakanishi, T.: Revocable group signatures with compact revocation list using vector commitments. IEICE Trans. 100-A(8), 1672–1682 (2017)
Slamanig, D., Spreitzer, R., Unterluggauer, T.: Adding controllable linkability to pairing-based group signatures for free. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds.) ISC 2014. LNCS, vol. 8783, pp. 388–400. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13257-0_23
Slamanig, D., Spreitzer, R., Unterluggauer, T.: Linking-based revocation for group signatures: a pragmatic approach for efficient revocation checks. In: Phan, R.C.-W., Yung, M. (eds.) Mycrypt 2016. LNCS, vol. 10311, pp. 364–388. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61273-7_18
Unruh, D.: Quantum proofs of knowledge. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 135–152. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_10
Acknowledgement
This work was partially supported by the JSPS KAKENHI Grant Number JP16K00198.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Emura, K., Hayashi, T. (2018). A Revocable Group Signature Scheme with Scalability from Simple Assumptions and Its Implementation. In: Chen, L., Manulis, M., Schneider, S. (eds) Information Security. ISC 2018. Lecture Notes in Computer Science(), vol 11060. Springer, Cham. https://doi.org/10.1007/978-3-319-99136-8_24
Download citation
DOI: https://doi.org/10.1007/978-3-319-99136-8_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-99135-1
Online ISBN: 978-3-319-99136-8
eBook Packages: Computer ScienceComputer Science (R0)