Skip to main content
SpringerLink
Log in

A Revocable Group Signature Scheme with Scalability from Simple Assumptions and Its Implementation

  • Conference paper
  • First Online:
Information Security (ISC 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11060))

Included in the following conference series:

Abstract

Group signatures are signatures providing signer anonymity where signers can produce signatures on behalf of the group that they belong to. Although such anonymity is quite attractive considering privacy issues, it is not trivial to check whether a signer has been revoked or not. Thus, how to revoke the rights of signers is one of the major topics in the research on group signatures. In particular, scalability, where the signing and verification costs and the signature size are constant in terms of the number of signers N, and other costs regarding signers are at most logarithmic in N, is quite important. In this paper, we propose a revocable group signature scheme which is currently more efficient compared to previous all scalable schemes. Moreover, our revocable group signature scheme is secure under simple assumptions (in the random oracle model), whereas all scalable schemes are secure under q-type assumptions. Finally, we implemented our scheme by employing the Barreto-Lynn-Scott curves over a 455-bit prime field (BLS455), and the Barreto-Naehrig curves over a 382-bit prime field (BN382), respectively, by using the RELIC library. We showed that the running times of our signing algorithm were approximately 21 ms (BLS455) and 17 ms (BN382), and those of our verification algorithm were approximately 31 ms (BLS455) and 24 ms (BN382), respectively.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We can easily see that the underlying sigma protocol has unique responses. Let all values, except \(\mathsf{resp}=(s_\mathsf {ID},s_\theta ,s_u)\), be fixed. Then, assume that an accepted response \((s^\prime _\mathsf {ID},s^\prime _\theta ,s^\prime _u)\ne (s_\mathsf {ID},s_\theta ,s_u)\) exists. Then, from \(g^{s_\theta }\cdot C_1^{-c}=g^{s^\prime _\theta }\cdot C_1^{-c}\), \(s_\theta =s^\prime _\theta \) holds. From \(v_1^{s_{\mathsf {ID}}}\cdot X_{\mathsf {ID}}^{s_\theta }\cdot C_{ID}^{-c}=v_1^{s^\prime _{\mathsf {ID}}}\cdot X_{\mathsf {ID}}^{s^\prime _\theta }\cdot C_{ID}^{-c}\) and \(s_\theta =s^\prime _\theta \), \(s_{\mathsf {ID}}=s^\prime _{\mathsf {ID}}\) holds. From \({v_2}^{s_u}\cdot {X_u}^{s_\theta }\cdot C_u^{-c}={v_2}^{s^\prime _u}\cdot {X_u}^{s^\prime _\theta }\cdot C_u^{-c}\) and \(s_\theta =s^\prime _\theta \), \(s_u=s^\prime _u\) holds. Thus, \((s^\prime _\mathsf {ID},s^\prime _\theta ,s^\prime _u)=(s_\mathsf {ID},s_\theta ,s_u)\) holds and this shows that the sigma protocol has unique responses, and the NIZK proof system converted by the Fiat-Shamir transformation is simulation sound.

References

  1. Intel Enhanced Privacy ID (EPID) Security Technology. https://software.intel.com/en-us/articles/intel-enhanced-privacy-id-epid-security-technology

  2. Intel Software Guard Extensions (Intel SGX). https://software.intel.com/en-us/sgx

  3. Akane, M., Nogami, Y., Morikawa, Y.: Fast ate pairing computation of embedding degree 12 using subfield-twisted elliptic curve. IEICE Trans. 92-A(2), 508–516 (2009)

    Google Scholar 

  4. Aranha, D.F., Gouvêa, C.P.L.: RELIC is an Efficient LIbrary for Cryptography. https://github.com/relic-toolkit/relic

  5. Attrapadung, N., Emura, K., Hanaoka, G., Sakai, Y.: A revocable group signature scheme from identity-based revocation techniques: achieving constant-size revocation list. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 419–437. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07536-5_25

    Chapter  Google Scholar 

  6. Attrapadung, N., Emura, K., Hanaoka, G., Sakai, Y.: Revocable group signature with constant-size revocation list. Comput. J. 58(10), 2698–2715 (2015)

    Article  Google Scholar 

  7. Barbulescu, R., Duquesne, S.: Updating key size estimations for pairings. IACR Cryptology ePrint Archive 2017:334 (2017)

    Google Scholar 

  8. Barbulescu, R., Duquesne, S.: Updating key size estimations for pairings. J. Cryptol. (2018). https://doi.org/10.1007/s00145-018-9280-5

  9. Barreto, P.S.L.M., Lynn, B., Scott, M.: Constructing elliptic curves with prescribed embedding degrees. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 257–267. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36413-7_19

    Chapter  Google Scholar 

  10. Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006). https://doi.org/10.1007/11693383_22

    Chapter  Google Scholar 

  11. Begum, N., Nakanishi, T., Sadiah, S., Islam, M.E.: Implementation of a revocable group signature scheme with compact revocation list using accumulator. In: CANDAR, pp. 610–615 (2016)

    Google Scholar 

  12. Bellare, M., Boldyreva, A., Kurosawa, K., Staddon, J.: Multirecipient encryption schemes: how to save on bandwidth and computation without sacrificing security. IEEE Trans. Inf. Theor. 53(11), 3927–3943 (2007)

    Article  MathSciNet  Google Scholar 

  13. Bichsel, P., Camenisch, J., Neven, G., Smart, N.P., Warinschi, B.: Get shorty via group signatures without encryption. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 381–398. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15317-4_24

    Chapter  Google Scholar 

  14. Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28628-8_3

    Chapter  Google Scholar 

  15. Boneh, D., Shacham, H.: Group signatures with verifier-local revocation. In: ACM CCS, pp. 168–177 (2004)

    Google Scholar 

  16. Bootle, J., Cerulli, A., Chaidos, P., Ghadafi, E., Groth, J.: Foundations of fully dynamic group signatures. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 117–136. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39555-5_7

    Chapter  Google Scholar 

  17. Brickell, E., Li, J.: Enhanced privacy ID from bilinear pairing for hardware authentication and attestation. In: IEEE SocialCom, pp. 768–775 (2010)

    Google Scholar 

  18. Camenisch, J., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_5

    Chapter  Google Scholar 

  19. Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46416-6_22

    Chapter  Google Scholar 

  20. Cheon, J.H.: Discrete logarithm problems with auxiliary inputs. J. Cryptol. 23(3), 457–476 (2010)

    Article  MathSciNet  Google Scholar 

  21. Chow, S.S.M., Zhang, H., Zhang, T.: Real hidden identity-based signatures. In: Kiayias, A. (ed.) FC 2017. LNCS, vol. 10322, pp. 21–38. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70972-7_2

    Chapter  Google Scholar 

  22. Cramer, R., Damgård, I., MacKenzie, P.D.: Efficient zero-knowledge proofs of knowledge without intractability assumptions. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 354–372. Springer, Heidelberg (2000). https://doi.org/10.1007/978-3-540-46588-1_24

    Chapter  Google Scholar 

  23. Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167–226 (2003)

    Article  MathSciNet  Google Scholar 

  24. Delerablée, C., Pointcheval, D.: Dynamic fully anonymous short group signatures. In: Nguyen, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 193–210. Springer, Heidelberg (2006). https://doi.org/10.1007/11958239_13

    Chapter  Google Scholar 

  25. Derler, D., Slamanig, D.: Highly-efficient fully-anonymous dynamic group signatures. In: ACM AsiaCCS, pp. 551–565 (2018)

    Google Scholar 

  26. Emura, K., Hayashi, T.: Road-to-vehicle communications with time-dependent anonymity: a lightweight construction and its experimental results. IEEE Trans. Veh. Technol. 67(2), 1582–1597 (2018)

    Article  Google Scholar 

  27. Emura, K., Hayashi, T., Ishida, A.: Group signatures with time-bound keys revisited: a new model and an efficient construction. In: ACM AsiaCCS, pp. 777–788 (2017)

    Google Scholar 

  28. Emura, K., Miyaji, A., Omote, K.: An \(r\)-hiding revocable group signature scheme: group signatures with the property of hiding the number of revoked users. J. Appl. Math. 2014, 983040:1–983040:14 (2014)

    Article  Google Scholar 

  29. Fan, C.-I., Hsu, R.-H., Manulis, M.: Group signature with constant revocation costs for signers and verifiers. In: Lin, D., Tsudik, G., Wang, X. (eds.) CANS 2011. LNCS, vol. 7092, pp. 214–233. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25513-7_16

    Chapter  Google Scholar 

  30. Faust, S., Kohlweiss, M., Marson, G.A., Venturi, D.: On the non-malleability of the Fiat-Shamir transform. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 60–79. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34931-7_5

    Chapter  Google Scholar 

  31. Furukawa, J., Imai, H.: An efficient group signature scheme from bilinear maps. IEICE Trans. 89-A(5), 1328–1338 (2006)

    Google Scholar 

  32. Groth, J.: Fully anonymous group signatures without random Oracles. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 164–180. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76900-2_10

    Chapter  Google Scholar 

  33. Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_24

    Chapter  Google Scholar 

  34. Kiayias, A., Yung, M.: Secure scalable group signature with dynamic joins and separable authorities. IJSN 1(1/2), 24–45 (2006)

    Article  Google Scholar 

  35. Kiayias, A., Zhou, H.: Hidden identity-based signatures. IET Inf. Secur. 3(3), 119–127 (2009)

    Article  Google Scholar 

  36. Kiltz, E., Wee, H.: Quasi-adaptive NIZK for linear subspaces revisited. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 101–128. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_4

    Chapter  Google Scholar 

  37. Kumar, V., Li, H., Park, J.J., Bian, K., Yang, Y.: Group signatures with probabilistic revocation: a computationally-scalable approach for providing privacy-preserving authentication. In: ACM CCS, pp. 1334–1345 (2015)

    Google Scholar 

  38. Langlois, A., Ling, S., Nguyen, K., Wang, H.: Lattice-based group signature scheme with verifier-local revocation. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 345–361. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54631-0_20

    Chapter  Google Scholar 

  39. Libert, B., Mouhartem, F., Peters, T., Yung, M.: Practical “signatures with efficient protocols” from simple assumptions. In: ACM AsiaCCS, pp. 511–522 (2016)

    Google Scholar 

  40. Libert, B., Peters, T., Yung, M.: Group signatures with almost-for-free revocation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 571–589. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32009-5_34

    Chapter  Google Scholar 

  41. Libert, B., Peters, T., Yung, M.: Scalable group signatures with revocation. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 609–627. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_36

    Chapter  Google Scholar 

  42. Libert, B., Peters, T., Yung, M.: Short group signatures via structure-preserving signatures: standard model security from simple assumptions. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 296–316. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48000-7_15

    Chapter  Google Scholar 

  43. Libert, B., Vergnaud, D.: Group signatures with verifier-local revocation and backward unlinkability in the standard model. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 498–517. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10433-6_34

    Chapter  MATH  Google Scholar 

  44. Nakanishi, T., Fujii, H., Hira, Y., Funabiki, N.: Revocable group signature schemes with constant costs for signing and verifying. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 463–480. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00468-1_26

    Chapter  Google Scholar 

  45. Nakanishi, T., Funabiki, N.: Verifier-local revocation group signature schemes with backward unlinkability from bilinear maps. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 533–548. Springer, Heidelberg (2005). https://doi.org/10.1007/11593447_29

    Chapter  Google Scholar 

  46. Nakanishi, T., Funabiki, N.: A short verifier-local revocation group signature scheme with backward unlinkability. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 17–32. Springer, Heidelberg (2006). https://doi.org/10.1007/11908739_2

    Chapter  Google Scholar 

  47. Nakanishi, T., Funabiki, N.: Revocable group signatures with compact revocation list using accumulators. IEICE Trans. 98-A(1), 117–131 (2015)

    Google Scholar 

  48. Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_3

    Chapter  Google Scholar 

  49. Ohara, K., Emura, K., Hanaoka, G., Ishida, A., Ohta, K., Sakai, Y.: Shortening the Libert-Peters-Yung revocable group signature scheme by using the random Oracle methodology. IACR Cryptology ePrint Archive 2016:477 (2016)

    Google Scholar 

  50. Pointcheval, D., Sanders, O.: Short randomizable signatures. In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 111–126. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29485-8_7

    Chapter  Google Scholar 

  51. Rahaman, S., Cheng, L., Yao, D.D., Li, H., Park, J.J.: Provably secure anonymous-yet-accountable crowdsensing with scalable sublinear revocation. In: PoPETs, vol. 2017, no. 4, pp. 384–403 (2017)

    Google Scholar 

  52. Sadiah, S., Nakanishi, T.: Revocable group signatures with compact revocation list using vector commitments. IEICE Trans. 100-A(8), 1672–1682 (2017)

    Google Scholar 

  53. Slamanig, D., Spreitzer, R., Unterluggauer, T.: Adding controllable linkability to pairing-based group signatures for free. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds.) ISC 2014. LNCS, vol. 8783, pp. 388–400. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-13257-0_23

    Chapter  Google Scholar 

  54. Slamanig, D., Spreitzer, R., Unterluggauer, T.: Linking-based revocation for group signatures: a pragmatic approach for efficient revocation checks. In: Phan, R.C.-W., Yung, M. (eds.) Mycrypt 2016. LNCS, vol. 10311, pp. 364–388. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61273-7_18

    Chapter  Google Scholar 

  55. Unruh, D.: Quantum proofs of knowledge. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 135–152. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_10

    Chapter  Google Scholar 

Download references

Acknowledgement

This work was partially supported by the JSPS KAKENHI Grant Number JP16K00198.

Author information

Authors and Affiliations

  1. National Institute of Information and Communications Technology (NICT), Tokyo, Japan

    Keita Emura & Takuya Hayashi

Authors
  1. Keita Emura
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Takuya Hayashi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Keita Emura .

Editor information

Editors and Affiliations

  1. University of Surrey, Guildford, United Kingdom

    Liqun Chen

  2. University of Surrey, Guildford, United Kingdom

    Mark Manulis

  3. University of Surrey, Guildford, United Kingdom

    Steve Schneider

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Emura, K., Hayashi, T. (2018). A Revocable Group Signature Scheme with Scalability from Simple Assumptions and Its Implementation. In: Chen, L., Manulis, M., Schneider, S. (eds) Information Security. ISC 2018. Lecture Notes in Computer Science(), vol 11060. Springer, Cham. https://doi.org/10.1007/978-3-319-99136-8_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-99136-8_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-99135-1

  • Online ISBN: 978-3-319-99136-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation