Phong Q. Nguyen,Jiang Zhang,Zhenfeng Zhang

DOI: https://doi.org/10.1007/978-3-662-46447-2_18

2015-01-01

Abstract:A group signature allows a group member to anonymously sign messages on behalf of the group. In the past few years, new group signatures based on lattice problems have appeared: the most efficient lattice-based constructions are due to Laguillaumie et al. (Asiacrypt ’13) and Langlois et al. (PKC ’14). Both have at least $$O(n^2\log ^2 n \log N)$$-bit group public key and $$O(n\log ^3 n\log N)$$-bit signature, where $$n$$ is the security parameter and $$N$$ is the maximum number of group members. In this paper, we present a simpler lattice-based group signature, which is more efficient by a $$O(\log N)$$ factor in both the group public key and the signature size. We achieve this by using a new non-interactive zero-knowledge (NIZK) proof corresponding to a simple identity-encoding function. The security of our group signature can be reduced to the hardness of SIS and LWE in the random oracle model.

Ward Beullens,Thorsten Kleinjung,Frederik Vercauteren

DOI: https://doi.org/10.1007/978-3-030-34578-5_9

2019-01-01

Abstract:AbstractIn this paper we report on a new record class group computation of an imaginary quadratic field having 154-digit discriminant, surpassing the previous record of 130 digits. This class group is central to the CSIDH-512 isogeny based cryptosystem, and knowing the class group structure and relation lattice implies efficient uniform sampling and a canonical representation of its elements. Both operations were impossible before and allow us to instantiate an isogeny based signature scheme first sketched by Stolbunov. We further optimize the scheme using multiple public keys and Merkle trees, following an idea by De Feo and Galbraith. We also show that including quadratic twists allows to cut the public key size in half for free. Optimizing for signature size, our implementation takes 390 ms to sign/verify and results in signatures of 263 bytes, at the expense of a large public key. This is 300 times faster and over 3 times smaller than an optimized version of SeaSign for the same parameter set. Optimizing for public key and signature size combined, results in a total size of 1468 bytes, which is smaller than any other post-quantum signature scheme at the 128-bit security level.

Meryem Soysaldı Şahin,Sedat Akleylek

DOI: https://doi.org/10.1016/j.jksuci.2021.12.014

2022-02-01

Abstract:A group signature allows a group member who signs the message on behalf of the other group members. Any recipient also verifies the signature without knowing the signer. However, it is possible to reveal the signer’s identity since the group signatures have the tracing mechanism. In general, the group signature size increases the number of group members. However, the schemes are also proposed with the constant signature size. On the other hand, the security of some schemes are based on the discrete logarithm and factorization problems while some schemes which are secure against quantum attacks are proposed. To the best of our knowledge, the signature scheme in the group concept has not been proposed on lattices in quantum oracles. In this paper, we propose a new constant-size and partially-dynamic group signature scheme on lattice assumptions. We combine the Dilithium signature scheme, a Stern-like zero-knowledge scheme and Regev’s encryption scheme. We give a zero-knowledge argument system for our proposed scheme and security analysis in the quantum random oracle model. According to the comparison results, the proposed scheme has better size complexity in asymptotic concept.

Shuichi Katsumata,Yi-Fu Lai,Jason T. LeGrow,Ling Qin

DOI: https://doi.org/10.1007/s10623-024-01441-7

IF: 1.4

2024-07-19

Designs Codes and Cryptography

Abstract:In this paper, we construct the first provably-secure isogeny-based (partially) blind signature scheme. While at a high level the scheme resembles the Schnorr blind signature, our work does not directly follow from that construction, since isogenies do not offer as rich an algebraic structure. Specifically, our protocol does not fit into the linear identification protocol abstraction introduced by Hauck, Kiltz, and Loss (EUROCYRPT'19), which was used to generically construct Schnorr-like blind signatures based on modules such as classical groups and lattices. Consequently, our scheme is provably secure in the random oracle model (ROM) against poly-logarithmically-many concurrent sessions assuming the subexponential hardness of the group action inverse problem. In more detail, our blind signature exploits the quadratic twist of an elliptic curve in an essential way to endow isogenies with a strictly richer structure than abstract group actions (but still more restrictive than modules). The basic scheme has public key size 128 B and signature size 8 KB under the CSIDH-512 parameter sets—these are the smallest among all provably secure post-quantum secure blind signatures. Relying on a new ring variant of the group action inverse problem ( ), we can halve the signature size to 4 KB while increasing the public key size to 512 B. We provide preliminary cryptanalysis of and show that for certain parameter settings, it is essentially as secure as the standard . Finally, we show a novel way to turn our blind signature into a partially blind signature, where we deviate from prior methods since they require hashing into the set of public keys while hiding the corresponding secret key—constructing such a hash function in the isogeny setting remains an open problem.

mathematics, applied,computer science, theory & methods

Tian Qiu,Lin Hou,Dongdai Lin

DOI: https://doi.org/10.1007/978-3-030-41579-2_21

2019-01-01

Abstract:Group signature allows group members to sign on behalf of the group anonymously, and incorporate some tracing mechanism to identify the actual signer. Multi-group signature (MGS), introduced by Ateniese and Tsudik (FC'99), is a proper generalization of group signature. It allows signers to sign messages anonymously on behalf of multiple groups and has extensive applications in electronic commerce. However, all existing MGS schemes are from classical assumptions and will be insecure once quantum computers come true.In this paper, we propose the first MGS scheme in the lattice setting which is also the first quantum-resistant proposal. The keystone of our work is a zero-knowledge argument of knowledge (ZKAoK) system of different syndromes of the same vector based on the work by Libert et al. (Asiacrypt'16) and Ling et al. (PKC'18). With additional signing and encryption layers, our ZKAoK allows the signer to prove memberships in multiple groups simultaneously, which is the key issue on the MGS construction, and it can be of independent interest. For security proofs, we formalize the MGS model in the framework of Bellare et al. (CT-RSA'05).

Yiru Sun,Yanyan Liu,Bo Wu

DOI: https://doi.org/10.1186/s42400-019-0037-8

2019-07-17

Abstract:The group signature scheme is an important primitive in cryptography, it allows members in a group to generate signatures anonymously on behalf of the whole group. In view of the practical application of such schemes, it is necessary to allow users' registration and revocation when necessary, which makes the construction of dynamic group signature schemes become a significant direction. On the basis of (Ling et al., Lattice-based group signatures: achieving full dynamicity with ease, 2017), we present the first full dynamic group signature scheme over ring, and under the premise of ensuring security, the efficiency of the scheme is improved mainly from the following three aspects: the size of keys, the dynamic construction of a Merkle hash tree that used to record the information of registered users, and the reuse of the leaves in this tree. In addition, the public and secret keys of both group manager and trace manager are generated by a trusted third party, which prevents the situation that the two managers generate their respective public key and secret key maliciously. Compared with the counterpart of the scheme in (Ling et al., Lattice-based group signatures: achieving full dynamicity with ease, 2017) over ring, the expected space complexity of the Merkle tree used in our work down almost by half, and the computational complexity of its update has been reduced by a notch because of the dynamic construction of the hash tree.

computer science, information systems, interdisciplinary applications, software engineering

Simin Chen,Jiageng Chen

DOI: https://doi.org/10.1016/j.heliyon.2023.e14917

IF: 3.776

2023-03-28

Heliyon

Abstract:Group signatures allow users to sign messages on behalf of a group without revealing authority is capable of identifying the user who generated it. However, the exposure of the user's signing key will severely damage the group signature scheme. In order to reduce the loss caused by signing key leakage, Song proposed the first forward-secure group signature. If a group signing key is revealed at the current time period, the previous signing key will not be affected. This means that the attacker cannot forge group signatures regarding messages signed in the past. To resist quantum attacks, many lattice-based forward-secure group signatures have been proposed. However, their key-update algorithm is expensive since they require some costly computations such as the Hermite normal form (HNF) operations and conversion from a full-rank set of lattice vectors into a basis. In this paper, we propose the group signature with forward security from lattice. In comparison with previous works, we have several advantages: Firstly, our scheme is more effective since we only need to sample some vectors independently from a discrete Gaussian during the key-update algorithm. Secondly, the derived secret key size is linear instead of quadratic with the lattice dimensions, which is more friendly towards lightweight applications. Anonymous authentication plays an increasingly critical role in protecting privacy and security in the environment where private information could be collected for intelligent analysis. Our work contributes to the anonymous authentication in the post-quantum setting, which has wide potential applications in the IoT environment.

Zhijian Liao,Qiong Huang,Xinjian Chen

DOI: https://doi.org/10.1186/s42400-022-00122-z

2022-10-03

Abstract:A forward-secure group signature (FSGS) ensures the unforgeability of signatures in the past time period despite signing secret key is leaked in the current time period. As we know, traditional FSGS schemes are mostly relying on number-theoretic assumptions unable to resist quantum attacks. Therefore, we present an efficient lattice-based fully dynamic (i.e. users can flexibly join or quit the group) forward-secure group signature (DFSGS) by combining an improved version of FSGS scheme proposed by Ling. Based on an efficient zero-knowledge argument, we construct argument of knowledge of the committed value and the plaintext that help with privacy protection. Our DFSGS scheme is proved to be anonymous and forward-secure traceable relying on short integer solution and learning with errors assumptions in random oracle model. Moreover, the lengths of group public key and signature of our DFSGS scheme have been improved, and the length of user secret key has no connection with the quantity of group members.

computer science, information systems, interdisciplinary applications, software engineering

M. H. Abhilash,B. B. Amberker

DOI: https://doi.org/10.1007/s41870-022-00891-3

2022-02-22

International Journal of Information Technology

Abstract:Group signature scheme is a cryptographic primitive that allows its registered group users (or members) to generate signatures on behalf of the whole group without revealing their identity. An important feature of a group signature scheme is revocation, which allows an authorized entity called group manager to remove users from the group. Verifier Local Revocation (VLR) is a most commonly used revocation mechanism in group signature schemes because of its simplicity and efficiency. In VLR, the group manager maintains a publicly available revocation list that contains information about the revoked users. The cost of group signature verification is proportional to the size of the revocation list. To decrease the verification cost, it is enough to reduce the size of the revocation list. We use the notion of time bound signing keys for this and propose a dynamic group signature scheme. In the proposed scheme, an expiration time τ\documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$$\tau$$\end{document} is fixed for the signing key of each group member. A user who is generating signature at time t must prove, he is a valid group member and his signing key is not expired, i.e., t≤τ\documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$$t \le \tau$$\end{document}. Group user after the signing key expiration time are considered as ‘naturally’ revoked. Group users may be revoked before the expiration time if necessary, and it is considered ‘premature’ revocation. Hence, the revocation list needs to include the information about prematurely revoked users only. As a result, the size of the revocation list will be small, particularly in situations where natural revocation accounts for a large proportion of the total revocation.

Qing Ye,Xiaomeng Yang,Xixi Yan,Zongqu Zhao

DOI: https://doi.org/10.1007/978-3-030-00012-7_50

2018-01-01

Abstract:Group signature schemes empower users to sign messages in the name of a group at the same time (1) keeping anonymity with respect to an outsider, and (2) guaranteeing traceability of a signer when needed. In this work we construct a new group signature scheme based on NTRU lattices. To achieve goals, we use a new algorithm for sampling a basis on NTRU lattice. Group signatures have many features, such as anonymity and traceability. They play an important role in the field of cryptography, and group-based group signatures are more resistant to quantum attacks. However, the unique advantages of lattice cryptography have the disadvantage of space consumption. At present the group signature schemes has high communication cost, and their size of system public key size is too large. Hence NTRU lattice is a kind of special lattice based on polynomial ring, and only involves polynomial ring small integer multiplication and modular arithmetic compared with the general case. NTRU lattice system shortens the length of public key, and has the faster computing speed. In order to reduce the size of the lattice key, this paper uses the Gaussian discrete distributed sampling algorithm on the NTRU lattice to construct a new NTRU lattice-based group signature. And provide relevant safety certification and efficiency analysis.

Joo Woo,Kwangsu Lee,Jong Hwan Park

DOI: https://doi.org/10.1371/journal.pone.0310708

IF: 3.7

2024-09-23

PLoS ONE

Abstract:In 2009, Lyubashevsky proposed a lattice-based signature scheme using the Schnorr-like identification and the Fiat-Shamir heuristic and proved its security under the collision resistance of a generalized compact knapsack function. However, their security analysis requires the witness indistinguishability property, leading to significant inefficiency and an increase of sizes of public key and signature. To overcome the efficiency issue associated with the WI property, we introduce a new lattice-based assumption, called the target-modified one-wayness problem of the GCK function and show its reduction to well-known lattice-based problems. Additionally, we present a simple and efficient GCK-based signature scheme, GCKSign, whose security is based on the Module GCK-TMO problem in the random oracle model. GCKSign is a natural extension of Lyubashevsky's scheme in a module setting, but achieves considerable efficiency gains due to eliminating the witness indistinguishability property. As a result, GCKSign achieves approximately 3.4 times shorter signature size and 2.4 times shorter public key size at the same security level.

Miaomiao Tian,Liusheng Huang

DOI: https://doi.org/10.3233/FI-2016-1353

2016-01-01

Fundamenta Informaticae

Abstract:Identity-based signature is an important technique for light-weight authentication. Recently, many efforts have been made to construct identity-based signatures over lattice assumptions since they would remain secure in future quantum age. In this paper we present a new identity-based signature scheme from lattice problems. This scheme is more efficient than other lattice-based identity-based signature schemes in terms of both computation and communication complexities. We prove its security in the random oracle model under short integer solution assumption that is as hard as approximating several worst-case lattice problems. We also extend the scheme to an identity-based message recovery signature scheme that has better performance.

Xiaojun Zhang,Chunxiang Xu,Chunhua Jin,Run Xie

DOI: https://doi.org/10.1016/j.compeleceng.2013.12.003

IF: 4.152

2014-01-01

Computers & Electrical Engineering

Abstract:All regular cryptographic schemes rely on the security of the secret key. However, with the explosive use of some relatively insecure mobile devices, the key exposure problem has become more aggravated. In this paper, we propose an efficient forward secure identity-based signature (FSIBS) scheme from lattice assumption, with its security based on the small integer solution problem (SIS) in the random oracle model. Our scheme can guarantee the unforgeability of the past signatures even if the current signing secret key is revealed. Moreover, the signature size and the secret key size of our scheme are unchanged and much shorter. To the best of our knowledge, our construction is the first FSIBS scheme based on lattice which can resist quantum attack. Furthermore, we extend our FSIBS scheme to a forward secure identity-based signature scheme in the standard model.

Wen Gao,Yupu Hu,Yanhua Zhang,Baocang Wang

DOI: https://doi.org/10.1007/s12204-017-1837-1

2017-05-30

Journal of Shanghai Jiaotong University (Science)

Abstract:Among several post quantum primitives proposed in the past few decades, lattice-based cryptography is considered as the most promising one, due to its underlying rich combinatorial structure, and the worst-case to average-case reductions. The first lattice-based group signature scheme with verifier-local revocation (VLR) is treated as the first quantum-resistant scheme supported member revocation, and was put forward by Langlois et al. This VLR group signature (VLR-GS) has group public key size of O(nm log N log q), and a signature size of O(tm logN log q log β). Nguyen et al. constructed a simple efficient group signature from lattice, with significant advantages in bit-size of both the group public key and the signature. Based on their work, we present a VLR-GS scheme with group public key size of O(nm log q) and signature size of O(tm log q). Our group signature has notable advantages: support of membership revocation, and short in both the public key size and the signature size.

Miaomiao Tian,Liusheng Huang

DOI: https://doi.org/10.3233/FI-2016-1353

2016-01-01

Fundamenta Informaticae

Abstract:Identity-based signature is an important technique for light-weight authentication. Recently, many efforts have been made to construct identity-based signatures over lattice assumptions since they would remain secure in future quantum age. In this paper we present a new identity-based signature scheme from lattice problems. This scheme is more efficient than other lattice-based identity-based signature schemes in terms of both computation and communication complexities. We prove its security in the random oracle model under short integer solution assumption that is as hard as approximating several worst-case lattice problems. We also extend the scheme to an identity-based message recovery signature scheme that has better performance.

Jayashree Dey,Ratna Dutta

DOI: https://doi.org/10.3934/amc.2022077

2022-01-01

Advances in Mathematics of Communications

Abstract:Since its introduction by Chaum and Heyst, group signature has been one of the most active areas of cryptographic research with numerous applications to computer security and privacy. Group signature permits the members of a group to sign a document on behalf of the entire group keeping signer's identity secret and enabling disclosure of the signer's identity if required. In this work, we present the first code-based fully-dynamic group signature scheme which allows group members to join or leave the group at any point of time. We employ a code-based updatable Merkle-tree accumulator in our design to achieve logarithmic-size signature and utilize randomized Niederreiter encryption to trace the identity of the signer. More positively, we equipped our scheme with deniability characteristic whereby the tracing authority can furnish evidence showing that a given member is not the signer of a particular signature. Our scheme satisfies the security requirements of anonymity , non-frameability , traceability and tracing-soundness in the random oracle model under the hardness of generic decoding problem. We emphasize that our scheme provides full-dynamicity, features deniability in contrast to the existing code-based group signature schemes and works favourably in terms of signature size, group public key size and secret key size.

computer science, theory & methods,mathematics, applied

Gongming Zhao,Miaomiao Tian

DOI: https://doi.org/10.1007/978-3-030-01446-9_16

2018-01-01

Abstract:Ring signature is an attractive cryptographic primitive that has been widely used in many fields because of its anonymity. Traditional ring signatures rely on the public key infrastructure and require lots of digital certificates. To eliminate the digital certificates, Zhang and Kim (Asiacrypt’02) introduced the concept of identity-based ring signatures. So far, however there is few identity-based ring signatures built on lattice-related assumptions and they are not efficient enough for applications. In this paper we present a new identity-based ring signature scheme from lattices. Compared with the existing counterparts, our scheme has the advantages of higher computational efficiency and lower storage overhead. We prove the security of our construction in the random oracle model under the short integer solution assumption.

Lei Zhang,Zhiyong Zheng,Wei Wang

DOI: https://doi.org/10.1007/978-981-15-8373-5_5

2021-01-01

Abstract:Group signatureGroup signature has two basic properties: anonymity and traceability. Due to its good properties, it has many applications in economy, politics, electronic voting, privacy protection, anonymous authentication and so on. But traditional group signature could not resist the quantum computational attacks. Lattice theory is seen as the most promising post-quantum crypto theory due to the fact that it is a kind of linear structure and that most of its operations are linear operations. Moreover, the lattice theory has better asymptotic efficiency than others do. The lattice-based group signature can not only keep its original security properties, but also resist quantum attacks, it has become a research hot spot. Therefore we think it’s necessary to sort out the achievements of lattice-based group signature in recent years. In this chapter we first simply reviewed the research progress of the traditional group signature, and then we summarized the main progress on lattice-based group signature schemes in recent years. Then we analysed the tools they used when designing signature schemes. In addition, we made a comparison about functionality and security assumptions. Finally, we put forward the further research direction and the development trend.

Miaomiao Tian,Liusheng Huang

DOI: https://doi.org/10.1504/ijesdf.2013.054403

2013-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:Lattice-based hierarchical identity-based signature HIBS schemes are receiving significant attention due to provable security reductions and potential security for quantum computers. However, most of the existing HIBS schemes based on lattices are less efficient for practical applications. To make lattice-based HIBS schemes become more practical, this paper presents an efficient HIBS scheme from lattices. Both the secret key size and the signature length of our proposal are much shorter than those of other lattice-based HIBS proposals. Our scheme is proven to be strongly unforgeable against adaptive identity attacks in the random oracle model. The security of the construction relies on the standard short integer solution SIS assumption.

BaoHong Li,YanZhi Liu,Sai Yang

DOI: https://doi.org/10.1109/icebe.2018.00062

2018-01-01

Abstract:Universal designated verifier signatures can be used to resolve the conflict between authenticity and privacy in some applications. However, all of existing constructions for this primitive are based on hard problems in number theory, and will be ultimately broken in quantum era. To address this issue, we construct the first lattice-based universal designated verifier signatures as a post-quantum candidate for this primitive. Our construction is obtained by directly extending a ring-based variant of the Gentry-Peikert-Vaikuntanathan signature scheme with some additional algorithms, thus the existing key generation and signing implementation can be used without modification. We also show that our construction is provably secure under the Small Integer Solution problem over rings, in the random oracle model.