Luping Wang,Jie Chen,Huan Dai,Chongben Tao

DOI: https://doi.org/10.1016/j.tcs.2024.114407

IF: 1.002

2024-01-31

Theoretical Computer Science

Abstract:Code-based group signature is an important research topic in recent years. Since the pioneering work by Alamélou et al.(WCC 2015), several other schemes have been proposed to provide improvements in security, efficiency and functionality. However, most existing constructions work only in the static setting where the group population is fixed at the setup phase. Only a few schemes address partially dynamic, which can realize only one of users enrollment or revocation. In this work, we provide an efficient code-based fully dynamic group signature (FDGS) scheme, i.e., users have flexibility when joining and leaving the group. Specifically, to upgrade the scheme into a fully dynamic group signature, we first add a dynamic ingredient into the static 2-RNSD Merkle-tree accumulator (ASIACRYPT 2019), then create a simple rule and utilize the Stern-like zero-knowledge protocol to handle users enrollment and revocation efficiently (i.e., without resetting the whole tree). Moreover, our solution is the first exploration of code-based FDGS with constant signature size.

computer science, theory & methods

Run Xie,Chunxiang Xu,Chanlian He,Xiaojun Zhang

DOI: https://doi.org/10.1504/ijesdf.2016.079446

2016-01-01

International Journal of Electronic Security and Digital Forensics

Abstract:Group signatures allow a group member to sign messages anonymously on behalf of the group. Generally, group signatures have anonymity, traceability and authentication. It has been well applied in practical distributed security communication environments. However, very few schemes can achieve the non-frameability and support dynamic membership management. In this paper, we propose a new group signature scheme. Our scheme achieves the non-frameability without the trusted issuer. Meanwhile, this scheme can support dynamic members join and revocation without incurring other secure threats. Furthermore, in our scheme, the size of group member's private key and the size of group public key are shorter than other schemes while the costs to be kept constant for signing and verifying. In particular, we prove that our scheme achieves anonymity, traceability and non-frameability under the random oracle model.

Run Xie,Chunxiang Xu,Chanlian He,Xiaojun Zhang

DOI: https://doi.org/10.3837/tiis.2016.05.025

2016-01-01

KSII Transactions on Internet and Information Systems

Abstract:A group signature scheme allows any member to sign on behalf of a group. It is applied to practical distributed security communication environments, such as privacy-preserving, data mining. In particular, the excellent features of group signatures, including membership joining and revocation, anonymity, traceability, non-frameability and controllable linkability, make group signature scheme more attractive. Among these features, non-frameability can guarantee that a member's signature cannot be forged by any other (including issuer), and controllable linkability supports to confirm whether or not two group signatures are created by the same signer while preserving anonymity. Until now, only Hwang et al.'s group schemes (proposed in 2013 and 2015) can support all of these features. In this paper, we present a new dynamic group signature scheme which can achieve all of the above excellent features. Compared with their schemes, our scheme has the following advantages. Firstly, our scheme achieves more efficient membership revocation, signing and verifying. The cost of update key in our scheme is two-thirds of them. Secondly, the tracing algorithm is simpler, since the signer can be determined without the judging step. Furthermore, in our scheme, the size of group public key and member's private key are shorter. Lastly, we also prove security features of our scheme, such as anonymity, traceability, non-frameability, under a random oracle model.

Maxime Buser,Joseph K. Liu,Ron Steinfeld,Amin Sakzad,Shifeng Sun

DOI: https://doi.org/10.1007/978-3-030-29959-0_10

2019-01-01

Abstract:Group signatures are considered as one of the most prominent cryptographic primitives to ensure privacy. In essence, group signatures ensure the authenticity of messages while the author of the message remains anonymous. In this study, we propose a dynamic post-quantum group signature (GS) extending the static G-Merkle group signature (PQCRYPTO 2018). In particular, our dynamic G-Merkle (DGM) allows new users to join the group at any time. Similar to G-Merkle scheme, our DGM only involves symmetric primitives and makes use of a One-Time Signature scheme (OTS). Each member of the group receives a certain amount of OTS key pairs and can ask the Manager M for more if needed. Our DGM also provides an innovative way of signing revocation by employing Symmetric Puncturable Encryption (SPE) recently appeared in (ACM CCS 2018). DGM provides a significantly smaller signature size than other GSs based on symmetric primitives and also reduces the influence of the number of group members on the signature size and on the limitations of the application of G-Merkle.

Meryem Soysaldı Şahin,Sedat Akleylek

DOI: https://doi.org/10.1016/j.jksuci.2021.12.014

2022-02-01

Abstract:A group signature allows a group member who signs the message on behalf of the other group members. Any recipient also verifies the signature without knowing the signer. However, it is possible to reveal the signer’s identity since the group signatures have the tracing mechanism. In general, the group signature size increases the number of group members. However, the schemes are also proposed with the constant signature size. On the other hand, the security of some schemes are based on the discrete logarithm and factorization problems while some schemes which are secure against quantum attacks are proposed. To the best of our knowledge, the signature scheme in the group concept has not been proposed on lattices in quantum oracles. In this paper, we propose a new constant-size and partially-dynamic group signature scheme on lattice assumptions. We combine the Dilithium signature scheme, a Stern-like zero-knowledge scheme and Regev’s encryption scheme. We give a zero-knowledge argument system for our proposed scheme and security analysis in the quantum random oracle model. According to the comparison results, the proposed scheme has better size complexity in asymptotic concept.

Yiru Sun,Yanyan Liu,Bo Wu

DOI: https://doi.org/10.1186/s42400-019-0037-8

2019-07-17

Abstract:The group signature scheme is an important primitive in cryptography, it allows members in a group to generate signatures anonymously on behalf of the whole group. In view of the practical application of such schemes, it is necessary to allow users' registration and revocation when necessary, which makes the construction of dynamic group signature schemes become a significant direction. On the basis of (Ling et al., Lattice-based group signatures: achieving full dynamicity with ease, 2017), we present the first full dynamic group signature scheme over ring, and under the premise of ensuring security, the efficiency of the scheme is improved mainly from the following three aspects: the size of keys, the dynamic construction of a Merkle hash tree that used to record the information of registered users, and the reuse of the leaves in this tree. In addition, the public and secret keys of both group manager and trace manager are generated by a trusted third party, which prevents the situation that the two managers generate their respective public key and secret key maliciously. Compared with the counterpart of the scheme in (Ling et al., Lattice-based group signatures: achieving full dynamicity with ease, 2017) over ring, the expected space complexity of the Merkle tree used in our work down almost by half, and the computational complexity of its update has been reduced by a notch because of the dynamic construction of the hash tree.

computer science, information systems, interdisciplinary applications, software engineering

Masoumeh Shafieinejad,Navid Nasr Esfahani

DOI: https://doi.org/10.1007/s10623-021-00857-9

2021-03-24

Abstract:We present a construction for hash-based one-time group signature schemes, and develop a traceable post-quantum multi-time group signature upon it. A group signature scheme allows group members to anonymously sign a message on behalf of the entire group. The signatures are unforgeable, and the scheme enables authorized openers to trace the signature back to the original signer when needed. Our construction utilizes three nested layers to build the group signature scheme. The first layer performs the key-management task; it deploys a <i>transversal design</i> to assign keys to the group members and the openers, establishing anonymity and providing the construction with traceability. The second layer utilizes sets of hash values, <i>hash pools</i>, to build the group public verification key and to connect group members together. The final layer uses a post-quantum hash-based signature scheme, that adds unforgeability to our construction. We extend our scheme to multi-time signatures using Merkle trees and show that this process maintains the scalability property of Merkle-based signatures, while it supports the group members signing any number of messages.

M. H. Abhilash,B. B. Amberker

DOI: https://doi.org/10.1007/s41870-022-00891-3

2022-02-22

International Journal of Information Technology

Abstract:Group signature scheme is a cryptographic primitive that allows its registered group users (or members) to generate signatures on behalf of the whole group without revealing their identity. An important feature of a group signature scheme is revocation, which allows an authorized entity called group manager to remove users from the group. Verifier Local Revocation (VLR) is a most commonly used revocation mechanism in group signature schemes because of its simplicity and efficiency. In VLR, the group manager maintains a publicly available revocation list that contains information about the revoked users. The cost of group signature verification is proportional to the size of the revocation list. To decrease the verification cost, it is enough to reduce the size of the revocation list. We use the notion of time bound signing keys for this and propose a dynamic group signature scheme. In the proposed scheme, an expiration time τ\documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$$\tau$$\end{document} is fixed for the signing key of each group member. A user who is generating signature at time t must prove, he is a valid group member and his signing key is not expired, i.e., t≤τ\documentclass[12pt]{minimal}\usepackage{amsmath}\usepackage{wasysym}\usepackage{amsfonts}\usepackage{amssymb}\usepackage{amsbsy}\usepackage{mathrsfs}\usepackage{upgreek}\setlength{\oddsidemargin}{-69pt}\begin{document}$$t \le \tau$$\end{document}. Group user after the signing key expiration time are considered as ‘naturally’ revoked. Group users may be revoked before the expiration time if necessary, and it is considered ‘premature’ revocation. Hence, the revocation list needs to include the information about prematurely revoked users only. As a result, the size of the revocation list will be small, particularly in situations where natural revocation accounts for a large proportion of the total revocation.

Christopher Battarbee,Delaram Kahrobaei,Ludovic Perret,Siamak F. Shahandashti

2023-06-27

Abstract:In this paper, we present a new diverse class of post-quantum group-based Digital Signature Schemes (DSS). The approach is significantly different from previous examples of group-based digital signatures and adopts the framework of group action-based cryptography: we show that each finite group defines a group action relative to the semidirect product of the group by its automorphism group, and give security bounds on the resulting signature scheme in terms of the group-theoretic computational problem known as the Semidirect Discrete Logarithm Problem (SDLP). Crucially, we make progress towards being able to efficiently compute the novel group action, and give an example of a parameterised family of groups for which the group action can be computed for any parameters, thereby negating the need for expensive offline computation or inclusion of redundancy required in other schemes of this type.

Cryptography and Security

Guangdong Yang,Shaohua Tang,Li Yang

DOI: https://doi.org/10.1007/978-3-642-21031-0_14

2011-01-01

Abstract:Group signature allows a group member to sign messages anonymously on the behalf of a group. In the case of a dispute, the designated group manager can open the signature to reveal the identity of its originator. As far as we know, most of the group signatures are based on traditional cryptography, such as RSA and discrete logarithm. Unfortunately these schemes would be broken if quantum computers emerge. The MQ-problem based Multivariate Public-Key Cryptosystem (MPKC) is an important alternative to traditional PKCs for its potential to resist future attacks of quantum computers. The first group signature scheme based on MPKC is proposed in this paper. This scheme owns two special but important features. First, the group signature can be divided into different time periods. The signatures are linkable in the same time period, but un-linkable between different time periods. Second, the privileges of the group manager is limited. The group manager can not open a signature without the help of the verifier. These features are important in some applications such as e-voting systems. The theory of this scheme is simple and its security relies on the Isomorphism of Polynomials (IP) Problem and random hash function.

Gaurav Mittal,Sandeep Kumar,Sunil Kumar,Shubham Mittal

DOI: https://doi.org/10.1007/s00500-024-10325-w

IF: 3.732

2024-11-29

Soft Computing

Abstract:The concept of undeniable signature scheme was proposed by Chaum and Antwerpen in 1989. In this scheme, the signature can only be verified by the verifier with the co-operation of the signer. In this paper, we propose a novel undeniable signature scheme based on the structure of group ring. We consider the well studied hard problems, that is, inverse computation problem (ICP) and discrete logarithm problem (DLP) in group ring and show that under the chosen message attack, our scheme is strongly unforgeable, invisible and secure against impersonation attack. These security notions, that is, strongly unforgeability, invisibility and impersonation are defined through three different games. In order to practically realize the scheme, we discuss a case study in which we generate the signature for a message and then verify it through the verification algorithm. Finally, we compare our scheme with several other renowned schemes available in the literature and show it is efficient in terms of the total execution time.

computer science, artificial intelligence, interdisciplinary applications

Edoukou Berenger Ayebie,El Mamoun Souidi

DOI: https://doi.org/10.1007/s10623-022-01007-5

2022-01-31

Abstract:A cryptographic accumulator is a cryptographic primitive which produces a succinct aggregate of a set of elements. This type of scheme allows to produce a membership proof for each element of the set. In this paper, we propose a code-based cryptographic accumulator that is quantum computer resistant. Specifically, our scheme is based on the hardness of the Syndrome Decoding problem and satisfies the collision freeness and indistinguishability requirements. We also use double circulant codes which allow us to get a small key size, especially we get for an 80 bits security a small public key of 347 bits. Furthermore, we use the proposed cryptographic accumulator to create a fully dynamic code-based group signature. Moreover, we give an implementation of our scheme which is, to the best of our knowledge, the first direct implementation of a post-quantum cryptographic accumulator.

mathematics, applied,computer science, theory & methods

Shuaining Gao,Xinjian Chen,Hongbo Li,Willy Susilo,Qiong Huang

DOI: https://doi.org/10.1016/j.csi.2023.103782

IF: 3.721

2024-01-01

Computer Standards & Interfaces

Abstract:Group signature supports users to generate signatures on behalf of the group. Verifier local revocation (VLR) is an important method to revoke a misbehaving user in group signature, which has attracted many researchers’ attention. However, the existing lattice-based group signature schemes with VLR either achieve only selfless anonymity, have revocation list of size linear with the number of revoked users, or suffer from the issue that signatures generated by revoked users could easily be linked by an adversary. Additionally, the development of quantum computing technology threatens the security of traditional cryptosystems. Therefore, in this paper we propose a new lattice-based group signature scheme, which makes use of the complete tree technique to combine the timestamp with VLR. It enjoys post-quantum security and satisfies almost full anonymity and traceability if the LWE and SIS problems are hard. Compared with previous schemes, our scheme achieves backward unlinkability additionally. Thanks to the revocation token update mechanism, a revocation token for time period t could not be connected with signatures generated in period t+1. Furthermore, the revocation list in our scheme only stores the tokens of users who have been revoked before the expiry, reducing the revocation list size effectively.

Kunal Dey,Mansi Goyal,Bupendra Singh,Aditi Kar Gangopadhyay

2024-10-25

Abstract:An undeniable signature scheme is type of digital signature where the signer retains control over the signature's verifiability. Therefore with the approval of the signer, only an authenticated verifier can verify the signature. In this work, we develop a module lattice-based post-quantum undeniable signature system. Our method is based on the GPV framework utilizing module lattices, with the security assured by the hardness of the SIS and LWE problems. We have thoroughly proved all the desired securities for the proposed scheme. Finally, we have implemented our protocol for different sets of parameters. The purpose of opting a module variant rather than a ring variant is to provide greater flexibility in selecting parameters.

Cryptography and Security

Ward Beullens,Samuel Dobson,Shuichi Katsumata,Yi-Fu Lai,Federico Pintore

DOI: https://doi.org/10.1007/s10623-023-01192-x

2023-03-01

Abstract:We construct an efficient dynamic group signature (or more generally an accountable ring signature) from isogeny and lattice assumptions. Our group signature is based on a simple generic construction that can be instantiated by cryptographically hard group actions such as the CSIDH group action or an MLWE-based group action. The signature is of size , where N is the number of users in the group. Our idea builds on the recent efficient OR-proof by Beullens, Katsumata, and Pintore (Asiacrypt'20), where we efficiently add a proof of valid ciphertext to their OR-proof and further show that the resulting non-interactive zero-knowledge proof system is online extractable . Our group signatures satisfy more ideal security properties compared to previously known constructions, while simultaneously having an attractive signature size. The signature size of our isogeny-based construction is an order of magnitude smaller than all previously known post-quantum group signatures (e.g., 6.6 KB for 64 members). In comparison, our lattice-based construction has a larger signature size (e.g., either 126 KB or 89 KB for 64 members depending on the satisfied security property). However, since the -notation hides a very small constant factor, it remains small even for very large group sizes, say .

mathematics, applied,computer science, theory & methods

Mingzhu Gao,Wei Yang,Yang Liu

DOI: https://doi.org/10.1007/s11128-021-03236-4

IF: 1.965

2021-09-01

Quantum Information Processing

Abstract:In this paper, a novel quantum (t, n) threshold group signature scheme is demonstrated on a basis of d-dimensional quantum system. In the scheme, n signatories form a group, and only t or more signatories can generate a valid signature on behalf of this group by means of using the cyclic characteristics of mutually unbiased bases (MUBs). The verifier receives the signature and checks the validation of it by performing the measurements in the specific MUB on the d-dimensional single qudits with the help of a trusted arbitrator. Security analysis shows that our scheme satisfies the requirements of quantum threshold group signature protocol: unforgeability, non-reputation, threshold security, and signatory's privacy. Moreover, our scheme designs a novel method to prevent the known-signature attack that also can be used in other arbitrated quantum signature schemes with the quantum one-time-pad encryption. In terms of efficiency, the proposed scheme uses single qudits instead of common entangled states to restore the initial messages. The difficulty of generating the required single qudits would not grow with the number of signatories involved. Therefore, our scheme has huge advantages in scalability compared to other related schemes and can be realized with current technology.

physics, multidisciplinary,quantum science & technology, mathematical

Song Han,Jie Wang,Wanquan Liu

DOI: https://doi.org/10.1007/978-3-540-30197-4_42

2004-01-01

Abstract:Group signatures allow every authorized member of a group to sign on behalf of the underlying group. Anyone except the group manager is not able to validate who generates a signature for a document. A new identity-based group signature scheme is proposed in this paper. This scheme makes use of a bilinear function derived from Weil pairings over elliptic curves. Also, in the underlying composition of group signatures there is no exponentiation computation modulo a large composite number. Due to these ingredients of the novel group signatures, the proposed scheme is efficient with respect to the computation cost in signing process. In addition, this paper comes up with a security proof against adaptive forgeability.

Sunil Kumar,Gaurav Mittal,Sandeep Kumar

DOI: https://doi.org/10.1007/s42979-022-01286-8

2022-07-27

SN Computer Science

Abstract:In this paper, we propose three digital signature schemes based on the algebraic structure of group ring. The first scheme is a deterministic signature scheme, the second scheme is a probabilistic signature scheme whereas the third scheme is an uplifting of the NTRU signature scheme in group ring. We carefully discuss the security of these schemes by studying the hardness of the associated hard problems. We show that our schemes, with parameters of small size, provide the security equivalent to the security provided by the current secure implementations of discrete logarithm problem (e.g. 128 bits). We also discuss some examples to see the practicality of our schemes. This paper is the first advancement in the field of group ring based digital signatures.

Wen Gao,Yupu Hu,Yanhua Zhang,Baocang Wang

DOI: https://doi.org/10.1007/s12204-017-1837-1

2017-05-30

Journal of Shanghai Jiaotong University (Science)

Abstract:Among several post quantum primitives proposed in the past few decades, lattice-based cryptography is considered as the most promising one, due to its underlying rich combinatorial structure, and the worst-case to average-case reductions. The first lattice-based group signature scheme with verifier-local revocation (VLR) is treated as the first quantum-resistant scheme supported member revocation, and was put forward by Langlois et al. This VLR group signature (VLR-GS) has group public key size of O(nm log N log q), and a signature size of O(tm logN log q log β). Nguyen et al. constructed a simple efficient group signature from lattice, with significant advantages in bit-size of both the group public key and the signature. Based on their work, we present a VLR-GS scheme with group public key size of O(nm log q) and signature size of O(tm log q). Our group signature has notable advantages: support of membership revocation, and short in both the public key size and the signature size.

Simin Chen,Jiageng Chen

DOI: https://doi.org/10.1016/j.heliyon.2023.e14917

IF: 3.776

2023-03-28

Heliyon

Abstract:Group signatures allow users to sign messages on behalf of a group without revealing authority is capable of identifying the user who generated it. However, the exposure of the user's signing key will severely damage the group signature scheme. In order to reduce the loss caused by signing key leakage, Song proposed the first forward-secure group signature. If a group signing key is revealed at the current time period, the previous signing key will not be affected. This means that the attacker cannot forge group signatures regarding messages signed in the past. To resist quantum attacks, many lattice-based forward-secure group signatures have been proposed. However, their key-update algorithm is expensive since they require some costly computations such as the Hermite normal form (HNF) operations and conversion from a full-rank set of lattice vectors into a basis. In this paper, we propose the group signature with forward security from lattice. In comparison with previous works, we have several advantages: Firstly, our scheme is more effective since we only need to sample some vectors independently from a discrete Gaussian during the key-update algorithm. Secondly, the derived secret key size is linear instead of quadratic with the lattice dimensions, which is more friendly towards lightweight applications. Anonymous authentication plays an increasingly critical role in protecting privacy and security in the environment where private information could be collected for intelligent analysis. Our work contributes to the anonymous authentication in the post-quantum setting, which has wide potential applications in the IoT environment.