Abstract
For group signatures with verifier-local revocation (\(\textsf {GS}\hbox {-}\textsf {VLR}\)), selfless-anonymity (SA), which only ensures the anonymity of a signature against an adversary not possessing the signing secret-keys for members who were involved in the generation of the challenge signature, is strictly weaker than the de facto standard anonymity notion, full-anonymity, where the adversary is allowed to corrupt all members. At ICICS 2018, Hou et al. delivered a lattice-based fully anonymous \(\textsf {GS}\hbox {-}\textsf {VLR}\) scheme (as one core building block for their semi-generic construction of hierarchical \(\textsf {GS}\hbox {-}\textsf {VLR}\)) based on the first lattice-based \(\textsf {GS}\) scheme introduced by Gordon et al. at ASIACRYPT 2010. In this paper, we demonstrate that their scheme does not consider the anonymity for revoked members (no matter the misbehaving members or the honest ones who voluntarily leave), an implicit requirement for \(\textsf {GS}\hbox {-}\textsf {VLR}\) in a real-life application. Subsequently, we provide a modification of their construction to fix the mentioned weakness.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
At SCN 2018, Ishida et al. [12] proposed the basic framework of fully anonymous GS-VLR builded on ideas from creative work of Bellare et al. [3]. Concretely, a fully anonymous GS-VLR is obtained from a digital signature scheme, a key-private public-key encryption scheme, and a non-interactive zero-knowledge proof system. However, no any specific cryptographic scheme was given by Ishida et al., and we do not know how to adopt algorithms over lattices to substitute all the operations efficiently and safely, and we cannot simply follow the steps of [12] to design a lattice-based FA-GS-VLR scheme. At ICICS 2018, Perera and Koshiba [19] claimed that the first lattice-based GS-VLR scheme achieving full security (i.e., FA and full-traceability) was successfully constructed by them. However, in fact, their construction does not satisfy FA and we explain this in detail in our another paper which was just accepted by ACNS 2021 workshops. Therefore, we have to tailor a new construction so that it can rely on some new and creatively techniques for lattice-based cryptography.
References
Ajtai, M.: Generating hard instances of lattice problems (extended abstract). In: STOC, pp. 99–108. ACM (1996). https://doi.org/10.1145/237814.237838
Alwen, J., Peikert, C.: Generating shorter bases for hard random lattices. Theor. Comput. Sys. 48(3), 535–553 (2011). https://doi.org/10.1007/s00224-010-9278-3
Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614–629. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_38
Bichsel, P., Camenisch, J., Neven, G., Smart, N.P., Warinschi, B.: Get shorty via group signatures without encryption. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 381–398. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15317-4_24
Boneh, D., Shacham, H.: Group signatures with verifier-local revocation. In: CCS, pp. 168–177. ACM (2004). https://doi.org/10.1145/1030083.1030106
Bringer, J., Patey, A.: VLR group signatures: how to achieve both backward unlinkability and efficient revocation checks. In: Pierangela, S., (eds.) SECRYPT 2012, pp. 215–220. (2012). https://doi.org/10.1007/3-540-46416-6_22
Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46416-6_22
Gao, W., Hu, Y., Zhang, Y., et al.: Lattice-based group signature with verifier-local revocation. J. Shanghai JiaoTong Univ. (Sci.) 22(3), 313–321 (2017). https://doi.org/10.1007/s12204-017-1837-1
Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoor for hard lattices and new cryptographic constructions. In: STOC, pp. 197–206. ACM (2008) https://doi.org/10.1145/1374376.1374407
Gordon, S.D., Katz, J., Vaikuntanathan, V.: A group signature scheme from lattice assumptions. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 395–412. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17373-8_23
Hou, L., Liu, R., Qiu, T., Lin, D.: Hierarchical group signatures with verifier-local revocation. In: Naccache, D., et al. (eds.) ICICS 2018. LNCS, vol. 11149, pp. 271–286. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01950-1_16
Ishida, A., Sakai, Y., Emura, K., Hanaoka, G., Tanaka, K.: Fully anonymous group signature with verifier-local revocation. In: Catalano, D., De Prisco, R. (eds.) SCN 2018. LNCS, vol. 11035, pp. 23–42. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98113-0_2
Libert, B., Vergnaud, D.: Group signatures with verifier-local revocation and backward unlinkability in the standard model. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 498–517. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10433-6_34
Ling, S., Nguyen, K., Langlois, A., et al.: A lattice-based group signature scheme with verifier-local revocation. Theor. Comput. Sci. 730, 1–20 (2018). https://doi.org/10.1016/j.tcs.2018.03.027
Micciancio, D., Peikert, C.: Trapdoors for lattices: simpler, tighter, faster, smaller. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 700–718. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_41
Nakanishi, T., Funabiki, N.: Verifier-local revocation group signature schemes with backward unlinkability from bilinear maps. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 533–548. Springer, Heidelberg (2005). https://doi.org/10.1007/11593447_29
Nakanishi, T., Funabiki, N.: A short verifier-local revocation group signature scheme with backward unlinkability. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 17–32. Springer, Heidelberg (2006). https://doi.org/10.1007/11908739_2
Perera, M.N.S., Koshiba, T.: Achieving almost-full security for lattice-based fully dynamic group signatures with verifier-local revocation. In: Su, C., Kikuchi, H. (eds.) ISPEC 2018. LNCS, vol. 11125, pp. 229–247. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99807-7_14
Perera, M.N.S., Koshiba, T.: Achieving full security for lattice-based group signatures with verifier-local revocation. In: Naccache, D., et al. (eds.) ICICS 2018. LNCS, vol. 11149, pp. 287–302. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01950-1_17
Perera, M.N.S., Koshiba, T.: Achieving strong security and verifier-local revocation for dynamic group signatures from lattice assumptions. In: Katsikas, S.K., Alcaraz, C. (eds.) STM 2018. LNCS, vol. 11091, pp. 3–19. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01141-3_1
Langlois, A., Ling, S., Nguyen, K., Wang, H.: Lattice-based group signature scheme with verifier-local revocation. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 345–361. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54631-0_20
Zhang, Y., Hu, Y., Gao, W., et al.: Simpler efficient group signature scheme with verifier-local revocation from lattices. KSII Trans. Internet Inf. Syst. 10(1), 414–430 (2016). https://doi.org/10.3837/tiis.2016.01.024
Zhang, Y., Hu, Y., Zhang, Q., Jia, H.: On new zero-knowledge proofs for lattice-based group signatures with verifier-local revocation. In: Lin, Z., Papamanthou, C., Polychronakis, M. (eds.) ISC 2019. LNCS, vol. 11723, pp. 190–208. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30215-3_10
Zhang, Y., Liu, X., Hu, Y., Zhang, Q., Jia, H.: Lattice-based group signatures with verifier-local revocation: achieving shorter key-sizes and explicit traceability with ease. In: Mu, Y., Deng, R.H., Huang, X. (eds.) CANS 2019. LNCS, vol. 11829, pp. 120–140. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-31578-8_7
Zhang, Y., Liu, X., Yin, Y., Zhang, Q., Jia, H.: On new zero-knowledge proofs for fully anonymous lattice-based group signature scheme with verifier-local revocation. In: Zhou, J., et al. (eds.) ACNS 2020. LNCS, vol. 12418, pp. 381–399. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-61638-0_21
Acknowledgments
The authors would like to thank the anonymous reviewers of NSS 2021 for their helpful comments and this research was supported by National Natural Science Foundation of China (Grant No. 61802075), Guangxi key Laboratory of Cryptography and Information Security (Grant No. GCIS201907) and Natural Science Foundation of Henan Province (Grant No. 202300410508).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Zhang, Y., Liu, X., Hu, Y., Jia, H. (2021). Cryptanalysis of a Fully Anonymous Group Signature with Verifier-Local Revocation from ICICS 2018. In: Yang, M., Chen, C., Liu, Y. (eds) Network and System Security. NSS 2021. Lecture Notes in Computer Science(), vol 13041. Springer, Cham. https://doi.org/10.1007/978-3-030-92708-0_24
Download citation
DOI: https://doi.org/10.1007/978-3-030-92708-0_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92707-3
Online ISBN: 978-3-030-92708-0
eBook Packages: Computer ScienceComputer Science (R0)