Abstract
This paper proposes a group signature scheme with a tracing mechanism that limits the tracing ability of tracers based on their attributes and decentralizes the tracing key generation method. Thus, no other party than the attributes satisfying tracer can identify the signer. The proposing scheme answers the single point of failure of the tracing mechanism in the existing group signature schemes. On the other hand, the multiple tracers setting of the proposing scheme reduces the tracing workload that the single tracer had, and provides selection flexibility for users to choose a tracer for their signatures based on tracers’ attributes. This paper discussed the related security definitions against outsiders and honest but curious authorities.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Anada, H., Fukumitsu, M., Hasegawa, S.: Group signatures with designated traceability. In: 2021 Ninth International Symposium on Computing and Networking (CANDAR), pp. 74–80. IEEE (2021)
Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614–629. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_38
Bellare, M., Shi, H., Zhang, C.: Foundations of group signatures: the case of dynamic groups. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 136–153. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30574-3_11
Blömer, J., Juhnke, J., Löken, N.: Short Group Signatures with Distributed Traceability. In: Kotsireas, I.S., Rump, S.M., Yap, C.K. (eds.) MACIS 2015. LNCS, vol. 9582, pp. 166–180. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-32859-1_14
Camenisch, J., Drijvers, M., Lehmann, A., Neven, G., Towa, P.: Short threshold dynamic group signatures. In: Galdi, C., Kolesnikov, V. (eds.) SCN 2020. LNCS, vol. 12238, pp. 401–423. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-57990-6_20
Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46416-6_22
Chow, S.S.M.: Removing escrow from identity-based encryption. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 256–276. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00468-1_15
Emura, K., Katsumata, S., Watanabe, Y.: Identity-based encryption with security against the KGC: a formal model and its instantiation from lattices. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019. LNCS, vol. 11736, pp. 113–133. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29962-0_6
Ghadafi, E.: Efficient distributed tag-based encryption and its application to group signatures with efficient distributed traceability. In: Aranha, D.F., Menezes, A. (eds.) LATINCRYPT 2014. LNCS, vol. 8895, pp. 327–347. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16295-9_18
Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)
Kiayias, A., Tsiounis, Y., Yung, M.: Traceable signatures. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 571–589. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_34
Lewko, A., Okamoto, T., Sahai, A., Takashima, K., Waters, B.: Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 62–91. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_4
Manulis, M., Sadeghi, A.-R., Schwenk, J.: Linkable democratic group signatures. In: Chen, K., Deng, R., Lai, X., Zhou, J. (eds.) ISPEC 2006. LNCS, vol. 3903, pp. 187–201. Springer, Heidelberg (2006). https://doi.org/10.1007/11689522_18
Perera, M.N.S., Nakamura, T., Hashimoto, M., Yokoyama, H., Cheng, C.M., Sakurai, K.: Decentralized and collaborative tracing for group signatures. In: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, pp. 1258–1260 (2022)
Perera, M.N.S., Nakamura, T., Hashimoto, M., Yokoyama, H., Cheng, C.M., Sakurai, K.: A survey on group signatures and ring signatures: traceability vs. anonymity. Cryptography 6(1), 3 (2022)
Sakai, Y., Emura, K., Hanaoka, G., Kawai, Y., Matsuda, T., Omote, K.: Group signatures with message-dependent opening. In: Abdalla, M., Lange, T. (eds.) Pairing 2012. LNCS, vol. 7708, pp. 270–294. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36334-4_18
Acknowledgment
The authors would like to thank Hiroaki Anada and Masayuki Fukumitsu for sharing their related work, Chen-Mou Cheng and Masayuki Hashimoto for helpful discussion, and anonymous reviewers of ISPEC 2022 for their valuable comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Appendix: The Oracles
Figure 5 depicts the oracles that we use for proving the security of the scheme.
B Appendix: Security Proof
The security proof of our proposal is similar to the proof given in dynamic group signatures of Bellare et al. [3]. While their anonymity proof is based on IND-CCA security of PKE scheme, our proof is based on IND-CPA security of CP-ABE scheme. We detail the security proof of GS scheme with ABT in extended version of this paper.
1.1 B.1 Anonymity
We fix an NP relation \(\rho \) over domain Dom and consider a pair of PPT algorithms (\(P_1, V_1\)) and (\(P_2, V_2\)) for NIZK proof systems as in Bellare et al. [3] paper.
On the assumption that \(P_1\) is computational zero knowledge for \(\rho _1\) over \(Dom_1\) and \(P_2\) is computational zero knowledge for \(\rho _2\) over \(Dom_2\), two simulations \(S_1\) and \(S_2\) can be fixed as: \(\varPi _1\) = \(P_1, V_1, S_1\); \(\varPi _2\) = \(P_2, V_2, S_2\). \(\varPi _1\) and \(\varPi _2\) are the simulation sound zero knowledge non-interactive proof systems of them for \(L_{\rho 1}\) and \(L_{\rho 2}\) respectively.
For any polynomial time adversary \(B\), who will challenge the anonymity of our scheme GS and who can construct polynomial time IND-CPA adversaries \(A_0, A_1\) against CP-ABE scheme E, an adversary \(A_s\) against the simulation soundness of \(\varPi \) and distinguishers \(D_1, D_2\) that distinguish real proofs of \(\varPi _1\) and \(\varPi _2\) respectively, for all \(\lambda \in \mathbb {N}\), we say
According to the Lemma 5.1 described and proved in Bellare’s scheme [3] we can say, the left side function is negligible since all the functions on the right side are negligible under the assumptions on the security of building blocks described. This proves the anonymity of group signature scheme with attribute-based tracing. The detail proof of security for the adversaries against the encryption scheme and the distinguisher for zero knowledge are provided in Bellare’s scheme [3]. Comparing to the proof given in Bellare’s scheme [3] the difference is our scheme is based on CP-ABE scheme instead PKE scheme.
1.2 B.2 Traceability
If there is a traceability adversary \(B\), who constructs an adversary \(A_1\) against the scheme DS, on the assumption that (\(P_1, V_1\)) is a sound proof system for \(\rho _1\), we say
On the assumption that DS is secure against traceability, all the functions on the right side are negligible. Because of this, the advantage of \(B\) is negligible. Thus, it proves that group signature scheme with attribute-based tracing is traceable.
1.3 B.3 Non-Frameability
If there is a non-frameability adversary \(B\), who creates at most \(n(\lambda )\) honest users, where \(n\) is a polynomial and who constructs two adversaries \(A_2, A_3\) against the digital signature scheme, on the assumption that \((P_1, V_1), (P_2, V_2)\) are sound proof systems for \(\rho _1, \rho _2\) respectively, we say
On the assumption that the scheme DS is secure, all the functions on the right side are negligible, so the left side function. Thus, the group signature scheme with attribute-based tracing is non-frameable according to the definition of DS.
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Perera, M.N.S., Nakamura, T., Matsunaka, T., Yokoyama, H., Sakurai, K. (2022). Attribute Based Tracing for Securing Group Signatures Against Centralized Authorities. In: Su, C., Gritzalis, D., Piuri, V. (eds) Information Security Practice and Experience. ISPEC 2022. Lecture Notes in Computer Science, vol 13620. Springer, Cham. https://doi.org/10.1007/978-3-031-21280-2_31
Download citation
DOI: https://doi.org/10.1007/978-3-031-21280-2_31
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-21279-6
Online ISBN: 978-3-031-21280-2
eBook Packages: Computer ScienceComputer Science (R0)