ABSTRACT
Group-signature schemes allow members within a predefined group to prove specific properties without revealing more information than necessary. Potential areas of application include electronic IDs (eIDs) and smartcards, i.e., resource-constrained environments. Though literature provides many theoretical proposals for group-signature schemes, practical evaluations regarding the applicability of such mechanisms in resource-constrained environments are missing. In this work, we investigate four different group-signature schemes in terms of mathematical operations, signature length, and the proposed revocation mechanisms. We also use the RELIC toolkit to implement the two most promising of the investigated group-signature schemes---one of which is going to be standardized in ISO/IEC 20008---for the AVR microcontroller. This allows us to give practical insights into the applicability of pairings on the AVR microcontroller in general and the applicability of group-signature schemes in particular on the very same. Contrary to the general recommendation of precomputing and storing pairing evaluations if possible, we observed that the evaluation of pairings might be faster than computations on cached pairings.
- Simulavr: an AVR simulator. http://savannah.nongnu.org/projects/simulavr.Google Scholar
- D. F. Aranha and C. P. L. Gouvêa. RELIC is an Efficient LIbrary for Cryptography. http://code.google.com/p/relic-toolkit/.Google Scholar
- D. Boneh and X. Boyen. Short Signatures Without Random Oracles. In EUROCRYPT 2004, volume 3027, pages 56--73. Springer Berlin Heidelberg, 2004.Google Scholar
- D. Boneh, X. Boyen, and H. Shacham. Short Group Signatures. In CRYPTO 2004, volume 3152 of LNCS, pages 41--55. Springer Berlin Heidelberg, 2004.Google Scholar
- D. Boneh and M. Franklin. Identity-Based Encryption from the Weil Pairing. In CRYPTO 2001, volume 2139 of LNCS, pages 213--229. Springer Berlin Heidelberg, 2001. Google ScholarDigital Library
- D. Boneh and H. Shacham. Group Signatures with Verifier-Local Revocation. In CCS '04, pages 168--177, New York, NY, USA, 2004. ACM. Google ScholarDigital Library
- S. Canard, I. Coisel, G. Meulenaer, and O. Pereira. Group Signatures are Suitable for Constrained Devices. In ICISC 2010, volume 6829 of LNCS, pages 133--150. Springer Berlin Heidelberg, 2011. Google ScholarDigital Library
- S. Chatterjee, D. Hankerson, and A. Menezes. On the Efficiency and Security of Pairing-Based Protocols in the Type 1 and Type 4 Settings. In Arithmetic of Finite Fields, volume 6087 of LNCS, pages 114--134. Springer Berlin Heidelberg, 2010. Google ScholarDigital Library
- D. Chaum and E. van Heyst. Group Signatures. In EUROCRYPT '91, volume 547 of LNCS, pages 257--265. Springer Berlin Heidelberg, 1991. Google ScholarDigital Library
- L. Chen and T. Pedersen. New group signature schemes. In EUROCRYPT '94, volume 950 of LNCS, pages 171--181. Springer Berlin Heidelberg, 1995.Google Scholar
- C. Delerablée and D. Pointcheval. Dynamic Fully Anonymous Short Group Signatures. In VIETCRYPT, volume 4341 of LNCS, pages 193--210, 2006. Google ScholarDigital Library
- S. D. Galbraith, K. G. Paterson, and N. P. Smart. Pairings for Cryptographers. Discrete Applied Mathematics, 156(16):3113--3121, 2008. Google ScholarDigital Library
- F. Göloğlu, R. Granger, G. McGuire, and J. Zumbrägel. On the Function Field Sieve and the Impact of Higher Splitting Probabilities: Application to Discrete Logarithms in F21971 and F23164. Cryptology ePrint Archive, Report 2013/074, 2013. http://eprint.iacr.org/.Google Scholar
- C. Gouvêa, L. Oliveira, and J. López. Efficient Software Implementation of Public-Key Cryptography on Sensor Networks Using the MSP430X Microcontroller. Journal of Cryptographic Engineering, 2(1):19--29, 2012.Google ScholarCross Ref
- J. Y. Hwang, S. Lee, B.-H. Chung, H. S. Cho, and D. Nyang. Short Group Signatures with Controllable Linkability. In LIGHTSEC '11, LIGHTSEC '11, pages 44--52, Washington, DC, USA, 2011. IEEE Computer Society. Google ScholarDigital Library
- Internationl Organization for Standardization (ISO). ISO/IEC 20008-2: Information technology - Security techniques - Anonymous digital signatures - Part 2: Mechanisms using a group public key, November 2012.Google Scholar
- A. Joux. A new index calculus algorithm with complexity L(1/4 + o(1)) in very small characteristic. Cryptology ePrint Archive, Report 2013/095, 2013. http://eprint.iacr.org/.Google Scholar
- S. Meiklejohn. An Exploration of Group and Ring Signatures. Available online at http://cseweb.ucsd.edu/~smeiklejohn/, February 2011.Google Scholar
- L. B. Oliveira, D. F. Aranha, C. P. L. Gouvêa, M. Scott, D. F. Câmara, J. López, and R. Dahab. TinyPBC: Pairings for authenticated identity-based non-interactive key distribution in sensor networks. Computer Communications, 34(3):485--493, 2011. Google ScholarDigital Library
- R. Sakai, K. Ohgishi, and M. Kasahara. Cryptosystems based on pairing. 2000.Google Scholar
- M. Scott. On the Efficient Implementation of Pairing-Based Protocols. In Cryptography and Coding, volume 7089 of LNCS, pages 296--308. Springer Berlin Heidelberg, 2011. Google ScholarDigital Library
- N. Smart. Discrete Logarithms. http://bristolcrypto.blogspot.co.uk/2013/02/discrete-logarithms.html.Google Scholar
- P. Szczechowiak, A. Kargl, M. Scott, and M. Collier. On the Application of Pairing Based Cryptography to Wireless Sensor Networks. In WISEC, pages 1--12. ACM, 2009. Google ScholarDigital Library
Index Terms
- Group-signature schemes on constrained devices: the gap between theory and practice
Recommendations
Comparing two pairing-based aggregate signature schemes
In 2003, Boneh, Gentry, Lynn and Shacham (BGLS) devised the first provably-secure aggregate signature scheme. Their scheme uses bilinear pairings and their security proof is in the random oracle model. The first pairing-based aggregate signature scheme ...
Practical forward secure group signature schemes
CCS '01: Proceedings of the 8th ACM conference on Computer and Communications SecurityA group signature scheme allows a group member to sign messages anonymously on behalf of the group, while in case of a dispute, a designated entity can reveal the identity of a signature's originator. Group signature schemes can be used as a basic ...
Efficient and provably secure random oracle-free adaptive identity-based encryption with short-signature scheme
Identity-based encryption IBE is one of the important public key encryption techniques where not only the identity of the receiver is used for secure and efficient encryption, but it also has several merits over other traditional public-key ones. ...
Comments