research-article

Group-signature schemes on constrained devices: the gap between theory and practice

Authors:
Raphael Spreitzer

Graz University of Technology, Graz, Austria

Graz University of Technology, Graz, Austria
View Profile

,
Jörn-Marc Schmidt

Graz University of Technology, Graz, Austria

Graz University of Technology, Graz, Austria
View Profile

CS2 '14: Proceedings of the First Workshop on Cryptography and Security in Computing SystemsJanuary 2014Pages 31–36https://doi.org/10.1145/2556315.2556321

Published:20 January 2014Publication History

CS2 '14: Proceedings of the First Workshop on Cryptography and Security in Computing Systems

Pages 31–36

ABSTRACT

Group-signature schemes allow members within a predefined group to prove specific properties without revealing more information than necessary. Potential areas of application include electronic IDs (eIDs) and smartcards, i.e., resource-constrained environments. Though literature provides many theoretical proposals for group-signature schemes, practical evaluations regarding the applicability of such mechanisms in resource-constrained environments are missing. In this work, we investigate four different group-signature schemes in terms of mathematical operations, signature length, and the proposed revocation mechanisms. We also use the RELIC toolkit to implement the two most promising of the investigated group-signature schemes---one of which is going to be standardized in ISO/IEC 20008---for the AVR microcontroller. This allows us to give practical insights into the applicability of pairings on the AVR microcontroller in general and the applicability of group-signature schemes in particular on the very same. Contrary to the general recommendation of precomputing and storing pairing evaluations if possible, we observed that the evaluation of pairings might be faster than computations on cached pairings.

References

Simulavr: an AVR simulator. http://savannah.nongnu.org/projects/simulavr.Google Scholar
D. F. Aranha and C. P. L. Gouvêa. RELIC is an Efficient LIbrary for Cryptography. http://code.google.com/p/relic-toolkit/.Google Scholar
D. Boneh and X. Boyen. Short Signatures Without Random Oracles. In EUROCRYPT 2004, volume 3027, pages 56--73. Springer Berlin Heidelberg, 2004.Google Scholar
D. Boneh, X. Boyen, and H. Shacham. Short Group Signatures. In CRYPTO 2004, volume 3152 of LNCS, pages 41--55. Springer Berlin Heidelberg, 2004.Google Scholar
D. Boneh and M. Franklin. Identity-Based Encryption from the Weil Pairing. In CRYPTO 2001, volume 2139 of LNCS, pages 213--229. Springer Berlin Heidelberg, 2001. Google ScholarDigital Library
D. Boneh and H. Shacham. Group Signatures with Verifier-Local Revocation. In CCS '04, pages 168--177, New York, NY, USA, 2004. ACM. Google ScholarDigital Library
S. Canard, I. Coisel, G. Meulenaer, and O. Pereira. Group Signatures are Suitable for Constrained Devices. In ICISC 2010, volume 6829 of LNCS, pages 133--150. Springer Berlin Heidelberg, 2011. Google ScholarDigital Library
S. Chatterjee, D. Hankerson, and A. Menezes. On the Efficiency and Security of Pairing-Based Protocols in the Type 1 and Type 4 Settings. In Arithmetic of Finite Fields, volume 6087 of LNCS, pages 114--134. Springer Berlin Heidelberg, 2010. Google ScholarDigital Library
D. Chaum and E. van Heyst. Group Signatures. In EUROCRYPT '91, volume 547 of LNCS, pages 257--265. Springer Berlin Heidelberg, 1991. Google ScholarDigital Library
L. Chen and T. Pedersen. New group signature schemes. In EUROCRYPT '94, volume 950 of LNCS, pages 171--181. Springer Berlin Heidelberg, 1995.Google Scholar
C. Delerablée and D. Pointcheval. Dynamic Fully Anonymous Short Group Signatures. In VIETCRYPT, volume 4341 of LNCS, pages 193--210, 2006. Google ScholarDigital Library
S. D. Galbraith, K. G. Paterson, and N. P. Smart. Pairings for Cryptographers. Discrete Applied Mathematics, 156(16):3113--3121, 2008. Google ScholarDigital Library
F. Göloğlu, R. Granger, G. McGuire, and J. Zumbrägel. On the Function Field Sieve and the Impact of Higher Splitting Probabilities: Application to Discrete Logarithms in F_2¹⁹⁷¹ and F_2³¹⁶⁴. Cryptology ePrint Archive, Report 2013/074, 2013. http://eprint.iacr.org/.Google Scholar
C. Gouvêa, L. Oliveira, and J. López. Efficient Software Implementation of Public-Key Cryptography on Sensor Networks Using the MSP430X Microcontroller. Journal of Cryptographic Engineering, 2(1):19--29, 2012.Google ScholarCross Ref
J. Y. Hwang, S. Lee, B.-H. Chung, H. S. Cho, and D. Nyang. Short Group Signatures with Controllable Linkability. In LIGHTSEC '11, LIGHTSEC '11, pages 44--52, Washington, DC, USA, 2011. IEEE Computer Society. Google ScholarDigital Library
Internationl Organization for Standardization (ISO). ISO/IEC 20008-2: Information technology - Security techniques - Anonymous digital signatures - Part 2: Mechanisms using a group public key, November 2012.Google Scholar
A. Joux. A new index calculus algorithm with complexity L(1/4 + o(1)) in very small characteristic. Cryptology ePrint Archive, Report 2013/095, 2013. http://eprint.iacr.org/.Google Scholar
S. Meiklejohn. An Exploration of Group and Ring Signatures. Available online at http://cseweb.ucsd.edu/~smeiklejohn/, February 2011.Google Scholar
L. B. Oliveira, D. F. Aranha, C. P. L. Gouvêa, M. Scott, D. F. Câmara, J. López, and R. Dahab. TinyPBC: Pairings for authenticated identity-based non-interactive key distribution in sensor networks. Computer Communications, 34(3):485--493, 2011. Google ScholarDigital Library
R. Sakai, K. Ohgishi, and M. Kasahara. Cryptosystems based on pairing. 2000.Google Scholar
M. Scott. On the Efficient Implementation of Pairing-Based Protocols. In Cryptography and Coding, volume 7089 of LNCS, pages 296--308. Springer Berlin Heidelberg, 2011. Google ScholarDigital Library
N. Smart. Discrete Logarithms. http://bristolcrypto.blogspot.co.uk/2013/02/discrete-logarithms.html.Google Scholar
P. Szczechowiak, A. Kargl, M. Scott, and M. Collier. On the Application of Pairing Based Cryptography to Wireless Sensor Networks. In WISEC, pages 1--12. ACM, 2009. Google ScholarDigital Library

Index Terms

Group-signature schemes on constrained devices: the gap between theory and practice
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Comparing two pairing-based aggregate signature schemes

In 2003, Boneh, Gentry, Lynn and Shacham (BGLS) devised the first provably-secure aggregate signature scheme. Their scheme uses bilinear pairings and their security proof is in the random oracle model. The first pairing-based aggregate signature scheme ...
Read More
Practical forward secure group signature schemes
CCS '01: Proceedings of the 8th ACM conference on Computer and Communications Security

A group signature scheme allows a group member to sign messages anonymously on behalf of the group, while in case of a dispute, a designated entity can reveal the identity of a signature's originator. Group signature schemes can be used as a basic ...
Read More
Efficient and provably secure random oracle-free adaptive identity-based encryption with short-signature scheme

Identity-based encryption IBE is one of the important public key encryption techniques where not only the identity of the receiver is used for secure and efficient encryption, but it also has several merits over other traditional public-key ones. ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CS2 '14: Proceedings of the First Workshop on Cryptography and Security in Computing Systems
January 2014
56 pages
ISBN:9781450324847
DOI:10.1145/2556315
General Chairs:
Jens Knoop
TU Vienna, Austria
,
Valentina Salapura
IBM
,
Program Chairs:
Israel Koren
University of Massachusetts Amherst
,
Gerardo Pelosi
Politecnico di Milano
Copyright © 2014 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 20 January 2014
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
ATmega128
AVR
group-signature schemes
pairing-based cryptography
type 1 pairings
type 3 pairings
Qualifiers
- research-article
Conference

Acceptance Rates
CS2 '14 Paper Acceptance Rate6of26submissions,23%Overall Acceptance Rate27of91submissions,30%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 3
  Total Citations
  View Citations
- 172
  Total Downloads
- Downloads (Last 12 months)2
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Group-signature schemes on constrained devices: the gap between theory and practice

CS2 '14: Proceedings of the First Workshop on Cryptography and Security in Computing Systems

ABSTRACT

References

Cited By

Index Terms

Recommendations

Comparing two pairing-based aggregate signature schemes

Practical forward secure group signature schemes

Efficient and provably secure random oracle-free adaptive identity-based encryption with short-signature scheme