Abstract
For group signature (GS) supporting membership revocation, verifier-local revocation (VLR) mechanism seems to be a more flexible choice, because it requires only that verifiers download up-to-date revocation information for signature verification, and the signers are not involved. As a post-quantum secure cryptographic counterpart of classical number-theoretic cryptographic constructions, the first lattice-based VLR group signature (VLR-GS) was introduced by Langlois et al. (2014). However, none of the contemporary lattice-based VLR-GS schemes provide backward unlinkability (BU), which is an important property to ensure that previously issued signatures remain anonymous and unlinkable even after the corresponding signer (i.e., member) is revoked. In this study, we introduce the first lattice-based VLR-GS scheme with BU security (VLR-GS-BU), and thus resolve a prominent open problem posed by previous works. Our new scheme enjoys an \({\cal O}\left( {\log \,N} \right)\) factor saving for bit-sizes of the group public-key (GPK) and the member’s signing secret-key, and it is free of any public-key encryption. In the random oracle model, our scheme is proven secure under two well-known hardness assumptions of the short integer solution (SIS) problem and learning with errors (LWE) problem.
摘要
群成员可撤销的群签名中, 验证者本地撤销机制似乎是一种更为灵活的选择, 因为在签名验证过程中, 仅需验证者获取最新的撤销信息, 而不涉及签名者。与经典的数论型构造相对应, Langlois等人给出了后量子安全的首个格上验证者本地撤销群签名。然而, 截至目前, 所有格上验证者本地撤销群签名方案暂不满足后向无关联性, 该特性可保障群成员被撤销前其对消息签名的匿名性和无关联性。本文给出了首个格上后向无关联性安全的验证者本地撤销群签名方案, 从而解决了这一公开问题。新方案为群公钥和群成员签名密钥节省了O(log N)的比特大小, 并且没有任何公钥加密。特别地, 新方案在随机谕言机模型下是可证明安全的, 其困难性可归约至两个经典格上难题假设, 即小整数解难题和差错学习难题。
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles and news from researchers in related subjects, suggested using machine learning.References
Agrawal S, Boneh D, Boyen X, 2010. Efficient lattice (H)IBE in the standard model. Proc 29th Annual Int Conf on the Theory and Applications of Cryptographic Techniques, p.553–572. https://doi.org/10.1007/978-3-642-13190-5_28
Ajtai M, 1996. Generating hard instances of lattice problems (extended abstract). Proc 28th ACM Symp on Theory of Computing, p.99–108. https://doi.org/10.1145/237814.237838
Alwen J, Peikert C, 2011. Generating shorter bases for hard random lattices. Theor Comput Syst, 48(3):535–553. https://doi.org/10.1007/s00224-010-9278-3
Bellare M, Micciancio D, Warinschi B, 2003. Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. Proc 22nd Int Conf on the Theory and Applications of Cryptographic Techniques, p.614–629. https://doi.org/10.1007/3-540-39200-9_38
Bellare M, Shi HX, Zhang C, 2005. Foundations of group signatures: the case of dynamic groups. Cryptographers’ Track at the RSA Conf, p.136–153. https://doi.org/10.1007/978-3-540-30574-3_11
Boneh D, Shacham H, 2004. Group signatures with verifier-local revocation. Proc 11th ACM Conf on Computer and Communications Security, p.168–177. https://doi.org/10.1145/1030083.1030106
Bootle J, Cerulli A, Chaidos P, et al., 2016. Foundations of fully dynamic group signatures. Proc 14th Int Conf on the Applied Cryptography and Network Security, p.117–136. https://doi.org/10.1007/978-3-319-39555-5_7
Cash D, Hofheinz D, Kiltz E, et al., 2010. Bonsai trees, or how to delegate a lattice basis. Proc 29th Int Conf on the Theory and Applications of Cryptographic Techniques, p.523–552. https://doi.org/10.1007/978-3-642-13190-5_27
Chaum D, van Heyst E, 1991. Group signatures. Workshop on the Theory and Application of Cryptographic Techniques, p.257–265. https://doi.org/10.1007/3-540-46416-6_22
Emura K, Hayashi T, 2018. A revocable group signature scheme with scalability from simple assumptions and its implementation. Proc 21st Int Conf on Information Security, p.442–460. https://doi.org/10.1007/978-3-319-99136-8_24
Gao W, Hu YP, Zhang YH, et al., 2017. Lattice-based group signature with verifier-local revocation. J Shanghai Jiao Tong Univ (Sci), 22(3):313–321. https://doi.org/10.1007/s12204-017-1837-1
Gentry C, Peikert C, Vaikuntanathan V, 2008. Trapdoors for hard lattices and new cryptographic constructions. Proc 40th Annual ACM Symp on Theory of Computing, p.197–206. https://doi.org/10.1145/1374376.1374407
Gordon SD, Katz J, Vaikuntanathan V, 2010. A group signature scheme from lattice assumptions. Proc 16th Int Conf on the Theory and Application of Cryptology and Information Security, p.395–412. https://doi.org/10.1007/978-3-642-17373-8_23
Huang JY, Huang Q, Susilo W, 2020. Leakage-resilient group signature: definitions and constructions. Inform Sci, 509:119–132. https://doi.org/10.1016/j.ins.2019.09.004
Ishida A, Sakai Y, Emura K, et al., 2018. Fully anonymous group signature with verifier-local revocation. Proc 11th Int Conf on Security and Cryptography for Networks, p.23–42. https://doi.org/10.1007/978-3-319-98113-0_2
Kawachi A, Tanaka K, Xagawa K, 2008. Concurrently secure identification schemes based on the worst-case hardness of lattice problems. Proc 14th Int Conf on the Theory and Application of Cryptology and Information Security, p.372–389. https://doi.org/10.1007/978-3-540-89255-7_23
Langlois A, Ling S, Nguyen K, et al., 2014. Lattice-based group signature scheme with verifier-local revocation. Proc 17th Int Conf on Practice and Theory in Public-Key Cryptography, p.345–361. https://doi.org/10.1007/978-3-642-54631-0_20
Libert B, Vergnaud D, 2009. Group signatures with verifier-local revocation and backward unlinkability in the standard model. Proc 8th Int Conf on Cryptology and Network Security, p.498–517. https://doi.org/10.1007/978-3-642-10433-6_34
Ling S, Nguyen K, Stehlé D, et al., 2013. Improved zero-knowledge proofs of knowledge for the ISIS problem, and applications. Proc 16th Int Conf on Practice and Theory in Public-Key Cryptography, p.107–124. https://doi.org/10.1007/978-3-642-36362-7_8
Ling S, Nguyen K, Roux-Langlois A, et al., 2018. A lattice-based group signature scheme with verifier-local revocation. Theor Comput Sci, 730:1–20. https://doi.org/10.1016/j.tcs.2018.03.027
Micciancio D, Peikert C, 2012. Trapdoors for lattices: simpler, tighter, faster, smaller. Proc 31st Annual Int Conf on the Theory and Applications of Cryptographic Techniques, p.700–718. https://doi.org/10.1007/978-3-642-29011-4_41
Micciancio D, Peikert C, 2013. Hardness of SIS and LWE with small parameters. Proc 33rd Annual Cryptology Conf, p.21–39. https://doi.org/10.1007/978-3-642-40041-4_2
Nakanishi T, Funabiki N, 2005. Verifier-local revocation group signature schemes with backward unlinkability from bilinear maps. Proc 11th Int Conf on the Theory and Application of Cryptology and Information Security, p.533–548. https://doi.org/10.1007/11593447_29
Nakanishi T, Funabiki N, 2006. A short verifier-local revocation group signature scheme with backward unlinkability. Proc 1st Int Workshop on Security, p.17–32. https://doi.org/10.1007/11908739_2
Nguyen PQ, Zhang J, Zhang ZF, 2015. Simpler efficient group signatures from lattices. Proc 18th IACR Int Conf on Practice and Theory in Public-Key Cryptography, p.401–426. https://doi.org/10.1007/978-3-662-46447-2_18
Perera MNS, Koshiba T, 2018a. Achieving full security for lattice-based group signatures with verifier-local revocation. Proc 20th Int Conf on Information and Communications Security, p.287–302. https://doi.org/10.1007/978-3-030-01950-1_17
Perera MNS, Koshiba T, 2018b. Zero-knowledge proof for lattice-based group signature schemes with verifier-local revocation. Proc 21st Int Conf on Network-Based Information Systems, p.772–782. https://doi.org/10.1007/978-3-319-98530-5_68
Perera MNS, Koshiba T, 2018c. Achieving strong security and verifier-local revocation for dynamic group signatures from lattice assumptions. Proc 14th Int Conf on Security and Trust Management, p.3–19. https://doi.org/10.1007/978-3-030-01141-3_1
Regev O, 2005. On lattices, learning with errors, random linear codes, and cryptography. Proc 37th Annual ACM Symp on Theory of Computing, p.84–93. https://doi.org/10.1145/1060590.1060603
Song DX, 2001. Practical forward secure group signature schemes. Proc 8th ACM Conf on Computer and Communications Security, p.225–234. https://doi.org/10.1145/501983.502015
Zhang YH, Hu YP, Gao W, et al., 2016. Simpler efficient group signature scheme with verifier-local revocation from lattices. KSII Trans Int Inform Syst, 10(1):414–430. https://doi.org/10.3837/tiis.2016.01.024
Zhang YH, Hu YP, Zhang QK, et al., 2019a. On new zero-knowledge proofs for lattice-based group signatures with verifier-local revocation. Proc 22nd Int Conf on Information Security, p.190–208. https://doi.org/10.1007/978-3-030-30215-3_10
Zhang YH, Liu XM, Hu YP, et al., 2019b. Lattice-based group signatures with verifier-local revocation: achieving shorter key-sizes and explicit traceability with ease. Proc 18th Int Conf on Cryptology and Network Security, p.120–140. https://doi.org/10.1007/978-3-030-31578-8_7
Author information
Authors and Affiliations
Contributions
Yanhua ZHANG and Huiwen JIA designed the research. Yanhua ZHANG processed the data and drafted the paper. Ximeng LIU helped organize the paper. Yupu HU and Yong GAN revised and finalized the paper.
Corresponding authors
Additional information
Compliance with ethics guidelines
Yanhua ZHANG, Ximeng LIU, Yupu HU, Yong GAN, and Huiwen JIA declare that they have no conflict of interest.
Project supported by the National Natural Science Foundation of China (Nos. 61802075 and 61772477) and the Natural Science Foundation of Henan Province, China (Nos. 222300420371 and 202300410508)
Rights and permissions
About this article
Cite this article
Zhang, Y., Liu, X., Hu, Y. et al. Verifier-local revocation group signatures with backward unlinkability from lattices. Front Inform Technol Electron Eng 23, 876–892 (2022). https://doi.org/10.1631/FITEE.2000507
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1631/FITEE.2000507
Key words
- Group signature
- Lattice-based cryptography
- Verifier-local revocation
- Backward unlikability
- Short integer solution