Toru Nakanishi
ABSTRACT
In group signature schemes, a signature is anonymous for a verifier, while only a designated Privacy Manager (PM) can identify the signer. This identification is used for tracing a dishonest anonymous signer in case of an illegal act using the signature. However, PM can violate signers' anonymity. Recently, Brickell and Li propose a novel countermeasure for the anonymous dishonest signer without PM in the setting of the direct anonymous attestation. Here, we call the generalized group signature version anonymously revocable group signature scheme. In this scheme, after an illegal act using a group signature was found, the membership of the dishonest signer can be anonymously revoked for excluding the signer without the help of any PM. However, since the Brickell-Li scheme is based on the RSA assumption and the DDH assumption, the signature is long. In this paper, we propose a short anonymously revocable group signature scheme from supersingular curves, where we adopt the decision linear (DLIN) assumption. Compared to the simple adoption of the Brickell-Li DDH-based revoking approach to supersingular curves, the length of our signature is reduced to about from 30% to 60%.
- M. Bellare, D. Micciancio, and B. Warinschi, "Foundations of group signatures: Formal definitions, simplified requirements, and a construction based on general assumptions," Proc. EUROCRYPT 2003, LNCS 2656, pp.614--629, 2003. Google Scholar
Digital Library
- D. Boneh, X. Boyen, and H. Shacham, "Short group signatures," Proc. CRYPTO 2004, LNCS 3152, pp.41--55, 2004.Google ScholarCross Ref
- D. Boneh and H. Shacham, "Group signatures with verifier-local revocation," Proc. ACM-CCS '04, pp.168--177, 2004. Google ScholarDigital Library
- E. Brickell and J. Li, "Enhanced privacy ID: A direct anonymous attestation scheme with enhanced revocation capabilities." Proc. ACM-WPES '07, also in Cryptology ePrint Archive, Report 2007/194, 2007. Google ScholarDigital Library
- D. Chaum and E. van Heijst, "Group signatures," Proc. EUROCRYPT '91, LNCS 547, pp.241--246, 1991.Google ScholarDigital Library
- J. Furukawa and H. Imai, "An efficient group signature scheme from bilinear maps," Proc. ACISP 2005, LNCS 3574, pp.455--467, 2005. Google ScholarDigital Library
- A. Kiayias, Y. Tsiounis, and M. Yung, "Traceable signatures," Proc. EUROCRYPT 2004, LNCS 3027, pp.571--589, 2004.Google ScholarCross Ref
- P. P. Tsang, M. H. Au, A. Kapadia, S. W. Smith, "Blacklistable anonymous credentials: blocking misbehaving users without TTPs," Proc. ACM-CCS '07, pp.72--81, 2007 Google ScholarDigital Library
Index Terms
- A short anonymously revocable group signature scheme from decision linear assumption
Recommendations
Certificateless Group Signature Scheme from Bilinear Pairings
ICCIS 2017: Proceedings of the 2017 2nd International Conference on Communication and Information SystemsCertificateless public key cryptography solve the certificate management problems of the traditional public key cryptography, also overcomes the problems public key escrow in identity based cryptography.A group signature scheme allows a group member to ...
A Short Verifier-Local Revocation Group Signature Scheme with Backward Unlinkability
Previously Verifier-Local Revocation (VLR) group signature schemes from bilinear maps were proposed. In VLR schemes, only verifiers are involved in the revocation of a member, while signers are not. Thus, the VLR schemes are suitable for mobile ...
Universal forgery on a group signature scheme using self-certified public keys
A group signature scheme allows any group member to sign messages on behalf of the group in an anonymous and unlinkable fashion. In the event of a dispute, a designated group manager can reveal the identity of the signer. In 1999, Tseng and Jan proposed ...
Comments