ABSTRACT
Group signature with message-dependent opening (GS-MDO) is a kind of group signature in which only the signers who have created group signatures on problematic messages will be identified. In the previous GS-MDO scheme, however, the number of problematic messages is bounded owing to a limitation of the Groth-Sahai proofs. In this paper, we propose the first GS-MDO scheme with the unbounded-MDO functionality in the random oracle model. Our unbounded GS-MDO scheme is based on the short group signature scheme proposed by Boneh, Boyen, and Shacham and the Boneh-Franklin identity-based encryption scheme. To combine these building blocks and to achieve CCA-anonymity, we also construct a special type of multiple encryption. This technique yields an efficient construction compared with the previous bounded GS-MDO scheme: the signature of our scheme contains about 16 group elements (3630 bits), whereas that of the previous scheme has about 450 group elements (75820 bits).
- M. Abe, G. Fuchsbauer, J. Groth, K. Haralambiev, and M. Ohkubo. Structure-preserving signatures and commitments to group elements. In T. Rabin, editor, CRYPTO 2010, volume 6223 of LNCS, pages 209--236. Springer, Heidelberg, 2010. Google ScholarDigital Library
- M. Abe, K. Haralambiev, and M. Ohkubo. Signing on elements in bilinear groups for modular protocol design. Cryptology ePrint Archive, Report 2010/133, 2010. http://eprint.iacr.org/.Google Scholar
- M. Abe, K. Haralambiev, and M. Ohkubo. Group to group commitments do not shrink. In D. Pointcheval and T. Johansson, editors, EUROCRYPT 2012, volume 7237 of LNCS, pages 301--317. Springer, Heidelberg, 2012. Google ScholarDigital Library
- M. Bellare, D. Micciancio, and B. Warinschi. Foundations of group signatures: Formal definitions, simplified requirements, and a construction based on general assumptions. In E. Biham, editor, EUROCRYPT 2003, volume 2656 of LNCS, pages 644--644. Springer, Heidelberg, 2003. Google ScholarDigital Library
- M. Bellare, H. Shi, and C. Zhang. Foundations of group signatures: The case of dynamic groups. In A. Menezes, editor, CT-RSA 2005, volume 3376 of LNCS, pages 136--153. Springer, Heidelberg, 2005. Google ScholarDigital Library
- D. Boneh and X. Boyen. Short signatures without random oracles and the SDH assumption in bilinear groups. J. Cryptol., 21:149--177, 2008. Google ScholarDigital Library
- D. Boneh, X. Boyen, and H. Shacham. Short group signatures. In M. Franklin, editor, CRYPTO 2004, volume 3152 of LNCS, pages 227--242. Springer, Heidelberg, 2004.Google Scholar
- D. Boneh and M. Franklin. Identity-based encryption from the Weil pairing. SIAM J. Comput., 32(3):586--615, 2003. Google ScholarDigital Library
- D. Chaum and E. van Heyst. Group signatures. In D. W. Davies, editor, EUROCRYPT '91, volume 547 of LNCS, pages 257--265. Springer, Heidelberg, 1991. Google ScholarDigital Library
- J. Chen, H. W. Lim, S. Ling, H. Wang, and H. Wee. Shorter IBE and signatures via asymmetric pairings. Cryptology ePrint Archive, Report 2012/224, 2012. http://eprint.iacr.org/.Google Scholar
- R. Cramer and V. Shoup. A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In H. Krawczyk, editor, CRYPTO 1998, volume 1462 of LNCS, pages 13--25. Springer, Heidelberg, 1998. Google ScholarDigital Library
- R. Cramer and V. Shoup. Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM Journal on Computing, 33(1):167--226, 2003. Google ScholarDigital Library
- J. Groth and A. Sahai. Efficient non-interactive proof systems for bilinear groups. In N. Smart, editor, EUROCRYPT 2008, volume 4965 of LNCS, pages 415--432. Springer, Heidelberg, 2008. Google ScholarDigital Library
- S.-H. Heng and K. Kurosawa. k-resilient identity-based encryption in the standard model. In T. Okamoto, editor, CT-RSA 2004, volume 2964 of LNCS, pages 67--80. Springer, Heidelberg, 2004.Google Scholar
- Y. Sakai, K. Emura, G. Hanaoka, Y. Kawai, T. Matsuda, and K. Omote. Group signatures with message-dependent opening. In Pairing 2012, pages 270--294, 2012. Google ScholarDigital Library
- H. Shacham. A Cramer-Shoup encryption scheme from the linear assumption and from progressively weaker linear variants. Cryptology ePrint Archive, Report 2007/074, 2007. http://eprint.iacr.org/.Google Scholar
Index Terms
- A group signature scheme with unbounded message-dependent opening
Recommendations
A formal construction of certificateless proxy multi-signature scheme
Proxy multi-signature is a scheme that allows a proxy signer to sign messages on behalf of a group of original signers. To our best knowledge, most of the existing proxy multi-signature schemes are proposed in public key infrastructure or identity-based ...
Universal forgery on a group signature scheme using self-certified public keys
A group signature scheme allows any group member to sign messages on behalf of the group in an anonymous and unlinkable fashion. In the event of a dispute, a designated group manager can reveal the identity of the signer. In 1999, Tseng and Jan proposed ...
Improvement of identity-based proxy multi-signature scheme
A proxy signature scheme allows a proxy signer to sign messages on behalf of an original signer, a company or an organization. A proxy multi-signature scheme is an extension of the basic proxy signature scheme, and permits two or more original signers ...
Comments