Article

Constant-Size Lattice-Based Group Signature with Forward Security in the Standard Model

Authors:

Sébastien Canard,

Adela Georgescu,

Guillaume Kaim,

Adeline Roux-Langlois,

Jacques TraoréAuthors Info & Claims

Provable and Practical Security: 14th International Conference, ProvSec 2020, Singapore, November 29 – December 1, 2020, Proceedings

Pages 24 - 44

https://doi.org/10.1007/978-3-030-62576-4_2

Published: 29 November 2020 Publication History

Abstract

One important property of group signatures is forward-security, which prevents an attacker in possession of a group signing key to forge signatures produced in the past. In case of exposure of one group member’s signing key, group signatures lacking forward-security need to invalidate all group public and secret keys (by re-initializing the whole system) but also invalidate all previously issued group signatures. Most of the existing forward-secure group signatures (FS-GS) are built from number-theoretic security assumptions which are vulnerable to quantum computers. The only post-quantum secure FS-GS scheme is built from lattices by Ling et al. (PQCrypto 19) in the random oracle model, following the classical framework of encrypt-then-prove, thus using non-interactive zero-knowledge (NIZK) proofs. In this work, we achieve the first FS-GS from lattices in the standard model. Our starting point is the group signature of Katsumada and Yamada (Eurocrypt 19) which replaces NIZK by attribute-based signatures (ABS), thus removing the need for random oracles. We first modify the underlying ABS of Tsabary (TCC 17) to equip it with forward-security property. We then prove that by plugging it back in the group signature framework of Katsumada and Yamada (Eurocrypt 19), we can design a FS-GS scheme secure in the standard model with public key and signature size constant in the number of users. Our constant size is achieved by relying on complexity leveraging, which further implies relying on the subexponential hardness of the Short Integers Solution (SIS) assumption.

References

[1]

Agrawal S, Boneh D, and Boyen X Rabin T Lattice basis delegation in fixed dimension and shorter-ciphertext hierarchical IBE Advances in Cryptology – CRYPTO 2010 2010 Heidelberg Springer 98-115

[2]

Ateniese G, Camenisch J, Joye M, and Tsudik G Bellare M A practical and provably secure coalition-resistant group signature scheme Advances in Cryptology — CRYPTO 2000 2000 Heidelberg Springer 255-270

[3]

Ajtai, M.: Generating hard instances of lattice problems (extended abstract). In: STOC, pp. 99–108. ACM (1996)

[4]

Boneh D and Boyen X Franklin M Secure identity based encryption without random oracles Advances in Cryptology – CRYPTO 2004 2004 Heidelberg Springer 443-459

[5]

Boneh D, Boyen X, and Shacham H Franklin M Short group signatures Advances in Cryptology – CRYPTO 2004 2004 Heidelberg Springer 41-55

[6]

Boschini C, Camenisch J, and Neven G Preneel B and Vercauteren F Floppy-sized group signatures from lattices Applied Cryptography and Network Security 2018 Cham Springer 163-182

[7]

Bellare M and Miner SK Wiener M A forward-secure digital signature scheme Advances in Cryptology — CRYPTO 99 1999 Heidelberg Springer 431-448

[8]

Bellare M, Micciancio D, and Warinschi B Biham E Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions Advances in Cryptology — EUROCRYPT 2003 2003 Heidelberg Springer 614-629

[9]

Boyen, X., Shacham, H., Shen, E., Waters, B.: Forward-secure signatures with untrusted update. In: ACM Conference on Computer and Communications Security, pp. 191–200. ACM (2006)

[10]

Bellare M, Shi H, and Zhang C Menezes A Foundations of group signatures: the case of dynamic groups Topics in Cryptology – CT-RSA 2005 2005 Heidelberg Springer 136-153

[11]

Boyen X and Waters B Vaudenay S Compact group signatures without random oracles Advances in Cryptology - EUROCRYPT 2006 2006 Heidelberg Springer 427-444

[12]

Bellare M and Yee B Joye M Forward-security in private-key cryptography Topics in Cryptology — CT-RSA 2003 2003 Heidelberg Springer 1-18

[13]

Canetti R, Halevi S, and Katz J Biham E A forward-secure public-key encryption scheme Advances in Cryptology — EUROCRYPT 2003 2003 Heidelberg Springer 255-271

[14]

Cash D, Hofheinz D, Kiltz E, and Peikert C Gilbert H Bonsai trees, or how to delegate a lattice basis Advances in Cryptology – EUROCRYPT 2010 2010 Heidelberg Springer 523-552

[15]

Camenisch J and Lysyanskaya A Franklin M Signature schemes and anonymous credentials from bilinear maps Advances in Cryptology – CRYPTO 2004 2004 Heidelberg Springer 56-72

[16]

Camenisch J, Neven G, and Rückert M Visconti I and De Prisco R Fully anonymous attribute tokens from lattices Security and Cryptography for Networks 2012 Heidelberg Springer 57-75

[17]

Chaum D and van Heyst E Davies DW Group signatures Advances in Cryptology — EUROCRYPT 91 1991 Heidelberg Springer 257-265

[18]

del Pino, R., Lyubashevsky, V., Seiler, G.: Lattice-based group signatures and zero-knowledge proofs of automorphism stability. In: ACM Conference on Computer and Communications Security, pp. 574–591. ACM (2018)

[19]

Diffie W, van Oorschot PC, and Wiener MJ Authentication and authenticated key exchanges Des. Codes Cryptogr. 1992 2 2 107-125

[20]

Gordon SD, Katz J, and Vaikuntanathan V Abe M A group signature scheme from lattice assumptions Advances in Cryptology - ASIACRYPT 2010 2010 Heidelberg Springer 395-412

[21]

Groth J Kurosawa K Fully anonymous group signatures without random oracles Advances in Cryptology – ASIACRYPT 2007 2007 Heidelberg Springer 164-180

[22]

Günther CG Quisquater J-J and Vandewalle J An identity-based key-exchange protocol Advances in Cryptology — EUROCRYPT 89 1990 Heidelberg Springer 29-37

[23]

Håstad J, Impagliazzo R, Levin LA, and Luby M A pseudorandom generator from any one-way function SIAM J. Comput. 1999 28 4 1364-1396

[24]

Itkis G and Reyzin L Kilian J Forward-secure signatures with optimal signing and verifying Advances in Cryptology — CRYPTO 2001 2001 Heidelberg Springer 332-354

[25]

Katsumata S and Yamada S Ishai Y and Rijmen V Group signatures without NIZK: from lattices in the standard model Advances in Cryptology – EUROCRYPT 2019 2019 Cham Springer 312-344

[26]

Laguillaumie F, Langlois A, Libert B, and Stehlé D Sako K and Sarkar P Lattice-based group signatures with logarithmic signature size Advances in Cryptology - ASIACRYPT 2013 2013 Heidelberg Springer 41-61

[27]

Libert B, Ling S, Mouhartem F, Nguyen K, and Wang H Cheon JH and Takagi T Signature schemes with efficient protocols and dynamic group signatures from lattice assumptions Advances in Cryptology – ASIACRYPT 2016 2016 Heidelberg Springer 373-403

[28]

Langlois A, Ling S, Nguyen K, and Wang H Krawczyk H Lattice-based group signature scheme with verifier-local revocation Public-Key Cryptography – PKC 2014 2014 Heidelberg Springer 345-361

[29]

Libert B, Ling S, Nguyen K, and Wang H Fischlin M and Coron J-S Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors Advances in Cryptology – EUROCRYPT 2016 2016 Heidelberg Springer 1-31

[30]

Libert B, Mouhartem F, and Nguyen K Manulis M, Sadeghi A-R, and Schneider S A lattice-based group signature scheme with message-dependent opening Applied Cryptography and Network Security 2016 Cham Springer 137-155

[31]

Ling S, Nguyen K, and Wang H Katz J Group signatures from lattices: simpler, tighter, shorter, ring-based Public-Key Cryptography – PKC 2015 2015 Heidelberg Springer 427-449

[32]

Ling S, Nguyen K, Wang H, and Xu Y Gollmann D, Miyaji A, and Kikuchi H Lattice-based group signatures: achieving full dynamicity with ease Applied Cryptography and Network Security 2017 Cham Springer 293-312

[33]

Ling S, Nguyen K, Wang H, and Xu Y Abdalla M and Dahab R Constant-size group signatures from lattices Public-Key Cryptography – PKC 2018 2018 Cham Springer 58-88

[34]

Ling S, Nguyen K, Wang H, and Xu Y Ding J and Steinwandt R Forward-secure group signatures from lattices Post-Quantum Cryptography 2019 Cham Springer 44-64

[35]

Libert, B., Yung, M.: Dynamic fully forward-secure group signatures. In: AsiaCCS, pp. 70–81. ACM (2010)

[36]

Mohassel P Biryukov A, Gong G, and Stinson DR One-time signatures and chameleon hash functions Selected Areas in Cryptography 2011 Heidelberg Springer 302-319

[37]

Micciancio D and Peikert C Pointcheval D and Johansson T Trapdoors for lattices: simpler, tighter, faster, smaller Advances in Cryptology – EUROCRYPT 2012 2012 Heidelberg Springer 700-718

[38]

Nakanishi T, Hira Y, and Funabiki N Shacham H and Waters B Forward-secure group signatures from pairings Pairing-Based Cryptography – Pairing 2009 2009 Heidelberg Springer 171-186

[39]

Nguyen PQ, Zhang J, and Zhang Z Katz J Simpler efficient group signatures from lattices Public-Key Cryptography – PKC 2015 2015 Heidelberg Springer 401-426

[40]

Peikert C and Shiehian S Boldyreva A and Micciancio D Noninteractive zero knowledge for NP from (plain) learning with errors Advances in Cryptology – CRYPTO 2019 2019 Cham Springer 89-114

[41]

Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC, pp. 84–93. ACM (2005)

[42]

Song, D.X.: Practical forward secure group signature schemes. In: ACM Conference on Computer and Communications Security, pp. 225–234. ACM (2001)

[43]

Tsabary R Kalai Y and Reyzin L An equivalence between attribute-based signatures and homomorphic signatures, and new constructions for both Theory of Cryptography 2017 Cham Springer 489-518

[44]

Yuen TH, Liu JK, Huang X, Au MH, Susilo W, and Zhou J Chim TW and Yuen TH Forward secure attribute-based signatures Information and Communications Security 2012 Heidelberg Springer 167-177

Cited By

Zhao YYang SHuang X(2024)Lattice-based dynamic universal accumulatorComputer Standards & Interfaces10.1016/j.csi.2023.10380789:COnline publication date: 25-Jun-2024
https://dl.acm.org/doi/10.1016/j.csi.2023.103807
Yu XWang Y(2023)Forward Secure Lattice-Based Ring Signature Scheme in the Standard ModelInformation and Communications Security10.1007/978-981-99-7356-9_9(146-158)Online publication date: 18-Nov-2023
https://dl.acm.org/doi/10.1007/978-981-99-7356-9_9
Chen SChen JMiyaji AChen K(2023)Constant-Size Group Signatures with Message-Dependent Opening from LatticesProvable and Practical Security10.1007/978-3-031-45513-1_10(166-185)Online publication date: 20-Oct-2023
https://dl.acm.org/doi/10.1007/978-3-031-45513-1_10

Index Terms

Constant-Size Lattice-Based Group Signature with Forward Security in the Standard Model

Index terms have been assigned to the content through auto-classification.

Recommendations

Practical forward secure group signature schemes
CCS '01: Proceedings of the 8th ACM conference on Computer and Communications Security

A group signature scheme allows a group member to sign messages anonymously on behalf of the group, while in case of a dispute, a designated entity can reveal the identity of a signature's originator. Group signature schemes can be used as a basic ...
Forward Secure Lattice-Based Ring Signature Scheme in the Standard Model
Information and Communications Security
Abstract
A ring signature scheme allows a group member to generate a signature on behalf of the whole group, while the verifier can not tell who computed this signature. However, most predecessors do not guarantee security from the secret key leakage of ...
Identity-Based Multi-Proxy Signature Scheme in the Standard Model

Multi-proxy signature is a variant of proxy signature, which allows that a delegator (original signer) may delegate his signing rights to many proxy signers. Comparing with proxy signatures, multi-proxy signatures can effectively prevent that some of ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

Provable and Practical Security: 14th International Conference, ProvSec 2020, Singapore, November 29 – December 1, 2020, Proceedings

Nov 2020

425 pages

ISBN:978-3-030-62575-7

DOI:10.1007/978-3-030-62576-4

Editors:
Khoa Nguyen
Nanyang Technological University, Singapore, Singapore
,
Wenling Wu
Chinese Academy of Sciences, Beijing, China
,
Kwok Yan Lam
Nanyang Technological University, Singapore, Singapore
,
Huaxiong Wang
Nanyang Technological University, Singapore, Singapore

© Springer Nature Switzerland AG 2020.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 29 November 2020

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhao YYang SHuang X(2024)Lattice-based dynamic universal accumulatorComputer Standards & Interfaces10.1016/j.csi.2023.10380789:COnline publication date: 25-Jun-2024
https://dl.acm.org/doi/10.1016/j.csi.2023.103807
Yu XWang Y(2023)Forward Secure Lattice-Based Ring Signature Scheme in the Standard ModelInformation and Communications Security10.1007/978-981-99-7356-9_9(146-158)Online publication date: 18-Nov-2023
https://dl.acm.org/doi/10.1007/978-981-99-7356-9_9
Chen SChen JMiyaji AChen K(2023)Constant-Size Group Signatures with Message-Dependent Opening from LatticesProvable and Practical Security10.1007/978-3-031-45513-1_10(166-185)Online publication date: 20-Oct-2023
https://dl.acm.org/doi/10.1007/978-3-031-45513-1_10

View Options

View options

Media

Figures

Other

Tables

View Table of Contents