28,576 research outputs found
Group Signatures and Accountable Ring Signatures from Isogeny-based Assumptions
Group signatures are an important cryptographic primitive providing both
anonymity and accountability to signatures. Accountable ring signatures combine
features from both ring signatures and group signatures, and can be directly
transformed to group signatures. While there exists extensive work on
constructing group signatures from various post-quantum assumptions, there has
not been any using isogeny-based assumptions. In this work, we propose the
first construction of isogeny-based group signatures, which is a direct result
of our isogeny-based accountable ring signature. This is also the first
construction of accountable ring signatures based on post-quantum assumptions.
Our schemes are based on the decisional CSIDH assumption (D-CSIDH) and are
proven secure under the random oracle model (ROM)
Collusion Resistant Revocable Ring Signatures and Group Signatures from Hard Homogeneous Spaces
Both ring signatures and group signatures are useful privacy tools, allowing signers to hide their identities
within a set of other public keys, while allowing their signatures to be validated with respect to the entire
set. Group signature schemes and revocable ring signature schemes both provide the additional ability for
certain authorized members to revoke the anonymity on a signature and reveal the true signer—allowing
management of abuse in the scheme. This work consists of two parts. Firstly, we introduce a stronger security
notion—collusion resistance—for revocable ring signatures and show how to derive a group signature
scheme from it, which provides a new approach to obtaining group signatures. This improves on the existing
weak security model (e.g. with selfless anonymity) which fails to guarantee anonymity of members whose
keys are exposed. Our stronger notion requires that the scheme remains secure against full key exposure
in the anonymity game, and allows collusion among arbitrary members in the revocability game. Secondly
(and more concretely), we construct a practical collusion-resistant revocable ring signature scheme based on
hard homogenous spaces (HHS), and thus obtain a group signature scheme based on isogenies. To the best
of our knowledge, the schemes given in this work are the first efficient post-quantum (collusion-resistant)
revocable ring signature scheme, and the first efficient isogeny-based group signature scheme in the literature
Privacy-preserving PKI design based on group signature
Nowadays, Internet becomes a part of our life. We can make use of numerous services with personal computer, Lap-top, tablet, smart phone or smart TV. These devices with network make us enjoy ubiquitous computing life. Sometimes, on-line services request us authentication or identification for access control and authorization, and PKI technology is widely used because of its security. However the possibility of privacy invasion will increase, if We’re identified with same certificate in many services and these identification data are accumulated. For privacy-preserving authentication or anonymous authentication, there have been many researches such as Group signatures, anonymous credentials, etc. Among these researches, group signatures are very practical Because they provide unlinkability and traceability as well as anonymity. In this paper, we propose a privacy-preserving PKI based on group signature, with which users’ privacy can be Kept in services. Because of traceability, their identities can be traced if they abuse anonymity such as cybercrime. Moreover, we will also discuss open issues for further studies
Group Signatures: Unconditional Security for Members
First a detailed definition of group signatures, originally suggested by Chaum and van {Heijst}, is given. Such signatures allow members of a group to sign messages anonymously on behalf of the group subject to the constraint that, in case of disputes later on, a designated authority can identify the signer. It is shown that if such schemes are to provide information theoretic anonymity, then the length of the secret information of the members and the authority increases with the number of members and the number of signatures each member is allowed to make. A dynamic scheme meeting these lower bounds is described. Unlike previous suggestions it protects each member unconditionally against framing, i.e.\ being held responsible for a signature made by someone else
Adding Controllable Linkability to Pairing-Based Group Signatures For Free
Group signatures, which allow users of a group to anonymously produce signatures on behalf of the group, are an important cryptographic primitive for privacy-enhancing applications. Over the years, various approaches to enhanced anonymity management mechanisms, which extend the standard feature of opening of group signatures, have been proposed.
In this paper we show how pairing-based group signature schemes (PB-GSSs) following the sign-and-encrypt-and-prove (SEP) paradigm that are secure in the BSZ model can be generically transformed in order to support one particular enhanced anonymity management mechanism, i.e., we propose a transformation that turns every such PB-GSS into a PB-GSS with controllable linkability. Basically, this transformation replaces the public key encryption scheme used for identity escrow within a group signature scheme with a modified all-or-nothing public key encryption with equality tests scheme (denoted AoN-PKEET) instantiated from the respective public key encryption scheme. Thereby, the respective trapdoor is given to the linking authority as a linking key. The appealing benefit of this approach in contrast to other anonymity management mechanisms (such as those provided by traceable signatures) is that controllable linkability can be added to PB-GSSs based on the SEP paradigm for free, i.e., it neither influences the signature size nor the computational costs for signers and verifiers in comparison to the scheme without this feature
Accountable Tracing Signatures from Lattices
Group signatures allow users of a group to sign messages anonymously in the
name of the group, while incorporating a tracing mechanism to revoke anonymity
and identify the signer of any message. Since its introduction by Chaum and van
Heyst (EUROCRYPT 1991), numerous proposals have been put forward, yielding
various improvements on security, efficiency and functionality. However, a
drawback of traditional group signatures is that the opening authority is given
too much power, i.e., he can indiscriminately revoke anonymity and there is no
mechanism to keep him accountable. To overcome this problem, Kohlweiss and
Miers (PoPET 2015) introduced the notion of accountable tracing signatures
(ATS) - an enhanced group signature variant in which the opening authority is
kept accountable for his actions. Kohlweiss and Miers demonstrated a generic
construction of ATS and put forward a concrete instantiation based on
number-theoretic assumptions. To the best of our knowledge, no other ATS scheme
has been known, and the problem of instantiating ATS under post-quantum
assumptions, e.g., lattices, remains open to date.
In this work, we provide the first lattice-based accountable tracing
signature scheme. The scheme satisfies the security requirements suggested by
Kohlweiss and Miers, assuming the hardness of the Ring Short Integer Solution
(RSIS) and the Ring Learning With Errors (RLWE) problems. At the heart of our
construction are a lattice-based key-oblivious encryption scheme and a
zero-knowledge argument system allowing to prove that a given ciphertext is a
valid RLWE encryption under some hidden yet certified key. These technical
building blocks may be of independent interest, e.g., they can be useful for
the design of other lattice-based privacy-preserving protocols.Comment: CT-RSA 201
Hash Families and Cover-Free Families with Cryptographic Applications
This thesis is focused on hash families and cover-free families and their application to
problems in cryptography. We present new necessary conditions for generalized separating
hash families, and provide new explicit constructions. We then consider three cryptographic
applications of hash families and cover-free families. We provide a stronger de nition of
anonymity in the context of shared symmetric key primitives and give a new scheme with
improved anonymity properties. Second, we observe that nding the invalid signatures
in a set of digital signatures that fails batch veri cation is a group testing problem, then
apply and compare many group testing algorithms to solve this problem e ciently. In
particular, we apply group testing algorithms based on cover-free families. Finally, we
construct a one-time signature scheme based on cover-free families with short signatures
Short Group Signatures via Structure-Preserving Signatures: Standard Model Security from Simple Assumptions
International audienceGroup signatures are a central cryptographic primitive which allows users to sign messages while hiding their identity within a crowd of group members. In the standard model (without the random oracle idealization), the most efficient constructions rely on the Groth-Sahai proof systems (Euro-crypt'08). The structure-preserving signatures of Abe et al. (Asiacrypt'12) make it possible to design group signatures based on well-established, constant-size number theoretic assumptions (a.k.a. " simple assumptions ") like the Symmetric eXternal Diffie-Hellman or Decision Linear assumptions. While much more efficient than group signatures built on general assumptions, these constructions incur a significant overhead w.r.t. constructions secure in the idealized random oracle model. Indeed, the best known solution based on simple assumptions requires 2.8 kB per signature for currently recommended parameters. Reducing this size and presenting techniques for shorter signatures are thus natural questions. In this paper, our first contribution is to significantly reduce this overhead. Namely, we obtain the first fully anonymous group signatures based on simple assumptions with signatures shorter than 2 kB at the 128-bit security level. In dynamic (resp. static) groups, our signature length drops to 1.8 kB (resp. 1 kB). This improvement is enabled by two technical tools. As a result of independent interest, we first construct a new structure-preserving signature based on simple assumptions which shortens the best previous scheme by 25%. Our second tool is a new method for attaining anonymity in the strongest sense using a new CCA2-secure encryption scheme which is simultaneously a Groth-Sahai commitment
Highly-Efficient Fully-Anonymous Dynamic Group Signatures
Group signatures are a central tool in privacy-enhancing cryptography, which allow members of a group to anonymously produce signatures on behalf of the group. Consequently, they are an attractive means to implement privacy-friendly authentication mechanisms. Ideally, group signatures are dynamic and thus allow to dynamically and concurrently enroll new members to a group. For such schemes, Bellare et al. (CT-RSA\u2705) proposed the currently strongest security model (BSZ model). This model, in particular, ensures desirable anonymity guarantees. Given the prevalence of the resource asymmetry in current computing scenarios, i.e., a multitude of (highly) resource-constrained devices are communicating with powerful (cloud-powered) services, it is of utmost importance to have group signatures that are highly-efficient and can be deployed in such scenarios. Satisfying these requirements in particular means that the signing (client) operations are lightweight.
We propose a novel, generic approach to construct dynamic group signature schemes, being provably secure in the BSZ model and particularly suitable for resource-constrained devices. Our results are interesting for various reasons: We can prove our construction secure without requiring random oracles. Moreover, when opting for an instantiation in the random oracle model (ROM) the so obtained scheme is extremely efficient and outperforms the fastest constructions providing anonymity in the BSZ model - which also rely on the ROM - known to date. Regarding constructions providing a weaker anonymity notion than BSZ, we surprisingly outperform the popular short BBS group signature scheme (CRYPTO\u2704; also proven secure in the ROM) and thereby even obtain shorter signatures. We provide a rigorous comparison with existing schemes that highlights the benefits of our scheme. On a more theoretical side, we provide the first construction following the without encryption paradigm introduced by Bichsel et al. (SCN\u2710) in the strong BSZ model
- …