Fair Traceable Multi-Group Signatures

This paper presents fair traceable multi-group signatures (FTMGS), which have enhanced capabilities, compared to group and traceable signatures, that are important in real world scenarios combining accountability and anonymity. The main goal of the primitive is to allow multiple groups that are managed separately (managers are not even aware of the other ones), yet allowing users (in the spirit of the Identity 2.0 initiative) to manage what they reveal about their identity with respect to these groups by themselves. This new primitive incorporates the following additional features. - While considering multiple groups it discourages users from sharing their private membership keys through two orthogonal and complementary approaches. In fact, it merges functionality similar to credential systems with anonymous type of signing with revocation. - The group manager now mainly manages joining procedures, and new entities (called fairness authorities and consisting of various representatives, possibly) are involved in opening and revealing procedures. In many systems scenario assuring fairness in anonymity revocation is required. We specify the notion and implement it in the random oracle model

An Identity-Based Group Signature with Membership Revocation in the Standard Model

Group signatures allow group members to sign an arbitrary number\ud of messages on behalf of the group without revealing their\ud identity. Under certain circumstances the group manager holding a\ud tracing key can reveal the identity of the signer from the\ud signature. Practical group signature schemes should support\ud membership revocation where the revoked member loses the\ud capability to sign a message on behalf of the group without\ud influencing the other non-revoked members. A model known as\ud \emph{verifier-local revocation} supports membership revocation.\ud In this model the trusted revocation authority sends revocation\ud messages to the verifiers and there is no need for the trusted\ud revocation authority to contact non-revoked members to update\ud their secret keys. Previous constructions of verifier-local\ud revocation group signature schemes either have a security proof in the\ud random oracle model or are non-identity based. A security proof\ud in the random oracle model is only a heuristic proof and\ud non-identity-based group signature suffer from standard Public Key\ud Infrastructure (PKI) problems, i.e. the group public key is not\ud derived from the group identity and therefore has to be certified.\ud \ud \ud In this work we construct the first verifier-local revocation group\ud signature scheme which is identity-based and which has a security proof in the standard model. In\ud particular, we give a formal security model for the proposed\ud scheme and prove that the scheme has the\ud property of selfless-anonymity under the decision Linear (DLIN)\ud assumption and it is fully-traceable under the\ud Computation Diffie-Hellman (CDH) assumption. The proposed scheme is based on prime order bilinear\ud groups

A Traceable Ring Signature Scheme based on Coding Theory

Traceable ring signatures are a variant of ring signatures which allows the identity of a user to be revealed, when it signs two different messages with respect to the same group of users. It has applications in e-voting and in cryptocurrencies, such as the well-known Monero. We propose the first traceable ring signature scheme whose security is based on the hardness of the Syndrome Decoding problem, a problem in coding theory which is conjectured to be unsolvable by both classical and quantum algorithms. To construct the scheme, we use a variant of Stern\u27s protocol and, by applying the Fiat-Shamir transform to it in an ingenious way, we obtain a ring signature that allows traceability. We prove that the resulting protocol has the standard security properties for traceable ring signatures in the random oracle model: tag-linkability, anonymity and exculpability. As far as we know, this is the first proposal for a traceable ring signature scheme in the post-quantum setting

One-time Traceable Ring Signatures

A ring signature allows a party to sign messages anonymously on behalf of a group, which is called ring. Traceable ring signatures are a variant of ring signatures that limits the anonymity guarantees, enforcing that a member can sign anonymously at most one message per tag. Namely, if a party signs two different messages for the same tag, it will be de-anomymized. This property is very useful in decentralized platforms to allow members to anonymously endorse statements in a controlled manner. In this work we introduce one-time traceable ring signatures, where a member can sign anonymously only one message. This natural variant suffices in many applications for which traceable ring signatures are useful, and enables us to design a scheme that only requires a few hash evaluations and outperforms existing (non one-time) schemes. Our one-time traceable ring signature scheme presents many advantages: it is fast, with a signing time of less than 1 second for a ring of $2^{10}$ signers (and much less for smaller rings); it is {\em post-quantum resistant}, as it only requires hash evaluations; it is extremely simple, as it requires only a black-box access to a generic hash function (modeled as a random oracle) and no other cryptographic operation is involved. From a theoretical standpoint our scheme is also the first anonymous signature scheme based on a black-box access to a symmetric-key primitive. All existing anonymous signatures are either based on specific hardness assumptions (e.g., LWE, SIS, etc.) or use the underlying symmetric-key primitive in a non-black-box way, i.e., they leverage the circuit representation of the primitive

Universally Convertible Directed Signatures

Many variants of Chaum and van Antwerpen's undeniable signatures have been proposed to achieve specific properties desired in real-world applications of cryptography. Among them, directed signatures were introduced by Lim and Lee in 1993. Directed signatures differ from the well-known confirmer signatures in that the signer has the simultaneous abilities to confirm, deny and individually convert a signature. The universal conversion of these signatures has remained an open problem since their introduction in 1993. This paper provides a positive answer to this quest by showing a very efficient design for universally convertible directed signatures (UCDS) both in terms of computational complexity and signature size. Our construction relies on the so-called xyz-trick applicable to bilinear map groups. We define proper security notions for UCDS schemes and show that our construction is secure, in the random oracle model, under computational assumptions close to the CDH and DDH assumptions. Finally, we introduce and realize traceable universally convertible directed signatures where a master tracing key allows to link signatures to their direction

A large sample analysis of European rivers on seasonal river flow correlation and its physical drivers

The geophysical and hydrological processes governing river flow formation exhibit persistence at several timescales, which may manifest itself with the presence of positive seasonal correlation of streamflow at several different time lags. We investigate here how persistence propagates along subsequent seasons and affects low and high flows. We define the high-flow season (HFS) and the low-flow season (LFS) as the 3-month and the 1-month periods which usually exhibit the higher and lower river flows, respectively. A dataset of 224 rivers from six European countries spanning more than 50 years of daily flow data is exploited. We compute the lagged seasonal correlation between selected river flow signatures, in HFS and LFS, and the average river flow in the antecedent months. Signatures are peak and average river flow for HFS and LFS, respectively. We investigate the links between seasonal streamflow correlation and various physiographic catchment characteristics and hydro-climatic properties. We find persistence to be more intense for LFS signatures than HFS. To exploit the seasonal correlation in the frequency estimation of high and low flows, we fit a bi-variate meta-Gaussian probability distribution to the selected flow signatures and average flow in the antecedent months in order to condition the distribution of high and low flows in the HFS and LFS, respectively, upon river flow observations in the previous months. The benefit of the suggested methodology is demonstrated by updating the frequency distribution of high and low flows one season in advance in a real-world case. Our findings suggest that there is a traceable physical basis for river memory which, in turn, can be statistically assimilated into high- and low-flow frequency estimation to reduce uncertainty and improve predictions for technical purposes

Seismic modelling and paleoceanography at DSDP Site 574

The analysis of high-resolution watergun seismic profiles collected in support of DSDP Leg 85 drilling reveals sev eral major, regionally traceable reflectors that can be correlated over more than 360,000 km2 in the central equatorial Pacific. Synthetic seismograms generated from shipboard physical property measurements (carefully corrected to in situ values) for DSDP Site 574 show excellent agreement with the field records; the agreement suggests that the traveltime to-depth conversion is accurate and permits the precise (± 5 m) location of reflectors in the cored section. The reflectors can be dated (±0.5 Ma) as follows: Orange, 21.5 to 22.5 Ma; Yellow, 20.5 to 21.5 Ma; Lavender, 16 to 17 Ma; Red, 13.5 to 14.5 Ma; Purple, 11 to 12 Ma; Brown, 7 to 8 Ma; and Green, 3 to 4 Ma. Similar analyses at the other Leg 85 sites result in identical ages. The reflectors are thus time surfaces; this chapter relates them to major paleoceanographic events and changes in the relative sea-level curve. The Orange and Yellow reflectors are associated with a marked increase in δ 1 3C, a major change in planktonic foraminiferal assemblages, the development of the deep Circum-Antarctic Current, and the establishment of steep thermal gradients between tropical and polar regions. This reorganization of the oceanic circulation system was probably a response to the opening of the Drake Passage, and it resulted in changes in the chemistry of tropical Pacific waters that caused the induration (and thus impedance contrasts) associated with these reflectors. The Lavender reflector is associated with a large carbonate minimum, the Chron 16 carbon shift, a widespread hiatus (NH2), major eustatic sea-level fluctuations, and a significant increase in silica deposition in the Pacific. It is not associated with 18O enrichment or climatic cooling. We conclude that this event represents an intensification in Antarc tic Bottom Water (AABW) circulation and the partitioning of silica between the Atlantic and the Pacific, caused by the introduction of North Atlantic Deep Water (NADW) in response to paleobathymetric and tectonic events. The Red re flector is associated with a subdued carbonate minimum, a widespread hiatus (NH3), a sea-level drop, significant changes in microfossil assemblages, and a major increase in δ 1 8 that has been linked with the buildup of Antarctic ice. Detailed isotopic analyses reveal that this isotopic shift occurred within an interval of 30,000 yr. and precisely at the depth of the Red reflector. The Purple reflector is associated with an extremely large carbonate minimum, a change in the style of carbonate deposition in the Pacific, a major lithologic boundary, a widespread hiatus (NH4), an increase in the provincialism be tween low and high latitudes in all planktonic microfossil assemblages, an apparent fall in eustatic sea level, an enrich ment in δ 1 8 , and a major North Atlantic reflector interpreted as representing an intensification of North Atlantic bot tom-water circulation. The Brown reflector is roughly associated with a small carbonate minimum, an enrichment in δ 1 8 , the late Miocene 1 3C depletion, a drop in the relative sea-level curve, and major faunal changes. The Green reflector is associated with a large carbonate minimum, an enrichment in δ 1 8 , a major western North Atlantic erosional event, and a widespread eastern Atlantic seismic reflector. The bulk of evidence supports correlation with the onset of Northern Hemisphere glaciation, but detailed isotopic analyses indicate that this isotopic event may be linked to the establishment of colder bottom waters without major ice-sheet development. Several types of reflectors have been identified. The reflectors in the older section result from diagenetic effects; the regionally correctable reflectors are associated with global events. In the younger (post-18 Ma) section, local reflectors are characterized by velocity contrasts, whereas regional reflectors are associated with density contrasts caused by car bonate minima. Two modes of generation of carbonate minima (and thus of reflectors) spanning the equatorial Pacific are (1) the intensification of AABW without the concurrent intensification of NADW and so without fractionation of silica between the Atlantic and the Pacific; this mode results in the less extreme carbonate minima; and (2) the intensifi cation of AABW in response to the intensification of NADW; this mode results in extreme carbonate minima and a cor relation of equatorial Pacific reflectors with North Atlantic events