A Practical Group Signature Scheme Based on Rank Metric

Abstract

In this work, we propose the first rank-based group signature. Our construction enjoys two major advantages compared to concurrent post-quantum schemes since it is both practicably instantiated with public key and signature sizes logarithmic in the number of group members, and dynamic in a relaxation of the reference BSZ model. For such a result, we introduce a new rank-based tool, referred as the Rank Concatenated Stern’s protocol, enabling to link different users to a common syndrome. This protocol, which could be of independent interest, can be seen as a Stern-like protocol with an additional property that permits a verifier to check the weight of each part of a split secret. Along with this work, we also define two rank-based adaptations of Hamming-based problems, referred as the One More Rank Syndrome Decoding and the Decision Rank Syndrome Decoding problems for which we discuss the security. Embedded into Fiat-Shamir paradigm, our authentication protocol leads to a group signature scheme secure in the Random Oracle Model assuming the security of rank-based systems (namely RankSign and LRPC codes) and the newly introduced problems. For a 100 bits security level, we give an example of parameters which lead to a signature size of 550 kB and 5 kB for the public key.