Abstract
An efficient member revocation mechanism is a desirable feature when group signature schemes are applied in practical scenarios. Revocation methods, such as verifier-local revocation (VLR), provide an efficient member revocation in applications of group signatures. However, VLR-group signatures rely on a weaker security notion. On the other hand, group signature schemes for static groups gain stronger security with the full-anonymity security notion. Even though an outsider sees the secret signing keys of all group members in the full-anonymity, the signer is still anonymous. Achieving the full-anonymity for VLR group signature schemes is challenging due to the structure of secret signing keys. The secret signing keys of those schemes consist of tokens, which are used to manage revocation. The reveal of tokens may destroy the anonymity of the signers. We obtain stronger security for the lattice-based VLR group signature schemes by providing a new key generation method, which outputs revocation tokens without deriving from the members’ secret signing keys. We propose a new group signature scheme from lattices with VLR, which achieves stronger security than the previous related works. To avoid signature forgeries, we suggest a new zero-knowledge proof system that requires signers to validate themselves. Moreover, we output an efficient tracing mechanism.
Highlights
Group signatures, first proposed by Chaum and van Heyst [1], permit members of a group to issue signatures in the name of the group while hiding their information
In spite of the group manager, he/she can cancel the anonymity of the signatures and identify the owner of the signature
The implicit tracing algorithm given in verifier-local revocation (VLR) group signature schemes is not suitable for large groups because the time consumption is high in tracing a signer
Summary
First proposed by Chaum and van Heyst [1], permit members of a group to issue signatures in the name of the group while hiding their information (anonymity). In spite of the group manager, he/she can cancel the anonymity of the signatures and identify the owner of the signature (traceability). In group signature schemes, the signature receivers can only validate the signatures, he/she cannot identify the signers. The signer should be anonymous to the receivers (outsiders) and traceable to the authorities (the group manager). These two features (anonymity and traceability) make group signature schemes attractive to many real-life applications, namely, key-card access systems, digital right management, and anonymous printing. By adopting the BMW03 model, several group signatures have been proposed, but constructing a scheme with an efficient member revocation and high-level security is a challenge
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call