Constant-size Group Signatures from Lattices
نویسندگان
چکیده
Lattice-based group signature is an active research topic in recent years. Since the pioneering work by Gordon, Katz and Vaikuntanathan (Asiacrypt 2010), ten other schemes have been proposed, providing various improvements in terms of security, efficiency and functionality. However, in all known constructions, one has to fix the number N of group users in the setup stage, and as a consequence, the signature sizes are dependent on N . In this work, we introduce the first constant-size group signature from lattices, which means that the size of signatures produced by the scheme is independent of N and only depends on the security parameter λ. More precisely, in our scheme, the sizes of signatures, public key and users’ secret keys are all of order Õ(λ). The scheme supports dynamic enrollment of users and is proven secure in the random oracle model under the Ring Short Integer Solution (RSIS) and Ring Learning With Errors (RLWE) assumptions. At the heart of our design is a zero-knowledge argument of knowledge of a valid message-signature pair for the Ducas-Micciancio signature scheme (Crypto 2014), that may be of independent interest.
منابع مشابه
(Leveled) Fully Homomorphic Signatures from Lattices
In a homomorphic signature scheme, given a vector of signatures ~σ corresponding to a dataset of messages ~ μ, there is a public algorithm that allows to derive a signature σ′ for message μ′ = f(~ μ) for any function f . Given the tuple (σ′, μ′, f) anyone can publicly verify the result of the computation of function f . Along with the standard notion of unforgeability for signatures, the securi...
متن کاملHomomorphic Signatures for Polynomial Functions
We construct the first homomorphic signature scheme that is capable of evaluating multivariate polynomials on signed data. Given the public key and a signed data set, there is an efficient algorithm to produce a signature on the mean, standard deviation, and other statistics of the signed data. Previous systems for computing on signed data could only handle linear operations. For polynomials of...
متن کاملAnonymous Identification in Ad Hoc Groups
We introduce Ad Hoc Anonymous Identification schemes, a new multi-user cryptographic primitive that allows participants from a user population to form ad hoc groups, and then prove membership anonymously in such groups. Our schemes are based on the notion of accumulator with one-way domain, a natural extension of cryptographic accumulators we introduce in this work. We provide a formal model fo...
متن کاملFull-Domain Subgroup Hiding and Constant-Size Group Signatures
We give a short constant-size group signature scheme, which we prove fully secure under reasonable assumptions in bilinear groups, in the standard model. We achieve this result by using a new NIZK proof technique, related to the BGN cryptosystem and the GOS proof system, but that allows us to hide integers from the full domain rather than individual bits.
متن کاملQuasi-Efficient Revocation of Group Signatures
Several interesting group signature schemes have been proposed todate. However, in order for the entire group signature concept to become practical and credible, the problem of secure and efficient group member revocation must be addressed. In this paper, we construct a new revocation method for group signatures based on the signature scheme by Ateniese et al. [ACJT]. This new method represents...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2018 شماره
صفحات -
تاریخ انتشار 2018