DGM: A Dynamic and Revocable Group Merkle Signature

Buser, Maxime; Liu, Joseph K.; Steinfeld, Ron; Sakzad, Amin; Sun, Shi-Feng

doi:10.1007/978-3-030-29959-0_10

Cited by 7 publications

(3 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Camenisch also proposed a scheme based on an accumulator [ 18 ], but if group members frequently join or quit the group, another group member needs to update their credential in a timely manner. The same problems also occur in the scheme [ 22 , 23 ] by Yehia and Buser, furthermore, the mechanism of merkle tree makes the scale increase super-linearly with the joining or quitting of users. Brickell [ 20 ] put forward a solution based on the local revocation list, which is inspired by the work of Boneh [ 19 ]; group members do not need to update their credentials frequently.…”

Section: Related Workmentioning

confidence: 88%

“…At the same time, ref. [ 22 , 23 ] based on merkle hash tree, suggested that the storage and computational overhead vary superlinearly along with the number of users who frequently join or quit An attribute tree using secret sharing [ 24 ] and Lagrange interpolation impels the users satisfying certain attributes and can decrypt messages under the broadcast encryption [ 25 ]. The idea of subset covering or subset difference [ 26 , 27 ] in an attribute tree to reduce search time and communication cost can be used to improve revocable group signature.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

RPVC: A Revocable Publicly Verifiable Computation Solution for Edge Computing

Jiao

Zhou

Wang

et al. 2022

Sensors

View full text Add to dashboard Cite

With publicly verifiable computation (PVC) development, users with limited resources prefer to outsource computing tasks to cloud servers. However, existing PVC schemes are mainly proposed for cloud computing scenarios, which brings bandwidth consumption or network delay of IoT devices in edge computing. In addition, dishonest edge servers may reduce resource utilization by returning unreliable results. Therefore, we propose a revocable publicly verifiable computation(RPVC) scheme for edge computing. On the one hand, RPVC ensures that users can verify the correct results at a small cost. On the other hand, it can revoke the computing abilities of dishonest edge servers. First, polynomial commitments are employed to reduce proofs’ length and generation speed. Then, we improve revocable group signature by knowledge signatures and subset covering theory. This makes it possible to revoke dishonest edge servers. Finally, theoretical analysis proves that RPVC has correctness and security, and experiments evaluate the efficiency of RPVC.

show abstract

Section: Related Workmentioning

confidence: 88%

Section: Introductionmentioning

confidence: 99%

RPVC: A Revocable Publicly Verifiable Computation Solution for Edge Computing

Jiao

Zhou

Wang

et al. 2022

Sensors

View full text Add to dashboard Cite

show abstract

“…The security of symmetric primitives is the most well-understood and easier to evaluate, hence it serves as a safety net if the security of other approaches were endangered by newly discovered threats. Symmetric primitives have been used to build several variants of anonymous signature schemes, such as group signatures [12,33,45,52,60,61], ring signatures [36,45] and EPID [5]. However, due to the use of a single Merkle tree for membership credentials in a group, these group signature and EPID schemes can only handle a small group size, which is not suitable for TPM use.…”

Section: Introductionmentioning

confidence: 99%

Hash-Based Direct Anonymous Attestation

Chen

Dong

Kassem

et al. 2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Direct Anonymous Attestation (DAA) was designed for the Trusted Platform Module (TPM) and versions using RSA and elliptic curve cryptography have been included in the TPM specifications and in ISO/IEC standards. These standardised DAA schemes have their security based on the factoring or discrete logarithm problems and are therefore insecure against quantum attackers. Research into quantumresistant DAA has resulted in several lattice-based schemes. Now in this paper, we propose the first post-quantum DAA scheme from symmetric primitives. We make use of a hash-based signature scheme, which is a slight modification of SPHINCS+, as a DAA credential. A DAA signature, proving the possession of such a credential, is a multiparty computation-based non-interactive zero-knowledge proof. The security of our scheme is proved under the Universal Composability (UC) model. While maintaining all the security properties required for a DAA scheme, we try to make the TPM's workload as low as possible. Our DAA scheme can handle a large group size (up to 2 60 group members), which meets the requirements of rapidly developing TPM applications.

show abstract