Foundations of Fully Dynamic Group Signatures

Bootle, Jonathan; Cerulli, Andrea; Chaidos, Pyrros; Ghadafi, Essam; Groth, Jens

doi:10.1007/s00145-020-09357-w

Cited by 26 publications

(37 citation statements)

References 64 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In LPY papers [45,44], they extended the KY model by considering the revocation functionality (the LPY model). Recently, Bootle et al [17] pointed out that in the previous models, a user may be able to sign messages with respect to earlier time intervals during which the user was not a member of the group. Note that they also gave a countermeasure, and it is also applicable to our scheme.…”

Section: Our Contributionmentioning

confidence: 99%

Shortening the Libert-Peters-Yung Revocable Group Signature Scheme by Using the Random Oracle Methodology

Ohara

Emura

Hanaoka

et al. 2019

IEICE Trans. Fundamentals

View full text Add to dashboard Cite

In EUROCRYPT 2012, Libert, Peters and Yung (LPY) proposed the first scalable revocable group signature (R-GS) scheme in the standard model which achieves constant signing/verification costs and other costs regarding signers are at most logarithmic in N , where N is the maximum number of group members. However, although the LPY R-GS scheme is asymptotically quite efficient, this scheme is not sufficiently efficient in practice. For example, the signature size of the LPY scheme is roughly 10 times larger than that of the RSA signature (in 160-bit security). In this paper, we propose a compact R-GS scheme secure in the random oracle model that is efficient not only in the asymptotic sense but also in practical parameter settings. We achieve the same efficiency as the LPY scheme in an asymptotic sense, and the signature size is nearly equal to that of the RSA signature (in 160-bit security). It is particularly worth noting that our R-GS scheme has the smallest signature size compared to those of previous R-GS schemes which enable constant signing/verification costs. Our technique, which we call parallel Boneh-Boyen-Shacham group signature technique, helps to construct a R-GS scheme without following the technique used in LPY, i.e., we directly apply the Naor-Naor-Lotspiech framework without using any identity-based encryption.

show abstract

Section: Our Contributionmentioning

confidence: 99%

Shortening the Libert-Peters-Yung Revocable Group Signature Scheme by Using the Random Oracle Methodology

Ohara

Emura

Hanaoka

et al. 2019

IEICE Trans. Fundamentals

View full text Add to dashboard Cite

show abstract

“…A secure pRate scheme must possess the anonymity, rating-secrecy and unforgeability properties that were introduced informally in Section 2. In Appendix A we formalise these properties using game-based security definitions which are based on security models for group signatures [8,13]. For unforgeability, we model three different aspects: (i) advertisement-unforgeability to ensure that only users in possession of a valid reputation credential urep can create valid advertisements for their reputations scores, (ii) ratee-unforgeability to ensure that only users in possession of a valid reputation credential urep can issue rating tokens during the execution of the Token protocol that can then be used to produce ratings, (iii) rater-unforgeability to ensure that only users in possession of rating tokens issued to them by some other user can submit valid ratings for that user.…”

Section: Syntax and Security Properties Of Pratementioning

confidence: 99%

“…-The score was updated no earlier than 1 Oct 2018, i.e., t > 6848 where 6848 is the number of days elapsed from 1 Jan 2000 to 1 Oct 2018. This can be proved using t ∈ [0, 2 13 ) and t − 6848 ∈ [0, 2 13 ).…”

Section: Performance Analysismentioning

confidence: 99%

pRate: Anonymous Star Rating with Rating Secrecy

Liu

Manulis

2019

Applied Cryptography and Network Security

View full text Add to dashboard Cite

We introduce pRate, a novel reputation management scheme with strong security and privacy guarantees for the users and their reputation scores. The reputation scores are computed based on the (aggregated) number(s) of stars that users receive from their raters. pRate allows users to advertise privacy-friendly statements about their reputation when searching for potential transaction partners. Ratings can only be submitted by partners who have been initially authorised by the ratee and issued a rating token. The scheme is managed by a possibly untrusted reputation manager who can register users and assist ratees in updating their reputation scores, yet without learning these scores. In addition to ensuring the secrecy of the ratings, a distinctive feature of pRate over prior proposals, is that it hides the identities of raters and ratees from each other during the transaction and rating stages. The scheme is built from a number of efficient cryptographic primitives; its security is formally modeled and proven to hold under widely used assumptions on bilinear groups.

show abstract

“…Moreover, we require that a signature is invalid if the corresponding signer is revoked. 8 7 Recently, Bootle et al [18] consider fully dynamic group signatures where users can join and leave at any time. They point out that previous definitions are weak in the sense that these definitions allow members who joined at recent time periods to sign messages w.r.t earlier time periods during which they were not members of the group.…”

Section: Security Definitions Of Gs-tdlmentioning

confidence: 99%

Road-to-Vehicle Communications With Time-Dependent Anonymity: A Lightweight Construction and Its Experimental Results

Emura

Hayashi

2018

IEEE Trans. Veh. Technol.

View full text Add to dashboard Cite

This paper describes techniques that enable vehicles to collect local information (such as road conditions and traffic information) and report it via road-to-vehicle communications. To exclude malicious data, the collected information is signed by each vehicle. In this communications system, the location privacy of vehicles must be maintained. However, simultaneously linkable information (such as travel routes) is also important. That is, no such linkable information can be collected when full anonymity is guaranteed using cryptographic tools such as group signatures. Similarly, continuous linkability (via pseudonyms, for example) may also cause problem from the viewpoint of privacy. In this paper, we propose a road-to-vehicle communication system with relaxed anonymity via group signatures with time-token dependent linking (GS-TDL). Briefly, a vehicle is unlinkable unless it generates multiple signatures in the same time period. We provide our experimental results (using the RELIC library on a cheap and constrained computational power device, Raspberry Pi), and simulate our system by using a traffic simulator (PTV), a radio wave propagation analysis tool (RapLab), and a network simulator (QualNet). Though a similar functionality of time-token dependent linking was proposed by Wu, Domingo-Ferrer and González-Nicolás (IEEE T. Vehicular Technology 2010), we can show an attack against the scheme where anyone can forge a valid group signature without using a secret key. In contrast, our GS-TDL scheme is provably secure. In addition to the time-dependent linking property, our GS-TDL scheme supports verifier-local revocation (VLR), where a signer (vehicle) is not involved in the revocation procedure. It is particularly worth noting that no secret key or certificate of a signer (vehicle) must be updated whereas the security credential management system (SCMS) must update certificates frequently for vehicle privacy. Moreover, our technique maintains constant signing and verification costs by using the linkable part of signatures. This might be of independent interest. * An extended abstract appears in the 4th International Workshop on Lightweight Cryptography for Security and Privacy (LightSec 2015) [27]. This is the full version. In the conference version, we provided the GS-TDL part, and used the TEPLA library [4] for estimating the efficiency of our GD-TDL scheme. In this full version, we use the RELIC library and reconsider the pairing equations in our algorithm. Moreover, we simulate our system using PTV, RapLab, and QualNet.

show abstract

Foundations of Fully Dynamic Group Signatures

Cited by 26 publications

References 64 publications

Shortening the Libert-Peters-Yung Revocable Group Signature Scheme by Using the Random Oracle Methodology

Shortening the Libert-Peters-Yung Revocable Group Signature Scheme by Using the Random Oracle Methodology

pRate: Anonymous Star Rating with Rating Secrecy

Road-to-Vehicle Communications With Time-Dependent Anonymity: A Lightweight Construction and Its Experimental Results

Contact Info

Product

Resources

About