Lattice-based group signatures : achieving full dynamicity (and deniability) with ease
Lattice-based group signature is an active research topic in recent years. Since the pioneering work by Gordon et al. (2010) [20], eight other schemes have been proposed, providing various improvements in terms of security, efficiency and functionality. However, most of the existing constructions wo...
Saved in:
| Main Authors: | , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2020
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/144626 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-144626 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1446262023-02-28T19:21:35Z Lattice-based group signatures : achieving full dynamicity (and deniability) with ease Ling, San Nguyen, Khoa Wang, Huaxiong Xu, Yanhong School of Physical and Mathematical Sciences Science::Mathematics Lattice-based Group Signatures Full Dynamicity Lattice-based group signature is an active research topic in recent years. Since the pioneering work by Gordon et al. (2010) [20], eight other schemes have been proposed, providing various improvements in terms of security, efficiency and functionality. However, most of the existing constructions work only in the static setting where the group population is fixed at the setup phase. The only two exceptions are the schemes by Langlois et al. (2014) [27] that handles user revocations (but new users cannot join), and by Libert et al. (2016) [28], [29] which addresses the orthogonal problem of dynamic user enrollments (but users cannot be revoked).In this work, we provide the first lattice-based group signature that offers full dynamicity (i.e., users have the flexibility in joining and leaving the group), and thus, resolve a prominent open problem posed by previous works. Moreover, we achieve this non-trivial feat in a relatively simple manner. Starting with Libert et al.'s fully static construction (2016) [30] - which is arguably the most efficient lattice-based group signature to date, we introduce simple-but-insightful tweaks that allow to upgrade it directly into the fully dynamic setting. More startlingly, our scheme even produces slightly shorter signatures than the former, thanks to an adaptation of a technique proposed by Ling et al. (2013) [35], allowing to prove inequalities in zero-knowledge. The scheme satisfies the strong security requirements of Bootle et al.'s model (2016) [7], under the Short Integer Solution (SIS) and the Learning With Errors (LWE) assumptions.Furthermore, we demonstrate how to equip the obtained group signature scheme with the deniability functionality in a simple way. This attractive functionality, put forward by Ishida et al. (2016) [22], enables the tracing authority to provide an evidence that a given user is not the owner of a signature in question. In the process, we design a zero-knowledge protocol for proving that a given LWE ciphertext does not decrypt to a particular message. Ministry of Education (MOE) Accepted version The authors would like to thank Benoît Libert for helpful comments and discussions. The research is supported by Singapore Ministry of Education under Research Grant MOE2016-T2-2-014(S). Khoa Nguyen is also supported by the Gopalakrishnan – NTU Presidential Postdoctoral Fellowship 2018. 2020-11-16T05:22:03Z 2020-11-16T05:22:03Z 2019 Journal Article Ling, S., Nguyen, K., Wang, H., & Xu, Y. (2019). Lattice-based group signatures: Achieving full dynamicity (and deniability) with ease. Theoretical Computer Science, 783, 71–94. doi:10.1016/j.tcs.2019.03.023 0304-3975 https://hdl.handle.net/10356/144626 10.1016/j.tcs.2019.03.023 783 71 94 en Theoretical Computer Science © 2019 Elsevier B.V. All rights reserved. This paper was published in Theoretical Computer Science and is made available with permission of Elsevier B.V. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Science::Mathematics Lattice-based Group Signatures Full Dynamicity |
| spellingShingle |
Science::Mathematics Lattice-based Group Signatures Full Dynamicity Ling, San Nguyen, Khoa Wang, Huaxiong Xu, Yanhong Lattice-based group signatures : achieving full dynamicity (and deniability) with ease |
| description |
Lattice-based group signature is an active research topic in recent years. Since the pioneering work by Gordon et al. (2010) [20], eight other schemes have been proposed, providing various improvements in terms of security, efficiency and functionality. However, most of the existing constructions work only in the static setting where the group population is fixed at the setup phase. The only two exceptions are the schemes by Langlois et al. (2014) [27] that handles user revocations (but new users cannot join), and by Libert et al. (2016) [28], [29] which addresses the orthogonal problem of dynamic user enrollments (but users cannot be revoked).In this work, we provide the first lattice-based group signature that offers full dynamicity (i.e., users have the flexibility in joining and leaving the group), and thus, resolve a prominent open problem posed by previous works. Moreover, we achieve this non-trivial feat in a relatively simple manner. Starting with Libert et al.'s fully static construction (2016) [30] - which is arguably the most efficient lattice-based group signature to date, we introduce simple-but-insightful tweaks that allow to upgrade it directly into the fully dynamic setting. More startlingly, our scheme even produces slightly shorter signatures than the former, thanks to an adaptation of a technique proposed by Ling et al. (2013) [35], allowing to prove inequalities in zero-knowledge. The scheme satisfies the strong security requirements of Bootle et al.'s model (2016) [7], under the Short Integer Solution (SIS) and the Learning With Errors (LWE) assumptions.Furthermore, we demonstrate how to equip the obtained group signature scheme with the deniability functionality in a simple way. This attractive functionality, put forward by Ishida et al. (2016) [22], enables the tracing authority to provide an evidence that a given user is not the owner of a signature in question. In the process, we design a zero-knowledge protocol for proving that a given LWE ciphertext does not decrypt to a particular message. |
| author2 |
School of Physical and Mathematical Sciences |
| author_facet |
School of Physical and Mathematical Sciences Ling, San Nguyen, Khoa Wang, Huaxiong Xu, Yanhong |
| format |
Article |
| author |
Ling, San Nguyen, Khoa Wang, Huaxiong Xu, Yanhong |
| author_sort |
Ling, San |
| title |
Lattice-based group signatures : achieving full dynamicity (and deniability) with ease |
| title_short |
Lattice-based group signatures : achieving full dynamicity (and deniability) with ease |
| title_full |
Lattice-based group signatures : achieving full dynamicity (and deniability) with ease |
| title_fullStr |
Lattice-based group signatures : achieving full dynamicity (and deniability) with ease |
| title_full_unstemmed |
Lattice-based group signatures : achieving full dynamicity (and deniability) with ease |
| title_sort |
lattice-based group signatures : achieving full dynamicity (and deniability) with ease |
| publishDate |
2020 |
| url |
https://hdl.handle.net/10356/144626 |
| _version_ |
1759855046436061184 |