Efficient Traceable Signatures in the Standard Model

Libert, Benôıt; Yung, Moti

doi:10.1007/978-3-642-03298-1_13

Cited by 14 publications

(7 citation statements)

References 44 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Constructions have been proposed in the ROM [35] extending the strong RSA group signature of [2] or from pairings [20,42] as well as in the standard model [36]. The idea to realize user tracing is that the group manager publishes a user specific trapdoor, and given a signature and the trapdoor everyone can check whether specific elements of the signature and the trapdoor satisfy a certain relation.…”

Section: Comparison With Other Approachesmentioning

confidence: 99%

Adding Controllable Linkability to Pairing-Based Group Signatures for Free

Slamanig

Spreitzer

Unterluggauer

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Group signatures, which allow users of a group to anonymously produce signatures on behalf of the group, are an important cryptographic primitive for privacy-enhancing applications. Over the years, various approaches to enhanced anonymity management mechanisms, which extend the standard feature of opening of group signatures, have been proposed. In this paper we show how pairing-based group signature schemes (PB-GSSs) following the signand-encrypt-and-prove (SEP) paradigm that are secure in the BSZ model can be generically transformed in order to support one particular enhanced anonymity management mechanism, i.e., we propose a transformation that turns every such PB-GSS into a PB-GSS with controllable linkability. Basically, this transformation replaces the public key encryption scheme used for identity escrow within a group signature scheme with a modified all-or-nothing public key encryption with equality tests scheme (denoted AoN-PKEET * ) instantiated from the respective public key encryption scheme. Thereby, the respective trapdoor is given to the linking authority as a linking key. The appealing benefit of this approach in contrast to other anonymity management mechanisms (such as those provided by traceable signatures) is that controllable linkability can be added to PB-GSSs based on the SEP paradigm for free, i.e., it neither influences the signature size nor the computational costs for signers and verifiers in comparison to the scheme without this feature.

show abstract

Section: Comparison With Other Approachesmentioning

confidence: 99%

Adding Controllable Linkability to Pairing-Based Group Signatures for Free

Slamanig

Spreitzer

Unterluggauer

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…-the Opener, (which is the same party as the group manager in [LY09], but we prefer to separate the roles as in [BSZ05], since this is a stronger model): it is able to open or trace any signature. The former means that it can learn who is the actual signer of a given signature while the latter decides, on a given signature and an alleged signer, whether the signature has really been generated by this signer or not.…”

Section: Definitionmentioning

confidence: 99%

“…To this end we note σ (i,m) ≡ σ . The subsequent relaxation on the security has already been used in [LY09] for traceable signatures.…”

Section: Correctnessmentioning

confidence: 99%

See 1 more Smart Citation

Traceable Signature with Stepping Capabilities

Blazy

Pointcheval

2012

Cryptography and Security: From Theory to Applications

View full text Add to dashboard Cite

Traceable signatures schemes were introduced by Kiayias, Tsiounis and Yung in order to solve traceability issues in group signature schemes. They wanted to enable authorities to delegate some of their detection capabilities to tracing sub-authorities. Instead of opening every single signatures and then threatening privacy, tracing sub-authorities are able to know if a signature was emitted by specific users only. In 2008, Libert and Yung proposed the first traceable signature schemes proven secure in the standard model. We design another scheme in the standard model, with two instantiations based either on the SXDH or the DLin assumptions. Our construction is far more efficient, both in term of group elements for the signature, and pairing computation for the verification. Besides the "step-in" (confirmation) feature that allows a user to prove he was indeed the signer, our construction provides the "step-out" (disavowal) procedure that allows a user to prove he was not the signer. Since list signature schemes are closely related to this primitive, we consider them, and answer an open problem: list signature schemes are possible without random oracles.

show abstract

“…At the 128-bit security level, ciphertexts and proofs fit within 2.18 and 9.38 kB, respectively. The efficiency is thus competitive with that of state-of-the-art group signatures [15] or traceable signatures [22] relying on non-interactive assumptions in the standard model.…”

Section: Introductionmentioning

confidence: 99%

Traceable Group Encryption

Libert

Yung

Joye

et al. 2014

Public-Key Cryptography – PKC 2014

Self Cite

View full text Add to dashboard Cite

Abstract. Group encryption (GE) is the encryption analogue of group signatures. It allows a sender to verifiably encrypt a message for some certified but anonymous member of a group. The sender is further able to convince a verifier that the ciphertext is a well-formed encryption under some group member's public key. As in group signatures, an opening authority is empowered with the capability of identifying the receiver if the need arises. One application of such a scheme is secure repository at an unknown but authorized cloud server, where the archive is made accessible by a judge order in the case of misbehavior, like a server hosting illegal transaction records (this is done in order to balance individual rights and society's safety). In this work we describe Traceable GE system, a group encryption with refined tracing capabilities akin to those of the primitive of "traceable signatures" (thus, balancing better privacy vs. safety). Our primitive enjoys the properties of group encryption, and, in addition, it allows the opening authority to reveal a user-specific trapdoor which makes it possible to publicly trace all the ciphertexts encrypted for that user without harming the anonymity of other ciphertexts. In addition, group members are able to non-interactively prove that specific ciphertexts are intended for them or not. This work provides rigorous definitions, concrete constructions in the standard model, and security proofs.

show abstract

Efficient Traceable Signatures in the Standard Model

Cited by 14 publications

References 44 publications

Adding Controllable Linkability to Pairing-Based Group Signatures for Free

Adding Controllable Linkability to Pairing-Based Group Signatures for Free

Traceable Signature with Stepping Capabilities

Traceable Group Encryption

Contact Info

Product

Resources

About