Forward-Secure Group Signatures from Pairings

Nakanishi, Toru; Hira, Yuta; Funabiki, Nobuo

doi:10.1007/978-3-642-03298-1_12

Cited by 13 publications

(10 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In contrast, joining and key updates have linear complexity (in the number of time period T ) in Song's second scheme 2 . Our scheme also compares favorably with the proposal of Nakanishi et al [44], which results in signatures of size O(log T ) and only ensures anonymity in a model (akin to the IND-CPA scenario for public key encryption) where the adversary has no signature opening oracle. As yet another advantage over [46,44], our construction provides anonymity in a stronger sense where, as in [45,34,28], the adversary can query the opening of signatures of her choice.…”

mentioning

confidence: 65%

“…Recently, Nakanishi et al [44] described a pairing-based forward-secure group signature providing better efficiency tradeoffs than Song's schemes. On the other hand, their scheme is presented in an analogue of the static BMW model [8] that does not consider corruptions of the group manager.…”

mentioning

confidence: 98%

“…Finally, the security analysis of our system stands in the standard model, as opposed to the random oracle idealization [10] used in [46,44]. Our construction uses the Groth-Sahai [29] non-interactive proof systems and suitably combines the Boyen-Waters [20] group signature with a key updating technique suggested by Boneh-Boyen-Goh [14] and previously used in [18].…”

mentioning

confidence: 99%

See 2 more Smart Citations

Fully Forward-Secure Group Signatures

Libert

Yung

2012

Cryptography and Security: From Theory to Applications

View full text Add to dashboard Cite

Abstract. When embedding cryptographic tools in actual computing systems, it is important to ensure physical layer protection to cryptographic keys. A simple risk analysis shows that taking advantage of system (i.e., hardware, software, network) vulnerabilities is usually much easier than cryptanalyzing the cryptographic primitives themselves. Forward-secure cryptosystems, in turn, are one of the suggested protective measures, where private keys periodically evolve in such a way that, if a break-in occurs, past uses of those keys in earlier periods are protected.Group signatures are primary privacy-preserving credentials that enable both, non-repudiation and abuser-tracing. In 2001, Song argued why key exposures may cause even greater concerns in the context of group signatures (namely, under the mask of anonymity within a group of other key holders). She then gave two examples of forward-secure group signatures, and argued their ad hoc properties based on the state of understanding of group signature security properties at that time (proper security models had not been formalized yet). These implementations are fruitful initial efforts, but still suffer from certain imperfections. In the first scheme for instance, forward security is only guaranteed to signers as long as the group manager's private key is safe. Another scheme recently described by Nakanishi et al. for static groups also fails to maintain security when the group manager is compromised.In this paper, we reconsider the subject and first formalize the notion of "fully forward-secure group signature" (FS-GS) in dynamic groups. We carefully define the correctness and security properties that such a scheme ought to have. We then give a realization of the primitive with quite attractive features: constant-size signatures, constant cost of signing/verifying, and at most polylog complexity of other metrics. The scheme is further proven secure in the standard model (no random oracle idealization is assumed).

show abstract

mentioning

confidence: 65%

mentioning

confidence: 98%

mentioning

confidence: 99%

See 1 more Smart Citation

Fully Forward-Secure Group Signatures

Libert

Yung

2012

Cryptography and Security: From Theory to Applications

View full text Add to dashboard Cite

show abstract

“…Therefore, when some group member's singing key is disclosed, all the signatures generated during past periods remain valid, which then prevents dishonest group members from repudiating signatures by simply exposing keys. Later, Nakanishi, Hira, Funabiki [51] defined a rigourous security model of FSGS for static groups, where users are fixed throughout the scheme, and demonstrated a pairing-based construction.…”

Section: Introductionmentioning

confidence: 99%

Forward-Secure Group Signatures from Lattices

Ling

Nguyen

Wang

et al. 2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Group signature is a fundamental cryptographic primitive, aiming to protect anonymity and ensure accountability of users. It allows group members to anonymously sign messages on behalf of the whole group, while incorporating a tracing mechanism to identify the signer of any suspected signature. Most of the existing group signature schemes, however, do not guarantee security once secret keys are exposed. To reduce potential damages caused by key exposure attacks, Song (ACM-CCS 2001) put forward the concept of forward-secure group signature (FSGS), which prevents attackers from forging group signatures pertaining to past time periods even if a secret group signing key is revealed at the current time period. For the time being, however, all known secure FSGS schemes are based on number-theoretic assumptions, and are vulnerable against quantum computers.In this work, we construct the first lattice-based FSGS scheme. Our scheme is proven secure under the Short Integer Solution and Learning With Errors assumptions. At the heart of our construction is a scalable lattice-based key evolving mechanism, allowing users to periodically update their secret keys and to efficiently prove in zero-knowledge that key evolution process is done correctly. To realize this essential building block, we first employ the Bonsai tree structure by Cash et al. (EURO-CRYPT 2010) to handle the key evolution process, and then develop Langlois et al.'s construction (PKC 2014) to design its supporting zeroknowledge protocol.

show abstract

“…As group signatures with an additional functionality, a new open functionality, which we call message-dependent opening, has been proposed in [43][44][45], where a signed message-dependent token is generated by an authority called admitter and an opener who has the opening key can open the group signatures using the corresponding token. Forward secure group signature schemes have been proposed [46][47][48][49], where users can update their secret signing key periodically, and group signatures made by the secret keys of previous periods remain secure even if a secret key is exposed. Revocable group signature schemes with backward unlinkability have been proposed [5,9,10,18], where even after a user is revoked, group signatures made by this user before the revocation remain anonymous.…”

Section: Introductionmentioning

confidence: 99%

Anr-Hiding Revocable Group Signature Scheme: Group Signatures with the Property of Hiding the Number of Revoked Users

Emura

Miyaji

Omote

2014

Journal of Applied Mathematics

View full text Add to dashboard Cite

If there are many displaced workers in a company, then a person who goes for job hunting might not select this company. That is, the number of members who quit is quite negative information. Similarly, in revocable group signature schemes, if one knows (or guesses) the number of revoked users (sayr), then one may guess the reason behind such circumstances, and it may lead to harmful rumors. However, no previous revocation procedure can achieve hidingr. In this paper, we propose the first revocable group signature scheme, whereris kept hidden, which we callr-hiding revocable group signature. To handle this property, we newly define the security notion called anonymity with respect to the revocation which guarantees the unlinkability of revoked users.

show abstract

Forward-Secure Group Signatures from Pairings

Cited by 13 publications

References 20 publications

Fully Forward-Secure Group Signatures

Fully Forward-Secure Group Signatures

Forward-Secure Group Signatures from Lattices

Anr-Hiding Revocable Group Signature Scheme: Group Signatures with the Property of Hiding the Number of Revoked Users

Contact Info

Product

Resources

About