Group Signature with Constant Revocation Costs for Signers and Verifiers

Fan, Chun-I; Hsu, Ruei-Hau; Manulis, Mark

doi:10.1007/978-3-642-25513-7_16

Cited by 16 publications

(8 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…3) Though signing/verification costs are constant, the size of gpk is O( √ N ) [22] or the size of RL is O(N ) [23]. 4) All costs are asymptotically quite efficient (less than O(log N )), but the real costs are inefficient [24], [19], [25].…”

Section: ) Though the Verification Cost Is O(r) The Signing Costmentioning

confidence: 99%

Secure and Anonymous Communication Technique: Formal Model and Its Prototype Implementation

Emura

Kanaoka

Ohta

et al. 2016

IEEE Trans. Emerg. Topics Comput.

View full text Add to dashboard Cite

Both anonymity and end-to-end encryption are recognized as important properties in privacy-preserving communication. However, secure and anonymous communication protocol that requires both anonymity and end-to-end encryption cannot be realized through a simple combination of current anonymous communication protocols and public key infrastructure (PKI). Indeed, the current PKI contradicts anonymity because the certificate for a user's public key identifies the user. Moreover, we believe that anonymous communication channels should have certain authentication mechanisms because such a channel could incubate criminal communication. To cope with this issue, we propose a secure and anonymous communication protocol by employing identity-based encryption for encrypting packets without sacrificing anonymity, and group signature for anonymous user authentication. Communication occurs in the protocol through proxy entities that conceal user IP addresses from service providers (SPs). We also introduce a proof-ofconcept implementation to demonstrate the protocol's feasibility and analyze its performance. Finally, we conclude that the protocol realizes secure and anonymous communications between users and SPs with practical performance.

show abstract

Section: ) Though the Verification Cost Is O(r) The Signing Costmentioning

confidence: 99%

Secure and Anonymous Communication Technique: Formal Model and Its Prototype Implementation

Emura

Kanaoka

Ohta

et al. 2016

IEEE Trans. Emerg. Topics Comput.

View full text Add to dashboard Cite

show abstract

“…The reason is that, in known pairing-based accumulators [53,27], public keys have linear size in the maximal number of accumulated values (unless one sacrifices the constant size of proofs of non-membership as in [5]), which would result in linear-size group public keys in straightforward implementations. Recently [35], Fan et al suggested a different way to use the accumulator of [27] and announced constant-size group public keys but their scheme still requires the group manager to publicize O(N ) values at each revocation. In a revocation mechanism along the lines of [29], Boneh, Boyen and Shacham [16] managed to avoid linear dependencies.…”

Section: Our Contributionmentioning

confidence: 99%

Scalable Group Signatures with Revocation

Libert

Peters

Yung

2012

Advances in Cryptology – EUROCRYPT 2012

View full text Add to dashboard Cite

Abstract. Group signatures are a central cryptographic primitive, simultaneously supporting accountability and anonymity. They allow users to anonymously sign messages on behalf of a group they are members of. The recent years saw the appearance of several constructions with security proofs in the standard model (i.e., without appealing to the random oracle heuristic). For a digital signature scheme to be adopted, an efficient revocation scheme (as in regular PKI) is absolutely necessary. Despite over a decade of extensive research, membership revocation remains a non-trivial problem in group signatures: all existing solutions are not truly scalable due to either high overhead (e.g., large group public key size), or limiting operational requirement (the need for all users to follow the system's entire history). In the standard model, the situation is even worse as many existing solutions are not readily adaptable. To fill this gap and tackle this challenge, we describe a new revocation approach based, perhaps somewhat unexpectedly, on the Naor-Naor-Lotspiech framework which was introduced for a different problem (namely, that of broadcast encryption). Our mechanism yields efficient and scalable revocable group signatures in the standard model. In particular, the size of signatures and the verification cost are independent of the number of revocations and the maximal cardinality N of the group while other complexities are at most polylogarithmic in N . Moreover, the schemes are history-independent: unrevoked group members do not have to update their keys when a revocation occurs.

show abstract

“…Since Chaum and Van Heyst introduced the group signature concept in [98], researchers have proposed a large number of group signature schemes [99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118].…”

Section: The State-of-the-art Group Signature Schemesmentioning

confidence: 99%

“…The security of the design relies on the strong Diffie-Hellman and the Decision Linear assumptions. Since then, various other group signatures built on bilinear maps have been proposed in [106,115,109,119,116,117,118,110,113,114]. Particularly, schemes [109,119] are designed to provide backward unlinkability for revoked users, i.e., even a member is revoked, signatures generated by this member before the revocation remain anonymous.…”

Section: The State-of-the-art Group Signature Schemesmentioning

confidence: 99%

“…An improved revocation mechanism was to broadcast a message to all signers and verifiers such that non-revoked users can update their secret keys while revoked users cannot [102,104,107]. Recently, schemes [113,114], in which the revocation overhead is constant independently of the number of revoked members, have been proposed. However, the feature of constant revocation overhead in scheme [113] is achieved in the cost of large storage overhead, as the size of its public key is O(…”

Section: The State-of-the-art Group Signature Schemesmentioning

confidence: 99%

See 1 more Smart Citation

Privacy and security protection in cloud integrated sensor networks

Zhang

Wang

View full text Add to dashboard Cite

Wireless sensor networks have been widely deployed in many social settings to monitor human activities and urban environment. In these contexts, they acquire and collect sensory data, and collaboratively fuse the data. Due to resource constraint, sensor nodes however cannot perform complex data processing. Hence, cloud-integrated sensor networks have been proposed to leverage the cloud computing capabilities for processing vast amount of heterogeneous sensory data. After being processed, the sensory data can then be accessed and shared among authorized users and applications pervasively.

show abstract

Group Signature with Constant Revocation Costs for Signers and Verifiers

Cited by 16 publications

References 32 publications

Secure and Anonymous Communication Technique: Formal Model and Its Prototype Implementation

Secure and Anonymous Communication Technique: Formal Model and Its Prototype Implementation

Scalable Group Signatures with Revocation

Privacy and security protection in cloud integrated sensor networks

Contact Info

Product

Resources

About