International Journal of Information Security

, Volume 13, Issue 1, pp 51–62 | Cite as

Group signature implies public-key encryption with non-interactive opening

  • Keita Emura
  • Goichiro Hanaoka
  • Yusuke Sakai
  • Jacob C. N. Schuldt
Regular Contribution


In this paper, we show that public-key encryption with non-interactive opening (PKENO) can be constructed from an arbitrary group signature (GS) scheme which is secure in the dynamic group setting and provides opening soundness. Moreover, the resulting PKENO construction is efficient if the underlying GS scheme is efficient and the message space of the PKENO scheme is restricted to short messages. Hence, our result not only shows that the existence of this type of GS implies the existence of PKENO, but also that designing a practical GS scheme is as difficult as designing a practical PKENO scheme. Our transform is constructed by carefully investigating the relationship between the functionalities of GS and that of PKENO, and developing a novel (but specific) multiple encryption technique. This multiple encryption technique plays an important role for simultaneously achieving both practical efficiency and security.


Group signature Public-key encryption with non-interactive opening 


  1. 1.
    Abdalla, M., Warinschi, B.: On the minimal assumptions of group signature schemes. In: Proceedings of ICICS 2004, pp. 1–13. Springer, Berlin (2004)Google Scholar
  2. 2.
    Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A practical and provably secure coalition-resistant group signature scheme. In: Proceedings of CRYPTO 2000, pp. 255–270. Springer, Berlin (2000)Google Scholar
  3. 3.
    Ateniese, G., Tsudik, G.: Some open issues and new directions in group signatures. In: Proceedings of FC ’99, pp. 196–211. Springer, Berlin (1999)Google Scholar
  4. 4.
    Barak, B., Mahmoody-Ghidary, M.: Lower bounds on signatures from symmetric primitives. In: Proceedings of FOCS ’07. 48th Annual IEEE Symposium on, pp. 680–688 (2007)Google Scholar
  5. 5.
    Bellare, M., Duan, S.: Partial signatures and their applications. Cryptology ePrint Archive, Report 2009/336 (2009)Google Scholar
  6. 6.
    Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Proceedings of EUROCRYPT 2003, pp. 614–629. Springer, Berlin (2003)Google Scholar
  7. 7.
    Bellare, M., Shi, H., Zhang, C.: Foundations of group signatures: the case of dynamic groups. In: Proceedings of CT-RSA 2005, pp. 136–153. Springer, Berlin (2005)Google Scholar
  8. 8.
    Bellare, M., Shoup, S.: Two-tier signatures, strongly unforgeable signatures, and Fiat-Shamir without random oracles. In: Proceedings of PKC 2007, pp. 201–216. Springer, Berlin (2007)Google Scholar
  9. 9.
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Proceedings of CRYPTO 2004, pp. 41–55. Springer, Berlin (2004)Google Scholar
  10. 10.
    Bringer, J., Chabanne, H., Pointcheval, D., Zimmer, S.: An application of the Boneh and Shacham group signature scheme to biometric authentication. In: Proceedings of IWSEC 2008, pp. 219–230. Springer, Berlin (2008)Google Scholar
  11. 11.
    Camenisch, J., Groth, J.: Group signatures: better efficiency and new theoretical aspects. In: Proceedings of SCN 2004, pp. 120–133. Springer, Berlin (2005)Google Scholar
  12. 12.
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited (preliminary version). In: Proceedings of STOC ’98, pp. 209–218. ACM, New York (1998)Google Scholar
  13. 13.
    Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. In: Proceedings of EUROCRYPT 2004, pp. 207–222. Springer, Berlin (2004)Google Scholar
  14. 14.
    Chaum, D., van Heyst, E.: Group signatures. In: Proceedings of EUROCRYPT ’91, pp. 257–265. Springer, Berlin (1991)Google Scholar
  15. 15.
    Chen, L., Pedersen, T.P.: New group signature schemes (extended abstract). In: Proceedings of EUROCRYPT ’94, pp. 171–181. Springer, Berlin (1994)Google Scholar
  16. 16.
    Damgård, I., Hofheinz, D., Kiltz, E., Thorbek, R.: Public-key encryption with non-interactive opening. In: Proceedings of CT-RSA 2008, pp. 239–255. Springer, Berlin (2008)Google Scholar
  17. 17.
    Delerablée, C., Pointcheval, D.: Dynamic fully anonymous short group signatures. In: Proceedings of VIETCRYPT 2006, pp. 193–210. Springer, Berlin (2006)Google Scholar
  18. 18.
    Dodis, Y., Katz, J.: Chosen-ciphertext security of multiple encryption. In: Proceedings of TCC 2005, pp. 188–209. Springer, Berlin (2005)Google Scholar
  19. 19.
    Emura, K., Hanaoka, G., Sakai, Y.: Group signature implies PKE with non-interactive opening and threshold PKE. In: Proceedings of IWSEC 2010, pp. 181–198. Springer, Berlin (2010)Google Scholar
  20. 20.
    Furukawa, J., Imai, H.: An efficient group signature scheme from bilinear maps. IEICE Trans. 89–A(5), 1328–1338 (2006)CrossRefGoogle Scholar
  21. 21.
    Galindo, D., Libert, B., Fischlin, M., Fuchsbauer, G., Lehmann, A., Manulis, M., Schröder, D.: Public-key encryption with non-interactive opening: New constructions and stronger definitions. In: Proceedings of AFRICACRYPT 2010, pp. 333–350. Springer, Berlin (2010)Google Scholar
  22. 22.
    Galindo, D.: Breaking and repairing Damgård et al. public key encryption scheme with non-interactive opening. In: Proceedings of CT-RSA 2009, pp. 389–398. Springer, Berlin (2009)Google Scholar
  23. 23.
    Goldreich, O.: Foundations of Cryptography: Volume 1, Basic Tools. Cambridge University Press, New York (2001)CrossRefGoogle Scholar
  24. 24.
    Goldreich, O.: Foundations of Cryptography: Volume 2, Basic Applications. Cambridge University Press, New York (2004)CrossRefGoogle Scholar
  25. 25.
    Groth, J.: Fully anonymous group signatures without random oracles. In: Proceedings of ASIACRYPT 2007, pp. 164–180. Springer, Berlin (2007)Google Scholar
  26. 26.
    Groth, J.: Simulation-sound NIZK proofs for a practical language and constant size group signatures. In: Proceedings of ASIACRYPT 2006, pp. 444–459. Springer, Berlin (2006)Google Scholar
  27. 27.
    Isshiki, T., Mori, K., Sako, K., Teranishi, I., Yonezawa, S.: Using group signatures for identity management and its implementation. In: Proceedings of Digital Identity Management 2006, pp. 73–78. ACM, New York (2006)Google Scholar
  28. 28.
    Lai, J., Deng, R.H., Liu, S., Kou, W.: Efficient CCA-secure PKE from identity-based techniques. In: Proceedings of CT-RSA 2010, pp. 132–147. Springer, Berlin (2010)Google Scholar
  29. 29.
    Myers, S., Shelat, A.: Bit encryption is complete. In: Proceedings of FOCS 2009, pp. 607–616. IEEE Computer Society, Los Alamitos (2009)Google Scholar
  30. 30.
    Nakanishi, T., Sugiyama, Y.: An efficient anonymous survey for attribute statistics using a group signature scheme with attribute tracing. IEICE Trans. 86–A(10), 2560–2568 (2003)Google Scholar
  31. 31.
    Ohtake, G., Fujii, A., Hanaoka, G., Ogawa, K.: On the theoretical gap between group signatures with and without unlinkability. In: Proceedings of AFRICACRYPT 2009, pp. 149–166. Springer, Berlin (2009)Google Scholar
  32. 32.
    Phong, L.T., Kurosawa, K., Ogata, W.: Provably secure convertible undeniable signatures with unambiguity. In: Proceedings of SCN 2010, pp. 291–308. Springer, Berlin (2010)Google Scholar
  33. 33.
    Rompel, J.: One-way functions are necessary and sufficient for secure signatures. In: Proceedings of STOC ’90, pp. 387–394. ACM, New York (1990)Google Scholar
  34. 34.
    Sakai, Y., Schuldt, J.C.N., Emura, K., Hanaoka, G., Ohta, K.: On the security of dynamic group signatures: preventing signature hijacking. Cryptology ePrint Archive (2012).
  35. 35.
    Sakai, Y., Schuldt, J.C.N., Emura, K., Hanaoka, G., Ohta, K.: On the security of dynamic group signatures: Preventing signature hijacking. In: Proceedings of PKC 2012, pp. 715–732. Springer, Berlin (2012)Google Scholar
  36. 36.
    Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332 (2004)Google Scholar
  37. 37.
    Zhang, R., Hanaoka, G., Shikata, J., Imai, H.: On the security of multiple encryption or CCA-security+CCA-security=CCA-security? In: Proceedings of PKC 2004, pp. 360–374. Springer, Berlin (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Keita Emura
    • 1
  • Goichiro Hanaoka
    • 2
  • Yusuke Sakai
    • 3
  • Jacob C. N. Schuldt
    • 4
  1. 1.Network Security Research InstituteNational Institute of Information and Communications TechnologyTokyoJapan
  2. 2.Research Institute for Secure SystemsNational Institute of Advanced Industrial Science and TechnologyTokyoJapan
  3. 3.Department of InformaticsThe University of Electro-CommunicationsTokyoJapan
  4. 4.Information Security Group, Royal Holloway University of LondonLondonUK

Personalised recommendations