Advertisement

Shorter Ring Signatures from Standard Assumptions

  • Alonso GonzálezEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11442)

Abstract

Ring signatures, introduced by Rivest, Shamir and Tauman (ASIACRYPT 2001), allow to sign a message on behalf of a set of users while guaranteeing authenticity and anonymity. Groth and Kohlweiss (EUROCRYPT 2015) and Libert et al. (EUROCRYPT 2016) constructed schemes with signatures of size logarithmic in the number of users. An even shorter ring signature, of size independent from the number of users, was recently proposed by Malavolta and Schröder (ASIACRYPT 2017). However, all these short signatures are obtained relying on strong and controversial assumptions. Namely, the former schemes are both proven secure in the random oracle model while the later requires non-falsifiable assumptions.

The most efficient construction under mild assumptions remains the construction of Chandran et al. (ICALP 2007) with a signature of size \(\varTheta (\sqrt{n})\), where n is the number of users, and security is based on the Diffie-Hellman assumption in bilinear groups (the SXDH assumption in asymmetric bilinear groups).

In this work we construct an asymptotically shorter ring signature from the hardness of the Diffie-Hellman assumption in bilinear groups. Each signature comprises \(\varTheta (\root 3 \of {n})\) group elements, signing a message requires computing \(\varTheta (\root 3 \of {n})\) exponentiations, and verifying a signature requires \(\varTheta (n^{2/3})\) pairing operations. To the best of our knowledge, this is the first ring signature based on bilinear groups with \(o(\sqrt{n})\) signatures and sublinear verification complexity.

Notes

Acknowledgments

We thank to the anonymous reviewers for the constructive feedback. It was very useful for simplifying the SXDH-based construction. We also thanks Carla Ràfols and Mojtaba Khalili for their comments on earlier versions of this work. This work was funded in part by the French ANR ALAMBIC project (ANR-16-CE39-0006).

References

  1. 1.
    Belenkiy, M., Camenisch, J., Chase, M., Kohlweiss, M., Lysyanskaya, A., Shacham, H.: Randomizable proofs and delegatable anonymous credentials. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 108–125. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-03356-8_7CrossRefGoogle Scholar
  2. 2.
    Bender, A., Katz, J., Morselli, R.: Ring signatures: stronger definitions, and constructions without random oracles. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 60–79. Springer, Heidelberg (2006).  https://doi.org/10.1007/11681878_4CrossRefGoogle Scholar
  3. 3.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24676-3_4CrossRefGoogle Scholar
  4. 4.
    Bose, P., Das, D., Rangan, C.P.: Constant size ring signature without random oracle. In: Foo, E., Stebila, D. (eds.) ACISP 2015. LNCS, vol. 9144, pp. 230–247. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-19962-7_14CrossRefGoogle Scholar
  5. 5.
    Chandran, N., Groth, J., Sahai, A.: Ring signatures of sub-linear size without random oracles. In: Arge, L., Cachin, C., Jurdziński, T., Tarlecki, A. (eds.) ICALP 2007. LNCS, vol. 4596, pp. 423–434. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-73420-8_38CrossRefGoogle Scholar
  6. 6.
    Chase, M., Lysyanskaya, A.: On signatures of knowledge. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 78–96. Springer, Heidelberg (2006).  https://doi.org/10.1007/11818175_5CrossRefGoogle Scholar
  7. 7.
    Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991).  https://doi.org/10.1007/3-540-46416-6_22CrossRefGoogle Scholar
  8. 8.
    Danezis, G., Fournet, C., Groth, J., Kohlweiss, M.: Square span programs with applications to succinct NIZK arguments. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part I. LNCS, vol. 8873, pp. 532–550. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45611-8_28CrossRefGoogle Scholar
  9. 9.
    Dodis, Y., Kiayias, A., Nicolosi, A., Shoup, V.: Anonymous identification in Ad hoc groups. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 609–626. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24676-3_36CrossRefzbMATHGoogle Scholar
  10. 10.
    Galbraith, S., Paterson, K., Smart, N.: Pairings for cryptographers. Cryptology ePrint Archive, Report 2006/165 (2006). http://eprint.iacr.org/2006/165
  11. 11.
    Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct NIZKs without PCPs. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 626–645. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38348-9_37CrossRefGoogle Scholar
  12. 12.
    Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: Fortnow, L., Vadhan, S.P. (eds.) 43rd ACM STOC, San Jose, CA, USA, 6–8 June 2011, pp. 99–108. ACM Press (2011)Google Scholar
  13. 13.
    Goldwasser, S., Kalai, Y.T.: On the (in)security of the Fiat-Shamir paradigm. In: 44th FOCS, Cambridge, MA, USA, 11–14 October 2003, pp. 102–115. IEEE Computer Society Press (2003)Google Scholar
  14. 14.
    González, A., Hevia, A., Ràfols, C.: QA-NIZK arguments in asymmetric groups: new tools and new constructions. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015, Part I. LNCS, vol. 9452, pp. 605–629. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48797-6_25CrossRefzbMATHGoogle Scholar
  15. 15.
    González, A.: Shorter ring signatures from standard assumptions. Cryptology ePrint Archive, Report 2017/905 (2017). https://eprint.iacr.org/2017/905
  16. 16.
    Gritti, C., Susilo, W., Plantard, T.: Logarithmic size ring signatures without random oracles. IET Inf. Secur. 10(1), 1–7 (2016)CrossRefGoogle Scholar
  17. 17.
    Groth, J.: On the size of pairing-based non-interactive arguments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part II. LNCS, vol. 9666, pp. 305–326. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49896-5_11CrossRefGoogle Scholar
  18. 18.
    Groth, J., Kohlweiss, M.: One-out-of-many proofs: or how to leak a secret and spend a coin. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part II. LNCS, vol. 9057, pp. 253–280. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46803-6_9CrossRefGoogle Scholar
  19. 19.
    Groth, J., Lu, S.: A non-interactive shuffle with pairing based verifiability. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 51–67. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-76900-2_4CrossRefGoogle Scholar
  20. 20.
    Groth, J., Ostrovsky, R., Sahai, A.: Perfect non-interactive zero knowledge for NP. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 339–358. Springer, Heidelberg (2006).  https://doi.org/10.1007/11761679_21CrossRefGoogle Scholar
  21. 21.
    Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78967-3_24CrossRefGoogle Scholar
  22. 22.
    Jutla, C.S., Roy, A.: Improved structure preserving signatures under standard bilinear assumptions. Cryptology ePrint Archive, Report 2017/025 (2017). http://eprint.iacr.org/2017/025
  23. 23.
    Libert, B., Ling, S., Nguyen, K., Wang, H.: Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part II. LNCS, vol. 9666, pp. 1–31. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49896-5_1CrossRefGoogle Scholar
  24. 24.
    Malavolta, G., Schröder, D.: Efficient ring signatures in the standard model. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part II. LNCS, vol. 10625, pp. 128–157. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70697-9_5CrossRefzbMATHGoogle Scholar
  25. 25.
    Morillo, P., Ràfols, C., Villar, J.L.: The kernel matrix Diffie-Hellman assumption. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016, Part I. LNCS, vol. 10031, pp. 729–758. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53887-6_27CrossRefGoogle Scholar
  26. 26.
    Naor, M.: On cryptographic assumptions and challenges. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 96–109. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-45146-4_6CrossRefGoogle Scholar
  27. 27.
    Ràfols, C.: Stretching Groth-Sahai: NIZK proofs of partial satisfiability. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015, Part II. LNCS, vol. 9015, pp. 247–276. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46497-7_10CrossRefzbMATHGoogle Scholar
  28. 28.
    Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-45682-1_32CrossRefGoogle Scholar
  29. 29.
    Rogaway, P., Shrimpton, T.: Cryptographic hash-function basics: definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In: Roy, B.K., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 371–388. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-25937-4_24CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.ENS de Lyon, Laboratoire LIP (U. Lyon, CNRS, ENSL, Inria, UCBL)LyonFrance

Personalised recommendations