Advertisement

Group Signatures with Selective Linkability

  • Lydia GarmsEmail author
  • Anja Lehmann
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11442)

Abstract

Group signatures allow members of a group to anonymously produce signatures on behalf of the group. They are an important building block for privacy-enhancing applications, e.g., enabling user data to be collected in authenticated form while preserving the user’s privacy. The linkability between the signatures thereby plays a crucial role for balancing utility and privacy: knowing the correlation of events significantly increases the utility of the data but also severely harms the user’s privacy. Therefore group signatures are unlinkable per default, but either support linking or identity escrow through a dedicated central party or offer user-controlled linkability. However, both approaches have significant limitations. The former relies on a fully trusted entity and reveals too much information, and the latter requires exact knowledge of the needed linkability at the moment when the signatures are created. However, often the exact purpose of the data might not be clear at the point of data collection. In fact, data collectors tend to gather large amounts of data at first, but will need linkability only for selected, small subsets of the data. We introduce a new type of group signature that provides a more flexible and privacy-friendly access to such selective linkability. When created, all signatures are fully unlinkable. Only when strictly needed or desired, should the required pieces be made linkable with the help of a central entity. For privacy, this linkability is established in an oblivious and non-transitive manner. We formally define the requirements for this new type of group signatures and provide an efficient instantiation that provably satisfies these requirements under discrete-logarithm based assumptions.

Notes

Acknowledgments

The first author is supported by the UK Government as part of the CDT in Cyber Security program at Royal Holloway University of London (EP/K035584/1). The second author was supported by the European Union’s Horizon 2020 research and innovation program under Grant Agreement Number 768953 (ICT4CART).

References

  1. 1.
    EU general data protection regulation. https://gdpr-info.eu
  2. 2.
    Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A practical and provably secure coalition-resistant group signature scheme. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 255–270. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-44598-6_16CrossRefGoogle Scholar
  3. 3.
    Au, M.H., Susilo, W., Mu, Y.: Constant-size dynamic k-TAA. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 111–125. Springer, Heidelberg (2006).  https://doi.org/10.1007/11832072_8CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614–629. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-39200-9_38CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Shi, H., Zhang, C.: Foundations of group signatures: the case of dynamic groups. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 136–153. Springer, Heidelberg (2005).  https://doi.org/10.1007/978-3-540-30574-3_11CrossRefGoogle Scholar
  6. 6.
    Bernhard, D., Fuchsbauer, G., Ghadafi, E., Smart, N.P., Warinschi, B.: Anonymous attestation with user-controlled linkability. Int. J. Inf. Secur. 12(3), 219–249 (2013)CrossRefGoogle Scholar
  7. 7.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin and Camenisch [13], pp. 56–73Google Scholar
  8. 8.
    Boneh, D., Boyen, X.: Short signatures without random oracles and the SDH assumption in bilinear groups. J. Cryptol. 21(2), 149–177 (2008)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-28628-8_3CrossRefGoogle Scholar
  10. 10.
    Bootle, J., Cerulli, A., Chaidos, P., Ghadafi, E., Groth, J.: Foundations of fully dynamic group signatures. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 117–136. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-39555-5_7CrossRefGoogle Scholar
  11. 11.
    Brickell, E.F., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Atluri, V., Pfitzmann, B., McDaniel, P. (eds.) ACM CCS 2004, pp. 132–145. ACM Press, October 2004Google Scholar
  12. 12.
    Brickell, E., Li, J.: A pairing-based DAA scheme further reducing TPM resources. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) Trust 2010. LNCS, vol. 6101, pp. 181–195. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13869-0_12CrossRefGoogle Scholar
  13. 13.
    Cachin, C., Camenisch, J.L. (eds.): EUROCRYPT 2004. LNCS, vol. 3027. Springer, Heidelberg (2004).  https://doi.org/10.1007/b97182CrossRefzbMATHGoogle Scholar
  14. 14.
    Camenisch, J., Drijvers, M., Lehmann, A.: Anonymous attestation using the strong Diffie Hellman assumption revisited. In: Franz, M., Papadimitratos, P. (eds.) Trust 2016. LNCS, vol. 9824, pp. 1–20. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-45572-3_1CrossRefGoogle Scholar
  15. 15.
    Camenisch, J., Drijvers, M., Lehmann, A.: Universally composable direct anonymous attestation. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9615, pp. 234–264. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49387-8_10CrossRefGoogle Scholar
  16. 16.
    Camenisch, J., Kiayias, A., Yung, M.: On the portability of generalized schnorr proofs. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 425–442. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-01001-9_25CrossRefGoogle Scholar
  17. 17.
    Camenisch, J., Lehmann, A.: (Un)linkable pseudonyms for governmental databases. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015, pp. 1467–1479. ACM Press, October 2015Google Scholar
  18. 18.
    Camenisch, J., Lehmann, A.: Privacy-preserving user-auditable pseudonym systems. In: 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 269–284. IEEE (2017)Google Scholar
  19. 19.
    Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44987-6_7CrossRefGoogle Scholar
  20. 20.
    Camenisch, J., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126–144. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-45146-4_8CrossRefGoogle Scholar
  21. 21.
    Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups (extended abstract). In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997).  https://doi.org/10.1007/BFb0052252CrossRefGoogle Scholar
  22. 22.
    Chaum, D.: Some weaknesses of “weaknesses of undeniable signatures” (rump session). In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 554–556. Springer, Heidelberg (1991).  https://doi.org/10.1007/3-540-46416-6_54CrossRefGoogle Scholar
  23. 23.
    ElGamal, T.: On computing logarithms over finite fields. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 396–402. Springer, Heidelberg (1986).  https://doi.org/10.1007/3-540-39799-X_28CrossRefGoogle Scholar
  24. 24.
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987).  https://doi.org/10.1007/3-540-47721-7_12CrossRefGoogle Scholar
  25. 25.
    Galbraith, S.D., Paterson, K.G., Smart, N.P.: Pairings for cryptographers. Discrete Appl. Math. 156(16), 3113–3121 (2008)MathSciNetCrossRefGoogle Scholar
  26. 26.
    Galindo, D., Verheul, E.R.: Microdata sharing via pseudonymization. Joint UNECE/Eurostat work session on statistical data confidentiality (2007)Google Scholar
  27. 27.
    Garms, L., Lehmann, A.: Group signatures with selective linkability (2019). https://eprint.iacr.org/2019/027
  28. 28.
    Groth, J.: Fully anonymous group signatures without random oracles. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 164–180. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-76900-2_10CrossRefGoogle Scholar
  29. 29.
    Hwang, J.Y., Lee, S., Chung, B.H., Cho, H.S., Nyang, D.: Short group signatures with controllable linkability. In: 2011 Workshop on Lightweight Security & Privacy: Devices, Protocols and Applications (LightSec), pp. 44–52. IEEE (2011)Google Scholar
  30. 30.
    Hwang, J.Y., Lee, S., Chung, B.H., Cho, H.S., Nyang, D.: Group signatures with controllable linkability for dynamic membership. Inf. Sci. 222, 761–778 (2013)MathSciNetCrossRefGoogle Scholar
  31. 31.
    Kiayias, A., Tsiounis, Y., Yung, M.: Traceable signatures. In: Cachin and Camenisch [13], pp. 571–589Google Scholar
  32. 32.
    Kiayias, A., Yung, M.: Group signatures with efficient concurrent join. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 198–214. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_12CrossRefGoogle Scholar
  33. 33.
    Libert, B., Ling, S., Nguyen, K., Wang, H.: Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 1–31. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49896-5_1CrossRefGoogle Scholar
  34. 34.
    Libert, B., Peters, T., Yung, M.: Scalable group signatures with revocation. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 609–627. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_36CrossRefGoogle Scholar
  35. 35.
    Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym systems. In: Heys, H., Adams, C. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184–199. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-46513-8_14CrossRefGoogle Scholar
  36. 36.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48910-X_16CrossRefGoogle Scholar
  37. 37.
    Slamanig, D., Spreitzer, R., Unterluggauer, T.: Adding controllable linkability to pairing-based group signatures for free. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds.) ISC 2014. LNCS, vol. 8783, pp. 388–400. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-13257-0_23CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.Royal Holloway, University of LondonEghamUK
  2. 2.IBM Research - ZurichRüschlikonSwitzerland

Personalised recommendations