A Light-Weight Group Signature Scheme with Time-Token Dependent Linking

  • Keita Emura
  • Takuya Hayashi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9542)


Group signature is a central topic of cryptography with anonymity, and its several applications have been considered so far, e.g., privacy-preserving vehicle communications. Since anonymity (a.k.a. unlinkability) is quite strong in certain situations and it requires heavy cryptographic costs, group signatures with relaxed anonymity also have been proposed. For example, group signatures with controllable linkability was proposed by Hwang et al., (LightSec 2011) where an authority called Linker can anonymously check whether two group signatures are made by the same signer or not by using a linking key. However, the linking algorithm requires a heavy computation, i.e., bilinear pairings. In this paper, we propose the notion group signatures with time-token dependent Linking (GS-TDL), where a signer is unlinkable unless it generates multiple signatures at the same time period. It is particularly worth noting that our linking algorithm does not require cryptographic computations (i.e., comparisons to determine two elements are the same). Moreover, the signature size is 25 % shorter than that of the Hwang et al. scheme, and is 34 % shorter than that of the Boneh-Boeyn-Shacham short group signature scheme. Our GS-TDL scheme supports verifier-local revocation (VLR), which maintains constant signing and verification costs by using the linkable part of signatures. These appear to be related to independent interests. Finally, we provide our experimental results (using the TEPLA library on a cheap and constrained computational power device, Raspberry Pi).


Group Signature Hash Table Random Oracle Model Cryptographic Operation Digital Signature Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



We would like to thank anonymous reviewers of LightSec 2015 and Dr. Ryo Nojima for their helpful comments and suggestions.


  1. 1.
    TEPLA: University of Tsukuba Elliptic Curve and Pairing Library.
  2. 2.
    Abe, M., Chow, S.S.M., Haralambiev, K., Ohkubo, M.: Double-trapdoor anonymous tags for traceable signatures. Int. J. Inf. Sec. 12(1), 19–31 (2013)CrossRefGoogle Scholar
  3. 3.
    Abe, M., Fuchsbauer, G., Groth, J., Haralambiev, K., Ohkubo, M.: Structure-preserving signatures and commitments to group elements. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 209–236. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  4. 4.
    Attrapadung, N., Emura, K., Hanaoka, G., Sakai, Y.: A revocable group signature scheme from identity-based revocation techniques: achieving constant-size revocation list. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 419–437. Springer, Heidelberg (2014)Google Scholar
  5. 5.
    Attrapadung, N., Emura, K., Hanaoka, G., Sakai, Y.: Revocable group signature with constant-size revocation list. Comput. J. 58(10), 2698–2715 (2015). This is the full version of [4]CrossRefzbMATHGoogle Scholar
  6. 6.
    Baldimtsi, F., Lysyanskaya, A.: Anonymous credentials light. In: ACM CCS, pp. 1087–1098 (2013)Google Scholar
  7. 7.
    Barbulescu, R., Gaudry, P., Joux, A., Thomé, E.: A heuristic quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441. Springer, Heidelberg (2014)Google Scholar
  8. 8.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-friendly elliptic curves of prime order. In: Selected Areas in Cryptography, pp. 319–331 (2005)Google Scholar
  9. 9.
    Belenkiy, M., Chase, M., Kohlweiss, M., Lysyanskaya, A.: Compact E-cash and simulatable VRFs revisited. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 114–131. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: EUROCRYPT, pp. 614–629 (2003)Google Scholar
  11. 11.
    Bellare, M., Shi, H., Zhang, C.: Foundations of group signatures: the case of dynamic groups. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 136–153. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Bichsel, P., Camenisch, J., Neven, G., Smart, N.P., Warinschi, B.: Get shorty via group signatures without encryption. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 381–398. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. 13.
    Boneh, D., Boyen, X.: Short signatures without random oracles and the SDH assumption in bilinear groups. J. Cryptology 21(2), 149–177 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  15. 15.
    Boneh, D., Shacham, H.: Group signatures with verifier-local revocation. In: ACM CCS, pp. 168–177 (2004)Google Scholar
  16. 16.
    Camenisch, J., Hohenberger, S., Kohlweiss, M., Lysyanskaya, A., Meyerovich, M.: How to win the clone wars: efficient periodic n-times anonymous authentication. In: ACM CCS, pp. 201–210 (2006)Google Scholar
  17. 17.
    Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  18. 18.
    Delerablée, C., Pointcheval, D.: Dynamic fully anonymous short group signatures. In: Nguyên, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 193–210. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Emura, K., Hanaoka, G., Sakai, Y., Schuldt, J.C.N.: Group signature implies public-key encryption with non-interactive opening. Int. J. Inf. Sec. 13(1), 51–62 (2014)CrossRefGoogle Scholar
  20. 20.
    Emura, K., Kanaoka, A., Ohta, S., Takahashi, T.: Building secure and anonymous communication channel: formal model and its prototype implementation. In: ACM Symposium on Applied, Computing, pp. 1641–1648 (2014)Google Scholar
  21. 21.
    Hohenberger, S., Ferrara, A.L., Green, M., Pedersen, M.Ø.: Practical short signature batch verification. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 309–324. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  22. 22.
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  23. 23.
    Franklin, M., Zhang, H.: Unique group signatures. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 643–660. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  24. 24.
    Furukawa, J., Imai, H.: An efficient group signature scheme from bilinear maps. IEICE Trans. 89–A(5), 1328–1338 (2006)CrossRefGoogle Scholar
  25. 25.
    Granger, R., Kleinjung, T., Zumbrägel, J.: Breaking ‘128-bit secure’ supersingular binary curves. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 126–145. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  26. 26.
    Groth, J.: Fully anonymous group signatures without random oracles. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 164–180. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  27. 27.
    Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  28. 28.
    Hwang, J.Y., Chen, L., Cho, H.S., Nyang, D.: Short dynamic group signature scheme supporting controllable linkability. IEEE Trans. Inf. Forensics Secur. 10(6), 1109–1124 (2015)CrossRefGoogle Scholar
  29. 29.
    Hwang, J.Y., Lee, S. Chung,, B.-H., Cho, H.S., Nyang, D.: Short group signatures with controllable linkability. In: LightSec, pp. 44–52 (2011)Google Scholar
  30. 30.
    Hwang, J.Y., Lee, S., Chung, B.-H., Cho, H.S., Nyang, D.: Group signatures with controllable linkability for dynamic membership. Inf. Sci. 222, 761–778 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  31. 31.
    Isern-Deyà, A.P., Rotger, L.H., Payeras-Capellà, M., Puigserver, M.M.: On the practicability of using group signatures on mobile devices,: implementation and performance analysis on the android platform. Int. J. Inf. Sec. 14(4), 335–345 (2015)CrossRefGoogle Scholar
  32. 32.
    Kiayias, A., Tsiounis, Y., Yung, M.: Traceable signatures. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 571–589. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  33. 33.
    Kiayias, A., Yung, M.: Secure scalable group signature with dynamic joins and separable authorities. IJSN 1(1/2), 24–45 (2006)CrossRefGoogle Scholar
  34. 34.
    Langlois, A., Ling, S., Nguyen, K., Wang, H.: Lattice-based group signature scheme with verifier-local revocation. In: Public Key Cryptography, pp. 345–361 (2014)Google Scholar
  35. 35.
    Libert, B., Peters, T., Yung, M.: Group signatures with almost-for-free revocation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 571–589. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  36. 36.
    Libert, B., Peters, T., Yung, M.: Scalable group signatures with revocation. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 609–627. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  37. 37.
    Libert, B., Peters, T., Yung, M.: Short group signatures via structure-preserving signatures: standard model security from simple assumptions. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 296–316. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  38. 38.
    Libert, B., Vergnaud, D.: Group signatures with verifier-local revocation and backward unlinkability in the standard model. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 498–517. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  39. 39.
    Malina, L., Vives-Guasch, A., Castellà-Roca, J., Viejo, A., Hajny, J.: Efficient group signatures for privacy-preserving vehicular networks. Telecommun. Syst. 58(4), 293–311 (2015)CrossRefGoogle Scholar
  40. 40.
    Mamun, M.S.I., Miyaji, A.: Secure VANET applications with a refined group signature. In: PST, pp. 199–206 (2014)Google Scholar
  41. 41.
    Nakanishi, T., Fujiwara, T., Watanabe, H.: A linkable group signature and its application to secret voting. JIP 40(7), 3085–3096 (1999)MathSciNetGoogle Scholar
  42. 42.
    Nakanishi, T., Funabiki, N.: Verifier-local revocation group signature schemes with backward unlinkability from bilinear maps. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 533–548. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  43. 43.
    Nakanishi, T., Funabiki, N.: A short verifier-local revocation group signature scheme with backward unlinkability. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 17–32. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  44. 44.
    Ohtake, G., Fujii, A., Hanaoka, G., Ogawa, K.: On the theoretical gap between group signatures with and without unlinkability. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 149–166. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  45. 45.
    Sakai, Y., Schuldt, J.C.N., Emura, K., Hanaoka, G., Ohta, K.: On the security of dynamic group signatures: preventing signature hijacking. In: Public Key Cryptography, pp. 715–732 (2012)Google Scholar
  46. 46.
    Sánchez, A.H., Rodríguez-Henríquez, F.: NEON implementation of an attribute-based encryption scheme. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 322–338. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  47. 47.
    Unterluggauer, T., Slamanig, D., Spreitzer, R.: Adding controllable linkability to pairing-based group signatures for free. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds.) ISC 2014. LNCS, vol. 8783, pp. 388–400. Springer, Heidelberg (2014)Google Scholar
  48. 48.
    Wu, Q., Domingo-Ferrer, J., González-Nicolás, Ú.: Balanced trustworthiness, safety, and privacy in vehicle-to-vehicle communications. IEEE T. Veh. Technol. 59(2), 559–573 (2010)CrossRefGoogle Scholar
  49. 49.
    Yang, L., Tang, S., Yang, G.: A novel group signature scheme based on MPKC. In: Bao, F., Weng, J. (eds.) ISPEC 2011. LNCS, vol. 6672, pp. 181–195. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  50. 50.
    Zavattoni, E., Perez, L.J.D., Mitsunari, S., Sánchez-Ramírez, A.H., Teruya, T., Rodríguez-Henríquez, F.: Software implementation of an attribute-based encryption scheme. IEEE Trans. Comput. 64(5), 1429–1441 (2015)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Security Fundamentals Laboratory, Network Security Research InstituteNational Institute of Information and Communications Technology (NICT)TokyoJapan

Personalised recommendations