A Practical Group Signature Scheme Based on Rank Metric

  • Quentin AlamélouEmail author
  • Olivier Blazy
  • Stéphane Cauchie
  • Philippe Gaborit
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10064)


In this work, we propose the first rank-based group signature. Our construction enjoys two major advantages compared to concurrent post-quantum schemes since it is both practicably instantiated with public key and signature sizes logarithmic in the number of group members, and dynamic in a relaxation of the reference BSZ model. For such a result, we introduce a new rank-based tool, referred as the Rank Concatenated Stern’s protocol, enabling to link different users to a common syndrome. This protocol, which could be of independent interest, can be seen as a Stern-like protocol with an additional property that permits a verifier to check the weight of each part of a split secret. Along with this work, we also define two rank-based adaptations of Hamming-based problems, referred as the One More Rank Syndrome Decoding and the Decision Rank Syndrome Decoding problems for which we discuss the security. Embedded into Fiat-Shamir paradigm, our authentication protocol leads to a group signature scheme secure in the Random Oracle Model assuming the security of rank-based systems (namely RankSign and LRPC codes) and the newly introduced problems. For a 100 bits security level, we give an example of parameters which lead to a signature size of 550 kB and 5 kB for the public key.


Group signature Post-quantum cryptography Rank metric Zero-knowledge 


  1. 1.
    Chaum, D., Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991). doi: 10.1007/3-540-46416-6_22 Google Scholar
  2. 2.
    Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614–629. Springer, Heidelberg (2003). doi: 10.1007/3-540-39200-9_38 CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Shi, H., Zhang, C.: Foundations of group signatures: the case of dynamic groups. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 136–153. Springer, Heidelberg (2005). doi: 10.1007/978-3-540-30574-3_11 CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-28628-8_3 CrossRefGoogle Scholar
  5. 5.
    Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-28628-8_4 CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Shacham, H.: Group signatures with verifier-local revocation. In: Proceedings of CCS 2004, pp. 168–177. ACM Press (2004)Google Scholar
  7. 7.
    Kiayias, A., Tsiounis, Y., Yung, M.: Traceable signatures. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 571–589. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24676-3_34 CrossRefGoogle Scholar
  8. 8.
    Groth, J.: Fully anonymous group signatures without random oracles. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 164–180. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-76900-2_10 CrossRefGoogle Scholar
  9. 9.
    Libert, B., Yung, M.: Efficient traceable signatures in the standard model. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 187–205. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03298-1_13 CrossRefGoogle Scholar
  10. 10.
    Gordon, S.D., Katz, J., Vaikuntanathan, V.: A group signature scheme from lattice assumptions. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 395–412. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-17373-8_23 CrossRefGoogle Scholar
  11. 11.
    Laguillaumie, F., Langlois, A., Libert, B., Stehlé, D.: Lattice-based group signatures with logarithmic signature size. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 41–61. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-42045-0_3 CrossRefGoogle Scholar
  12. 12.
    Langlois, A., Ling, S., Nguyen, K., Wang, H.: Lattice-based group signature scheme with verifier-local revocation. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 345–361. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-54631-0_20 CrossRefGoogle Scholar
  13. 13.
    Ling, S., Nguyen, K., Wang, H.: Group signatures from lattices: simpler, tighter, shorter, ring-based. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 427–449. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46447-2_19 Google Scholar
  14. 14.
    Nguyen, P.Q., Zhang, J., Zhang, Z.: Simpler efficient group signatures from lattices. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 401–426. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46447-2_18 Google Scholar
  15. 15.
    Libert, B., Mouhartem, F., Nguyen, K.: A lattice-based group signature scheme with message-dependent opening. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 137–155. Springer, Cham (2016). doi: 10.1007/978-3-319-39555-5_8 Google Scholar
  16. 16.
    Libert, B., Ling, S., Nguyen, K., Wang, H.: Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 1–31. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49896-5_1 CrossRefGoogle Scholar
  17. 17.
    Alamélou, Q., Blazy, O., Cauchie, S., Gaborit, P.: A code-based group signature scheme. In: Charpin, J.-P.T.P., Sendrier, N. (eds.) Proceedings of the 9th International Workshop on Coding and Cryptography 2015, WCC2015, France, Paris (2015)Google Scholar
  18. 18.
    Ezerman, M.F., Lee, H.T., Ling, S., Nguyen, K., Wang, H.: A provably secure group signature scheme from code-based assumptions. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 260–285. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48797-6_12 CrossRefGoogle Scholar
  19. 19.
    Gaborit, P., Murat, G., Ruatta, O., Zémor, G.: Low Rank Parity Check codes and their application to cryptography. In: WCC 2013, Bergen, Norway, April 2013Google Scholar
  20. 20.
    Gaborit, P., Ruatta, O., Schrek, J., Zémor, G.: RankSign: an efficient signature algorithm based on the rank metric. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 88–107. Springer, Cham (2014). doi: 10.1007/978-3-319-11659-4_6 Google Scholar
  21. 21.
    Gaborit, P., Zémor, G.: On the hardness of the decoding and the minimum distance problems for rank codes. CoRR, abs/1404.3482 (2014)Google Scholar
  22. 22.
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). doi: 10.1007/3-540-47721-7_12 Google Scholar
  23. 23.
    Loidreau, P.: Properties of codes in rank metric. CoRR, abs/cs/0610057 (2006)Google Scholar
  24. 24.
    Gaborit, P., Ruatta, O., Schrek, J., Zémor, G.: New results for rank-based cryptography. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 1–12. Springer, Cham (2014). doi: 10.1007/978-3-319-06734-6_1 CrossRefGoogle Scholar
  25. 25.
    Gaborit, P., Ruatta, O., Schrek, J.: On the complexity of the rank syndrome decoding problem. IEEE Trans. Inf. Theory 62(2), 1006–1019 (2016)MathSciNetCrossRefGoogle Scholar
  26. 26.
    Berlekamp, E., McEliece, R.J., Van Tilborg, H.C.A.: On the inherent intractability of certain coding problems (corresp.). IEEE Trans. Inf. Theory 24(3), 384–386 (1978)CrossRefzbMATHGoogle Scholar
  27. 27.
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)MathSciNetCrossRefzbMATHGoogle Scholar
  28. 28.
    Stern, J.: A new identification scheme based on syndrome decoding. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 13–21. Springer, Heidelberg (1994). doi: 10.1007/3-540-48329-2_2 Google Scholar
  29. 29.
    Chen, K.: A new identification algorithm. In: Dawson, E., Golić, J. (eds.) CPA 1995. LNCS, vol. 1029, pp. 244–249. Springer, Heidelberg (1996). doi: 10.1007/BFb0032363 CrossRefGoogle Scholar
  30. 30.
    Gaborit, P., Schrek, J., Zémor, G.: Full cryptanalysis of the chen identification protocol. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 35–50. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-25405-5_3 CrossRefGoogle Scholar
  31. 31.
    Fischer, J.-B., Stern, J.: An efficient pseudo-random generator provably as secure as syndrome decoding. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 245–255. Springer, Heidelberg (1996). doi: 10.1007/3-540-68339-9_22 Google Scholar
  32. 32.
    Gaborit, P., Hauteville, A., Tillich, J.-P.: RankSynd a PRNG based on rank metric. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 18–28. Springer, Cham (2016). doi: 10.1007/978-3-319-29360-8_2 CrossRefGoogle Scholar
  33. 33.
    Ernst, M.: Gabidulin: theory of codes with maximum rank distance. Probl. Peredachi Inf. 21(1), 3–16 (1985)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Quentin Alamélou
    • 1
    • 2
    Email author
  • Olivier Blazy
    • 1
  • Stéphane Cauchie
    • 2
  • Philippe Gaborit
    • 1
  1. 1.Université de Limoges, XLIM-DMILimogesFrance
  2. 2.R&D DepartmentWorldlineSeclinFrance

Personalised recommendations