Group Signature with Constant Revocation Costs for Signers and Verifiers
Membership revocation, being an important property for applications of group signatures, represents a bottleneck in today’s schemes. Most revocation methods require linear amount of work to be performed by unrevoked signers or verifiers, who usually have to obtain fresh update information (sometimes of linear size) published by the group manager. We overcome these disadvantages by proposing a novel group signature scheme, where computation costs for unrevoked signers and potential verifiers remain constant, and so is the length of the update information that must be fetched by these parties from the data published by the group manager. We achieve this complexity by increasing the amount of work at the group manager’s side, which growths quadratic with the total number of members. This increase is acceptable since algorithms of the group manager are typically executed on resourceful devices. Our scheme uses a slightly modified version of the pairing-based dynamic accumulator, introduced by Camenisch, Kohlweiss, and Soriente (PKC 2009), which we implicitly combine with the short (non-revocable) group signature scheme by Boneh, Boyen, and Shacham (CRYPTO 2004). We prove that our revocable scheme satisfies the desired security properties of anonymity, traceability, and non-frameability in the random oracle model, although for better efficiency we resort to a somewhat stronger hardness assumption.
Unable to display preview. Download preview PDF.
- 12.Boneh, D., Shacham, H.: Group Signatures with Verifier-Local Revocation. In: Proceedings of 11th ACM Conference on Computer and Communication Security: ACM-CCS 2004, pp. 168–177 (2004)Google Scholar
- 18.Jin, H., Wong, D.S., Xu, Y.: Efficient Group Signature with Forward Secure Revocation. In: Ślęzak, D., Kim, T.-h., Fang, W.-C., Arnett, K.P. (eds.) SecTech 2009. CCIS, vol. 58, pp. 124–131. Springer, Heidelberg (2009); Proceedings of ANTS IV. LNCS 1838, pp.385–394. Springer (2000)CrossRefGoogle Scholar
- 31.Zhou, S., Lin, D.: A Shorter Group Signature with Verifier-Local Revocation and Backward Unlinkability, Cryptology ePrint Archive: Report 2006/100 (2006), http://eprint.iacr.org/2006/100