A Lattice-Based Group Signature Scheme with Message-Dependent Opening

Conference paper

DOI: 10.1007/978-3-319-39555-5_8

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9696)
Cite this paper as:
Libert B., Mouhartem F., Nguyen K. (2016) A Lattice-Based Group Signature Scheme with Message-Dependent Opening. In: Manulis M., Sadeghi AR., Schneider S. (eds) Applied Cryptography and Network Security. ACNS 2016. Lecture Notes in Computer Science, vol 9696. Springer, Cham


Group signatures are an important anonymity primitive allowing users to sign messages while hiding in a crowd. At the same time, signers remain accountable since an authority is capable of de-anonymizing signatures via a process called opening. In many situations, this authority is granted too much power as it can identify the author of any signature. Sakai et al. proposed a flavor of the primitive, called Group Signature with Message-Dependent Opening (GS-MDO), where opening operations are only possible when a separate authority (called “admitter”) has revealed a trapdoor for the corresponding message. So far, all existing GS-MDO constructions rely on bilinear maps, partially because the message-dependent opening functionality inherently implies identity-based encryption. This paper proposes the first GS-MDO candidate based on lattice assumptions. Our construction combines the group signature of Ling, Nguyen and Wang (PKC’15) with two layers of identity-based encryption. These components are tied together using suitable zero-knowledge argument systems.


Group signatures Anonymity Lattice assumptions 

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Benoît Libert
    • 1
  • Fabrice Mouhartem
    • 1
  • Khoa Nguyen
    • 2
  1. 1.École Normale Supérieure de LyonLyonFrance
  2. 2.Nanyang Technological UniversitySingaporeSingapore

Personalised recommendations