Skip to main content
SpringerLink
Log in
Book cover

International Conference on Cryptology in Malaysia

Mycrypt 2016: Paradigms in Cryptology – Mycrypt 2016. Malicious and Exploratory Cryptology pp 364–388Cite as

Linking-Based Revocation for Group Signatures: A Pragmatic Approach for Efficient Revocation Checks

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10311))

Abstract

Group signature schemes (GSS) represent an important privacy-enhancing technology. However, their practical applicability is restricted due to inefficiencies of existing membership revocation mechanisms that often place a too large computational burden and communication overhead on the involved parties. Moreover, it seems that the general belief (or unwritten law) of avoiding online authorities by all means artificially and unnecessarily restricts the efficiency and practicality of revocation mechanisms in GSSs. While a mindset of preventing online authorities might have been appropriate more than 10 years ago, today the availability of highly reliable cloud computing infrastructures could be used to solve open challenges. More specifically, in order to overcome the inefficiencies of existing revocation mechanisms, we propose an alternative approach denoted as linking-based revocation (LBR) which is based on the concept of controllable linkability. The novelty of LBR is its transparency for signers and verifiers that spares additional computations as well as updates. We therefore introduce dedicated revocation authorities (RAs) that can be contacted for efficient (constant time) revocation checks. In order to protect these RAs and to reduce the trust in involved online authorities, we additionally introduce distributed controllable linkability. Using latter, RAs cooperate with multiple authorities to compute the required linking information, thus reducing the required trust. Besides efficiency, an appealing benefit of LBR is its generic applicability to pairing-based GSSs secure in the BSZ model as well as GSSs with controllable linkability. This includes the XSGS scheme, and the GSSs proposed by Hwang et al., one of which has been standardized in the recent ISO 20008-2 standard.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    A recent study [51] even states that OCSP is the most popular approach for revocation checks in the PKIX setting.

  2. 2.

    An approach similar in spirit to our approach has recently also been discussed in the context of anonymous credential systems (cf. [60]).

  3. 3.

    Note that revocation can also be done based on a user’s signature by means of \(\mathsf {mlk}\) in which case the user’s identity will not be required.

  4. 4.

    Hash tables allow to check whether or not \(\mathfrak {t}\in \mathsf{RL}\) in constant time. For instance, employing cuckoo hashing [50] allows for a worst-case complexity of \(\mathcal {O}(1)\).

  5. 5.

    Again, revocation can also be done based on a user’s signature \(\sigma = (T, \pi )\) by means of \(\mathsf {mlk}\) in which case the user’s identity will not be required.

References

  1. Ateniese, G., Song, D.X., Tsudik, G.: Quasi-efficient revocation of group signatures. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357, pp. 183–197. Springer, Heidelberg (2003). doi:10.1007/3-540-36504-4_14

    Chapter  Google Scholar 

  2. Attrapadung, N., Emura, K., Hanaoka, G., Sakai, Y.: A revocable group signature scheme from identity-based revocation techniques: achieving constant-size revocation list. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 419–437. Springer, Cham (2014). doi:10.1007/978-3-319-07536-5_25

    Google Scholar 

  3. Au, M.H., Tsang, P.P., Susilo, W., Mu, Y.: Dynamic universal accumulators for DDH groups and their application to attribute-based anonymous credential systems. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 295–308. Springer, Heidelberg (2009). doi:10.1007/978-3-642-00862-7_20

    Chapter  Google Scholar 

  4. Baek, J., Zheng, Y.: Identity-based threshold decryption. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 262–276. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24632-9_19

    Chapter  Google Scholar 

  5. Bellare, M., Shi, H., Zhang, C.: Foundations of group signatures: the case of dynamic groups. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 136–153. Springer, Heidelberg (2005). doi:10.1007/978-3-540-30574-3_11

    Chapter  Google Scholar 

  6. Blazy, O., Derler, D., Slamanig, D., Spreitzer, R.: Non-interactive plaintext (in-)equality proofs and group signatures with verifiable controllable linkability. In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 127–143. Springer, Cham (2016). doi:10.1007/978-3-319-29485-8_8

    Chapter  Google Scholar 

  7. Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004). doi:10.1007/978-3-540-28628-8_3

    Chapter  Google Scholar 

  8. Boneh, D., Shacham, H.: Group signatures with verifier-local revocation. In: Computer and Communications Security - CCS, pp. 168–177 (2004)

    Google Scholar 

  9. Bootle, J., Cerulli, A., Chaidos, P., Ghadafi, E., Groth, J.: Foundations of fully dynamic group signatures. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 117–136. Springer, Cham (2016). doi:10.1007/978-3-319-39555-5_7

    Google Scholar 

  10. Bresson, E., Stern, J.: Efficient revocation in group signatures. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 190–206. Springer, Heidelberg (2001). doi:10.1007/3-540-44586-2_15

    Chapter  Google Scholar 

  11. Brickell, E., Li, J.: Enhanced privacy ID from bilinear pairing for hardware authentication and attestation. In: Social Computing - SocialCom/Privacy, Security, Risk and Trust - PASSAT 2010, pp. 768–775 (2010)

    Google Scholar 

  12. Brickell, E., Li, J.: Enhanced privacy ID: a direct anonymous attestation scheme with enhanced revocation capabilities. IEEE Trans. Dependable Secure Comput. 9, 345–360 (2012)

    Article  Google Scholar 

  13. Camenisch, J., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Heidelberg (2002). doi:10.1007/3-540-45708-9_5

    Chapter  Google Scholar 

  14. Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997). doi:10.1007/BFb0052252

    Chapter  Google Scholar 

  15. Canard, S., Coisel, I., de Meulenaer, G., Pereira, O.: Group signatures are suitable for constrained devices. In: Rhee, K.-H., Nyang, D.H. (eds.) ICISC 2010. LNCS, vol. 6829, pp. 133–150. Springer, Heidelberg (2011). doi:10.1007/978-3-642-24209-0_9

    Chapter  Google Scholar 

  16. Canard, S., Desmoulins, N., Devigne, J., Traoré, J.: On the implementation of a pairing-based cryptographic protocol in a constrained device. In: Abdalla, M., Lange, T. (eds.) Pairing 2012. LNCS, vol. 7708, pp. 210–217. Springer, Heidelberg (2013). doi:10.1007/978-3-642-36334-4_14

    Chapter  Google Scholar 

  17. Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991). doi:10.1007/3-540-46416-6_22

    Chapter  Google Scholar 

  18. Chow, S.S.M., Susilo, W., Yuen, T.H.: Escrowed linkability of ring signatures and its applications. In: Nguyen, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 175–192. Springer, Heidelberg (2006). doi:10.1007/11958239_12

    Chapter  Google Scholar 

  19. Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280, RFC Editor, May 2008. http://www.rfc-editor.org/rfc/rfc5280.txt

  20. Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998). doi:10.1007/BFb0055717

    Chapter  Google Scholar 

  21. Delerablée, C., Pointcheval, D.: Dynamic fully anonymous short group signatures. In: Nguyen, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 193–210. Springer, Heidelberg (2006). doi:10.1007/11958239_13

    Chapter  Google Scholar 

  22. Emura, K., Hayashi, T.: A light-weight group signature scheme with time-token dependent linking. In: Güneysu, T., Leander, G., Moradi, A. (eds.) LightSec 2015. LNCS, vol. 9542, pp. 37–57. Springer, Cham (2016). doi:10.1007/978-3-319-29078-2_3

    Chapter  Google Scholar 

  23. Emura, K., Miyaji, A., Omote, K.: An r-hiding revocable group signature scheme: group signatures with the property of hiding the number of revoked users. J. Appl. Math. 2014, 983040:1–983040:14 (2014)

    Article  MATH  Google Scholar 

  24. Fan, C.-I., Hsu, R.-H., Manulis, M.: Group signature with constant revocation costs for signers and verifiers. In: Lin, D., Tsudik, G., Wang, X. (eds.) CANS 2011. LNCS, vol. 7092, pp. 214–233. Springer, Heidelberg (2011). doi:10.1007/978-3-642-25513-7_16

    Chapter  Google Scholar 

  25. Fouque, P.-A., Pointcheval, D.: Threshold cryptosystems secure against chosen-ciphertext attacks. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 351–368. Springer, Heidelberg (2001). doi:10.1007/3-540-45682-1_21

    Chapter  Google Scholar 

  26. Ghadafi, E.: Efficient distributed tag-based encryption and its application to group signatures with efficient distributed traceability. In: Aranha, D.F., Menezes, A. (eds.) LATINCRYPT 2014. LNCS, vol. 8895, pp. 327–347. Springer, Cham (2015). doi:10.1007/978-3-319-16295-9_18

    Google Scholar 

  27. Grewal, G., Azarderakhsh, R., Longa, P., Hu, S., Jao, D.: Efficient implementation of bilinear pairings on ARM processors. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 149–165. Springer, Heidelberg (2013). doi:10.1007/978-3-642-35999-6_11

    Chapter  Google Scholar 

  28. Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008). doi:10.1007/978-3-540-78967-3_24

    Chapter  Google Scholar 

  29. Hwang, J.Y., Chen, L., Cho, H.S., Nyang, D.: Short dynamic group signature scheme supporting controllable linkability. IEEE Trans. Inf. Forensics Secur. 10, 1109–1124 (2015)

    Article  Google Scholar 

  30. Hwang, J.Y., Lee, S., Chung, B.H., Cho, H.S., Nyang, D.: Short group signatures with controllable linkability. In: LightSec, pp. 44–52. IEEE (2011)

    Google Scholar 

  31. Hwang, J.Y., Lee, S., Chung, B., Cho, H.S., Nyang, D.: Group signatures with controllable linkability for dynamic membership. Inf. Sci. 222, 761–778 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  32. International Organization for Standardization (ISO): ISO/IEC 20008–2: Information technology - Security techniques - Anonymous digital signatures - Part 2: Mechanisms using a group public key, November 2013

    Google Scholar 

  33. Isern-Deyà, A.P., Huguet-Rotger, L., Payeras-Capellà, M., Mut-Puigserver, M.: On the practicability of using group signatures on mobile devices: implementation and performance analysis on the android platform. Int. J. Inf. Secur. 14, 335–345 (2015)

    Article  Google Scholar 

  34. Isern-Deyà, A.P., Vives-Guasch, A., Puigserver, M.M., Payeras-Capellà, M., Castellà-Roca, J.: A secure automatic fare collection system for time-based or distance-based services with revocable anonymity for users. Comput. J. 56, 1198–1215 (2013)

    Article  Google Scholar 

  35. Kiayias, A., Tsiounis, Y., Yung, M.: Traceable signatures. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 571–589. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24676-3_34

    Chapter  Google Scholar 

  36. Kiayias, A., Yung, M.: Group signatures with efficient concurrent join. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 198–214. Springer, Heidelberg (2005). doi:10.1007/11426639_12

    Chapter  Google Scholar 

  37. Koga, S., Sakurai, K.: A distributed online certificate status protocol with a single public key. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 389–401. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24632-9_28

    Chapter  Google Scholar 

  38. Kumar, V., Li, H., Park, J.J., Bian, K., Yang, Y.: Group signatures with probabilistic revocation: a computationally-scalable approach for providing privacy-preserving authentication. In: Computer and Communications Security - CCS 2015, pp. 1334–1345 (2015)

    Google Scholar 

  39. Libert, B., Peters, T., Yung, M.: Group signatures with almost-for-free revocation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 571–589. Springer, Heidelberg (2012). doi:10.1007/978-3-642-32009-5_34

    Chapter  Google Scholar 

  40. Libert, B., Peters, T., Yung, M.: Scalable group signatures with revocation. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 609–627. Springer, Heidelberg (2012). doi:10.1007/978-3-642-29011-4_36

    Chapter  Google Scholar 

  41. Manulis, M., Fleischhacker, N., Felix Günther, F.K., Poettering, B.: Group signatures: authentication with privacy. Technical report, BSI - Federal Office for Information Security (2012)

    Google Scholar 

  42. Nakanishi, T., Fujii, H., Hira, Y., Funabiki, N.: Revocable group signature schemes with constant costs for signing and verifying. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 463–480. Springer, Heidelberg (2009). doi:10.1007/978-3-642-00468-1_26

    Chapter  Google Scholar 

  43. Nakanishi, T., Fujiwara, T., Watanabe, H.: A linkable group signature and its application to secret voting. Trans. Inf. Process. Soc. Jpn. 40(7), 3085–3096 (1999)

    MathSciNet  Google Scholar 

  44. Nakanishi, T., Funabiki, N.: Verifier-local revocation group signature schemes with backward unlinkability from bilinear maps. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 533–548. Springer, Heidelberg (2005). doi:10.1007/11593447_29

    Chapter  Google Scholar 

  45. Nakanishi, T., Funabiki, N.: A short verifier-local revocation group signature scheme with backward unlinkability. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 17–32. Springer, Heidelberg (2006). doi:10.1007/11908739_2

    Chapter  Google Scholar 

  46. Nakanishi, T., Kubooka, F., Hamada, N., Funabiki, N.: Group signature schemes with membership revocation for large groups. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 443–454. Springer, Heidelberg (2005). doi:10.1007/11506157_37

    Chapter  Google Scholar 

  47. Nakanishi, T., Sugiyama, Y.: A group signature scheme with efficient membership revocation for reasonable groups. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 336–347. Springer, Heidelberg (2004). doi:10.1007/978-3-540-27800-9_29

    Chapter  Google Scholar 

  48. Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: Symposium on the Theory of Computing - STOC, pp. 427–437 (1990)

    Google Scholar 

  49. Nguyen, L., Safavi-Naini, R.: Efficient and provably secure trapdoor-free group signature schemes from bilinear pairings. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 372–386. Springer, Heidelberg (2004). doi:10.1007/978-3-540-30539-2_26

    Chapter  Google Scholar 

  50. Pagh, R., Rodler, F.F.: Cuckoo hashing. J. Algorithms 51, 122–144 (2004)

    Article  MathSciNet  MATH  Google Scholar 

  51. Ponemon Institute LLC: 2015 PKI Global Trends Study (2015)

    Google Scholar 

  52. Potzmader, K., Winter, J., Hein, D.M., Hanser, C., Teufl, P., Chen, L.: Group signatures on mobile devices: practical experiences. In: Huth, M., Asokan, N., Čapkun, S., Flechais, I., Coles-Kemp, L. (eds.) Trust 2013. LNCS, vol. 7904, pp. 47–64. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38908-5_4

    Chapter  Google Scholar 

  53. Rackoff, C., Simon, D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992). doi:10.1007/3-540-46766-1_35

    Google Scholar 

  54. Santesson, S., Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 internet public key infrastructure online certificate status protocol - OCSP. RFC 6960, Internet Engineering Task Force (IETF), June 2013. https://www.ietf.org/rfc/rfc6960.txt

  55. Shamir, A.: How to share a secret. Commun. ACM 22, 612–613 (1979)

    Article  MathSciNet  MATH  Google Scholar 

  56. Slamanig, D., Spreitzer, R., Unterluggauer, T.: Adding controllable linkability to pairing-based group signatures for free. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds.) ISC 2014. LNCS, vol. 8783, pp. 388–400. Springer, Cham (2014). doi:10.1007/978-3-319-13257-0_23

    Google Scholar 

  57. Tang, Q.: Public key encryption supporting plaintext equality test and user-specified authorization. Secur. Commun. Netw. 5, 1351–1362 (2012)

    Article  Google Scholar 

  58. Teranishi, I., Furukawa, J., Sako, K.: k-times anonymous authentication (extended abstract). In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 308–322. Springer, Heidelberg (2004). doi:10.1007/978-3-540-30539-2_22

    Chapter  Google Scholar 

  59. Unterluggauer, T., Wenger, E.: Efficient pairings and ECC for embedded systems. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 298–315. Springer, Heidelberg (2014). doi:10.1007/978-3-662-44709-3_17

    Google Scholar 

  60. Verheul, E.R.: Practical backward unlinkable revocation in FIDO, German e-ID, Idemix and U-Prove. IACR Cryptology ePrint Archive 2016/217 (2016)

    Google Scholar 

  61. Wei, V.K.: Tracing-by-linking group signatures. In: Zhou, J., Lopez, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 149–163. Springer, Heidelberg (2005). doi:10.1007/11556992_11

    Chapter  Google Scholar 

  62. Zhou, S., Lin, D.: Shorter verifier-local revocation group signatures from bilinear maps. In: Pointcheval, D., Mu, Y., Chen, K. (eds.) CANS 2006. LNCS, vol. 4301, pp. 126–143. Springer, Heidelberg (2006). doi:10.1007/11935070_8

    Chapter  Google Scholar 

Download references

Acknowledgments

The authors would like to thank the anonymous reviewers for their valuable comments and suggestions. Daniel Slamanig has been supported by the H2020 project Prismacloud, grant agreement number 644962. Raphael Spreitzer and Thomas Unterluggauer have been supported by the European Commission through the FP7 program under project number 610436 (project MATTHEW).

Author information

Authors and Affiliations

  1. IAIK, Graz University of Technology, Graz, Austria

    Daniel Slamanig, Raphael Spreitzer & Thomas Unterluggauer

Authors
  1. Daniel Slamanig
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Raphael Spreitzer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thomas Unterluggauer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Raphael Spreitzer .

Editor information

Editors and Affiliations

  1. Multimedia University, MMU, Cyberjaya, Malaysia

    Raphaël C.-W. Phan

  2. Snapchat and Columbia University, New York, New York, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Slamanig, D., Spreitzer, R., Unterluggauer, T. (2017). Linking-Based Revocation for Group Signatures: A Pragmatic Approach for Efficient Revocation Checks. In: Phan, RW., Yung, M. (eds) Paradigms in Cryptology – Mycrypt 2016. Malicious and Exploratory Cryptology. Mycrypt 2016. Lecture Notes in Computer Science(), vol 10311. Springer, Cham. https://doi.org/10.1007/978-3-319-61273-7_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-61273-7_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-61272-0

  • Online ISBN: 978-3-319-61273-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation