Constant-Size Group Signatures from Lattices

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10770)

Abstract

Lattice-based group signature is an active research topic in recent years. Since the pioneering work by Gordon, Katz and Vaikuntanathan (Asiacrypt 2010), ten other schemes have been proposed, providing various improvements in terms of security, efficiency and functionality. However, in all known constructions, one has to fix the number N of group users in the setup stage, and as a consequence, the signature sizes are dependent on N.

In this work, we introduce the first constant-size group signature from lattices, which means that the size of signatures produced by the scheme is independent of N and only depends on the security parameter \(\lambda \). More precisely, in our scheme, the sizes of signatures, public key and users’ secret keys are all of order \(\widetilde{\mathcal {O}}(\lambda )\). The scheme supports dynamic enrollment of users and is proven secure in the random oracle model under the Ring Short Integer Solution (RSIS) and Ring Learning With Errors (RLWE) assumptions. At the heart of our design is a zero-knowledge argument of knowledge of a valid message-signature pair for the Ducas-Micciancio signature scheme (Crypto 2014), that may be of independent interest.

Keywords

Lattice-based cryptography Constant-size group signatures Zero-knowledge proofs Ducas-Micciancio signature 

Notes

Acknowledgements

The authors would like to thank Benoît Libert and the anonymous reviewers of PKC 2018 for helpful comments and discussions. The research is supported by Singapore Ministry of Education under Research Grant MOE2016-T2-2-014(S).

References

  1. 1.
    Ateniese, G., Camenisch, J., Hohenberger, S., de Medeiros, B.: Practical group signatures without random oracles. IACR Cryptology ePrint Archive 2005/385 (2005)Google Scholar
  2. 2.
    Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A practical and provably secure coalition-resistant group signature scheme. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 255–270. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-44598-6_16 CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Fuchsbauer, G.: Policy-based signatures. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 520–537. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-54631-0_30 CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614–629. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-39200-9_38 CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Shi, H., Zhang, C.: Foundations of group signatures: the case of dynamic groups. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 136–153. Springer, Heidelberg (2005).  https://doi.org/10.1007/978-3-540-30574-3_11 CrossRefGoogle Scholar
  6. 6.
    Benhamouda, F., Camenisch, J., Krenn, S., Lyubashevsky, V., Neven, G.: Better zero-knowledge proofs for lattice encryption and their application to group signatures. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 551–572. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45611-8_29 Google Scholar
  7. 7.
    Böhl, F., Hofheinz, D., Jager, T., Koch, J., Striecks, C.: Confined guessing: new signatures from standard assumptions. J. Cryptol. 28(1), 176–208 (2015)MathSciNetCrossRefMATHGoogle Scholar
  8. 8.
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-28628-8_3 CrossRefGoogle Scholar
  9. 9.
    Boneh, D., Shacham, H.: Group signatures with verifier-local revocation. In: ACM CCS 2004, pp. 168–177. ACM (2004)Google Scholar
  10. 10.
    Bootle, J., Cerulli, A., Chaidos, P., Ghadafi, E., Groth, J.: Foundations of fully dynamic group signatures. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 117–136. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-39555-5_7 Google Scholar
  11. 11.
    Boyen, X.: Lattice mixing and vanishing trapdoors: a framework for fully secure short signatures and more. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 499–517. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13013-7_29 CrossRefGoogle Scholar
  12. 12.
    Boyen, X., Waters, B.: Full-domain subgroup hiding and constant-size group signatures. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 1–15. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-71677-8_1 CrossRefGoogle Scholar
  13. 13.
    Brickell, E., Pointcheval, D., Vaudenay, S., Yung, M.: Design validations for discrete logarithm based signature schemes. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 276–292. Springer, Heidelberg (2000).  https://doi.org/10.1007/978-3-540-46588-1_19 CrossRefGoogle Scholar
  14. 14.
    Camenisch, J., Hohenberger, S., Lysyanskaya, A.: Compact E-cash. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 302–321. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_18 CrossRefGoogle Scholar
  15. 15.
    Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44987-6_7 CrossRefGoogle Scholar
  16. 16.
    Camenisch, J., Neven, G., Rückert, M.: Fully anonymous attribute tokens from lattices. In: Visconti, I., De Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 57–75. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32928-9_4 CrossRefGoogle Scholar
  17. 17.
    Cash, D., Hofheinz, D., Kiltz, E., Peikert, C.: Bonsai trees, or how to delegate a lattice basis. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 523–552. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5_27 CrossRefGoogle Scholar
  18. 18.
    Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991).  https://doi.org/10.1007/3-540-46416-6_22 Google Scholar
  19. 19.
    Cheng, S., Nguyen, K., Wang, H.: Policy-based signature scheme from lattices. Des. Codes Crypt. 81(1), 43–74 (2016)MathSciNetCrossRefMATHGoogle Scholar
  20. 20.
    Ducas, L., Micciancio, D.: Improved short lattice signatures in the standard model. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 335–352. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44371-2_19 CrossRefGoogle Scholar
  21. 21.
    Ducas, L., Micciancio, D.: Improved short lattice signatures in the standard model. IACR Cryptology ePrint Archive 2014/495 (2014)Google Scholar
  22. 22.
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987).  https://doi.org/10.1007/3-540-47721-7_12 Google Scholar
  23. 23.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC 2009, pp. 169–178. ACM (2009)Google Scholar
  24. 24.
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC 2008, pp. 197–206. ACM (2008)Google Scholar
  25. 25.
    Gorbunov, S., Vaikuntanathan, V., Wee, H.: Predicate encryption for circuits from LWE. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 503–523. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48000-7_25 CrossRefGoogle Scholar
  26. 26.
    Gordon, S.D., Katz, J., Vaikuntanathan, V.: A group signature scheme from lattice assumptions. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 395–412. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-17373-8_23 CrossRefGoogle Scholar
  27. 27.
    Groth, J.: Evaluating security of voting schemes in the universal composability framework. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 46–60. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24852-1_4 CrossRefGoogle Scholar
  28. 28.
    Groth, J.: Fully anonymous group signatures without random oracles. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 164–180. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-76900-2_10 CrossRefGoogle Scholar
  29. 29.
    Jain, A., Krenn, S., Pietrzak, K., Tentes, A.: Commitments and efficient zero-knowledge proofs from learning parity with noise. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 663–680. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-34961-4_40 CrossRefGoogle Scholar
  30. 30.
    Kawachi, A., Tanaka, K., Xagawa, K.: Concurrently secure identification schemes based on the worst-case hardness of lattice problems. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 372–389. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-89255-7_23 CrossRefGoogle Scholar
  31. 31.
    Kiayias, A., Yung, M.: Secure scalable group signature with dynamic joins and separable authorities. Int. J. Secur. Netw. 1(1), 24–45 (2006)CrossRefGoogle Scholar
  32. 32.
    Laguillaumie, F., Langlois, A., Libert, B., Stehlé, D.: Lattice-based group signatures with logarithmic signature size. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 41–61. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-42045-0_3 CrossRefGoogle Scholar
  33. 33.
    Langlois, A., Ling, S., Nguyen, K., Wang, H.: Lattice-based group signature scheme with verifier-local revocation. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 345–361. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-54631-0_20. http://eprint.iacr.org/2014/033 CrossRefGoogle Scholar
  34. 34.
    Langlois, A., Stehlé, D.: Worst-case to average-case reductions for module lattices. Des. Codes Crypt. 75(3), 565–599 (2015)MathSciNetCrossRefMATHGoogle Scholar
  35. 35.
    Libert, B., Ling, S., Mouhartem, F., Nguyen, K., Wang, H.: Signature schemes with efficient protocols and dynamic group signatures from lattice assumptions. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 373–403. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53890-6_13 CrossRefGoogle Scholar
  36. 36.
    Libert, B., Ling, S., Mouhartem, F., Nguyen, K., Wang, H.: Zero-knowledge arguments for matrix-vector relations and lattice-based group encryption. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 101–131. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53890-6_4 CrossRefGoogle Scholar
  37. 37.
    Libert, B., Ling, S., Nguyen, K., Wang, H.: Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 1–31. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49896-5_1 CrossRefGoogle Scholar
  38. 38.
    Libert, B., Ling, S., Nguyen, K., Wang, H.: Zero-knowledge arguments for lattice-based PRFs and applications to E-cash. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10626, pp. 304–335. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70700-6_11 CrossRefGoogle Scholar
  39. 39.
    Libert, B., Mouhartem, F., Nguyen, K.: A lattice-based group signature scheme with message-dependent opening. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 137–155. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-39555-5_8 Google Scholar
  40. 40.
    Libert, B., Peters, T., Yung, M.: Short group signatures via structure-preserving signatures: standard model security from simple assumptions. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 296–316. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48000-7_15 CrossRefGoogle Scholar
  41. 41.
    Ling, S., Nguyen, K., Stehlé, D., Wang, H.: Improved zero-knowledge proofs of knowledge for the ISIS problem, and applications. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 107–124. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-36362-7_8 CrossRefGoogle Scholar
  42. 42.
    Ling, S., Nguyen, K., Wang, H.: Group signatures from lattices: simpler, tighter, shorter, ring-based. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 427–449. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46447-2_19 Google Scholar
  43. 43.
    Ling, S., Nguyen, K., Wang, H., Xu, Y.: Lattice-based group signatures: achieving full dynamicity with ease. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 293–312. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-61204-1_15 CrossRefGoogle Scholar
  44. 44.
    Lyubashevsky, V., Micciancio, D.: Generalized compact knapsacks are collision resistant. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 144–155. Springer, Heidelberg (2006).  https://doi.org/10.1007/11787006_13 CrossRefGoogle Scholar
  45. 45.
    Lyubashevsky, V., Micciancio, D., Peikert, C., Rosen, A.: SWIFFT: a modest proposal for FFT hashing. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 54–72. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-71039-4_4 CrossRefGoogle Scholar
  46. 46.
    Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5_1 CrossRefGoogle Scholar
  47. 47.
    Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. J. ACM 60(6), 43:1–43:35 (2013)MathSciNetCrossRefMATHGoogle Scholar
  48. 48.
    Lyubashevsky, V., Peikert, C., Regev, O.: A toolkit for ring-LWE cryptography. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 35–54. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38348-9_3 CrossRefGoogle Scholar
  49. 49.
    Micciancio, D.: Generalized compact knapsacks, cyclic lattices, and efficient one-way functions. Comput. Complex 16(4), 365–411 (2007)MathSciNetCrossRefMATHGoogle Scholar
  50. 50.
    Micciancio, D., Peikert, C.: Trapdoors for lattices: simpler, tighter, faster, smaller. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 700–718. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_41 CrossRefGoogle Scholar
  51. 51.
    Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: ACM 1990, pp. 427–437. ACM (1990)Google Scholar
  52. 52.
    Nguyen, P.Q., Zhang, J., Zhang, Z.: Simpler efficient group signatures from lattices. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 401–426. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46447-2_18 Google Scholar
  53. 53.
    Peikert, C., Regev, O., Stephens-Davidowitz, N.: Pseudorandomness of ring-LWE for any ring and modulus. In: STOC 2017, pp. 461–473. ACM (2017)Google Scholar
  54. 54.
    Peikert, C., Rosen, A.: Efficient collision-resistant hashing from worst-case assumptions on cyclic lattices. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 145–166. Springer, Heidelberg (2006).  https://doi.org/10.1007/11681878_8 CrossRefGoogle Scholar
  55. 55.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: ACM 2005, pp. 84–93. ACM (2005)Google Scholar
  56. 56.
    Sakai, Y., Emura, K., Hanaoka, G., Kawai, Y., Matsuda, T., Omote, K.: Group signatures with message-dependent opening. In: Abdalla, M., Lange, T. (eds.) Pairing 2012. LNCS, vol. 7708, pp. 270–294. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-36334-4_18 CrossRefGoogle Scholar
  57. 57.
    Stern, J.: A new paradigm for public key identification. IEEE Trans. Inf. Theory 42(6), 1757–1768 (1996)MathSciNetCrossRefMATHGoogle Scholar
  58. 58.
    Xagawa, K.: Improved (hierarchical) inner-product encryption from lattices. IACR Cryptology ePrint Archive 2015/249 (2015)Google Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  • San Ling
    • 1
  • Khoa Nguyen
    • 1
  • Huaxiong Wang
    • 1
  • Yanhong Xu
    • 1
  1. 1.Division of Mathematical Sciences, School of Physical and Mathematical SciencesNanyang Technological UniversitySingaporeSingapore

Personalised recommendations