适合大群组的格基动态群签名方案
|
摘要
动态群签名方案的设计难点在于给出有效的群成员撤销机制。该文构造了一种新的撤销机制,撤销时不需要更新群管理员和群成员的任何信息,仅需群管理员或群成员本人与撤销图灵机通信,图灵机确定其身份后将撤销token添加到撤销列表即完成了撤销操作,因此更适用于群成员数量基数较大的群体。利用此撤销机制,提出了一种基于错误学习(LWE)假设和小整数解(SIS)假设的动态群签名方案,支持在任意时刻加入和撤销用户。对比已有方案,该方案的群公钥尺寸固定且更小,用户加入时下载量小,方案效率更高。
The challenge of designing a dynamic group signature scheme is to construct an efficient group member revocation mechanism. We design a new revocation mechanism. For the group manager and group member, all need to do is to communicate with the revocation Turing. When the Turing determines their identities, the revocation token is added into the revocation list to complete the revocation operation. So it is more suitable for groups with more members. Using this mechanism, we propose a new dynamic group signature scheme based on learning with errors(LWE) problem and the small integer solution(SIS) assumption, in which any user can join and leave the group at any time. Compared with existing schemes, group public key is fixed in length and shorter. When a user joins into the group, he needs less downloads. So, we can provide a higher efficiency in practical applications.
The challenge of designing a dynamic group signature scheme is to construct an efficient group member revocation mechanism. We design a new revocation mechanism. For the group manager and group member, all need to do is to communicate with the revocation Turing. When the Turing determines their identities, the revocation token is added into the revocation list to complete the revocation operation. So it is more suitable for groups with more members. Using this mechanism, we propose a new dynamic group signature scheme based on learning with errors(LWE) problem and the small integer solution(SIS) assumption, in which any user can join and leave the group at any time. Compared with existing schemes, group public key is fixed in length and shorter. When a user joins into the group, he needs less downloads. So, we can provide a higher efficiency in practical applications.
引文
[1]CHAUM D,HEYST E V.Group signatures[C]//Theory and Application of Cryptographic Techniques.Brighton:Springer,1991,547:257-265.
[2]BRESSON E,STERN J.Efficient revocation in group signatures[C]//International Workshop on Practice and Theory in Public Key Cryptography:Public Key Cryptography.Cheju Island:Springer,2001:190-206.
[3]GORDON S D,KATZ J,VAIKUNTANATHAN V.A group signature scheme from lattice assumptions[C]//International Conference on the Theory and Application of Cryptology and Information Security.Singapore:Springer,2010,2011:395-412.
[4]LAGUILLAUMIE F,LANGLOIS A,LIBERT B,et al.Lattice-based group signatures with logarithmic signature size[C]//International Conference on the Theory and Application of Cryptology and Information Security.Gordon:Springer,2013,8270:41-61.
[5]BONEH D,SHACHAM H.Group signatures with verifier-local revocation[C]//ACM Conference on Computer and Communications Security.Washington:ACM,2004,8383:168-177.
[6]LANGLOIS A,LING S,NGUYEN K,et al.Lattice-based group signature scheme with verifier-local revocation[C]//Advances in Public-Key Cryptography-PKC 2014.Berlin Heidelberg:Springer,2014,8383:345-361.
[7]LIBERT B,LING S,MOUHARTEM F,et al.Signature schemes with efficient protocols and dynamic group signatures from lattice assumptions[C]//Advances in Cryptology-ASIACRYPT 2016.Berlin Heidelberg:Springer,2016,10032:373-403.
[8]GENTRY C,PEIKERT C,VAIKUNTANATHAN V.Trapdoors for hard lattices and new cryptographic constructions[C]//Proceedings of the fortieth annual ACMSymposium on Theory of Computing.Victoria:ACM,2008:197-206.
[9]LING S,NGUYEN K,WANG H,et al.Lattice-based group signatures:achieving full dynamicity with ease[C]//Applied Cryptography and Network Security.Kanazawa:Springer,2017,10355:293-312.
[10]BOOTLE J,CERULLI A,CHAIDOS P,et al.Foundations of fully dynamic group signatures[C]//Applied Cryptography and Network Security.Guildford:Springer,2016:117-136.
[11]BRICKELL E,POINTCHEVAL D,VAUDENAY S,et al.Classical hardness of learning with errors[C]//ACMSymposium on Theory of Computing.Palo Alto:ACM,2013:575-584.
[12]REGEV O.On lattices,learning with errors,random linear codes,and cryptography[C]//ACM Symposium on Theory of Computing.Baltimore:ACM,2005:84-93.
[13]MICCIANCIO D,PEIKERT C.Trapdoors for lattices:Simpler,tighter,faster,smaller[C]//Theory and Application of Cryptographic Techniques.Cambridge:Springer,2012,7237:700-718.
[14]CASH D,HOFHEINZ D,KILTZ E,et al.Bonsai trees,or how to delegate a lattice basis[J].Journal of Cryptology,2012,25(4):601-639.
[15]AGRAWAL S,DAN B,BOYEN X.Efficient lattice(H)IBE in the standard model[C]//Advances in Cryptology-EUROCRYPT 2010.Riviera:Springer,2010,6110:553-572.
[16]LING S,NGUYEN K,STEHLE D,et al.Improved zero-knowledge proofs of knowledge for the ISIS problem,and applications[C]//Public-Key Cryptography-PKC2013.Berlin Heidelberg:Springer,2013,7778:107-124.
[17]KAWACHI A,TANAKA K,XAGAWA K.Concurrently secure identification schemes based on the worst-case hardness of lattice problems[C]//International Conference on the Theory and Application of Cryptology and Information Security:Advances in Cryptology.Melbourne:Springer,2008,5350:372-389.
[18]KIAYIAS A,YUNG M.Secure scalable group signature with dynamic joins and separable authorities[J].International Journal of Security and Networks,2006,1(1/2):24-45.
[2]BRESSON E,STERN J.Efficient revocation in group signatures[C]//International Workshop on Practice and Theory in Public Key Cryptography:Public Key Cryptography.Cheju Island:Springer,2001:190-206.
[3]GORDON S D,KATZ J,VAIKUNTANATHAN V.A group signature scheme from lattice assumptions[C]//International Conference on the Theory and Application of Cryptology and Information Security.Singapore:Springer,2010,2011:395-412.
[4]LAGUILLAUMIE F,LANGLOIS A,LIBERT B,et al.Lattice-based group signatures with logarithmic signature size[C]//International Conference on the Theory and Application of Cryptology and Information Security.Gordon:Springer,2013,8270:41-61.
[5]BONEH D,SHACHAM H.Group signatures with verifier-local revocation[C]//ACM Conference on Computer and Communications Security.Washington:ACM,2004,8383:168-177.
[6]LANGLOIS A,LING S,NGUYEN K,et al.Lattice-based group signature scheme with verifier-local revocation[C]//Advances in Public-Key Cryptography-PKC 2014.Berlin Heidelberg:Springer,2014,8383:345-361.
[7]LIBERT B,LING S,MOUHARTEM F,et al.Signature schemes with efficient protocols and dynamic group signatures from lattice assumptions[C]//Advances in Cryptology-ASIACRYPT 2016.Berlin Heidelberg:Springer,2016,10032:373-403.
[8]GENTRY C,PEIKERT C,VAIKUNTANATHAN V.Trapdoors for hard lattices and new cryptographic constructions[C]//Proceedings of the fortieth annual ACMSymposium on Theory of Computing.Victoria:ACM,2008:197-206.
[9]LING S,NGUYEN K,WANG H,et al.Lattice-based group signatures:achieving full dynamicity with ease[C]//Applied Cryptography and Network Security.Kanazawa:Springer,2017,10355:293-312.
[10]BOOTLE J,CERULLI A,CHAIDOS P,et al.Foundations of fully dynamic group signatures[C]//Applied Cryptography and Network Security.Guildford:Springer,2016:117-136.
[11]BRICKELL E,POINTCHEVAL D,VAUDENAY S,et al.Classical hardness of learning with errors[C]//ACMSymposium on Theory of Computing.Palo Alto:ACM,2013:575-584.
[12]REGEV O.On lattices,learning with errors,random linear codes,and cryptography[C]//ACM Symposium on Theory of Computing.Baltimore:ACM,2005:84-93.
[13]MICCIANCIO D,PEIKERT C.Trapdoors for lattices:Simpler,tighter,faster,smaller[C]//Theory and Application of Cryptographic Techniques.Cambridge:Springer,2012,7237:700-718.
[14]CASH D,HOFHEINZ D,KILTZ E,et al.Bonsai trees,or how to delegate a lattice basis[J].Journal of Cryptology,2012,25(4):601-639.
[15]AGRAWAL S,DAN B,BOYEN X.Efficient lattice(H)IBE in the standard model[C]//Advances in Cryptology-EUROCRYPT 2010.Riviera:Springer,2010,6110:553-572.
[16]LING S,NGUYEN K,STEHLE D,et al.Improved zero-knowledge proofs of knowledge for the ISIS problem,and applications[C]//Public-Key Cryptography-PKC2013.Berlin Heidelberg:Springer,2013,7778:107-124.
[17]KAWACHI A,TANAKA K,XAGAWA K.Concurrently secure identification schemes based on the worst-case hardness of lattice problems[C]//International Conference on the Theory and Application of Cryptology and Information Security:Advances in Cryptology.Melbourne:Springer,2008,5350:372-389.
[18]KIAYIAS A,YUNG M.Secure scalable group signature with dynamic joins and separable authorities[J].International Journal of Security and Networks,2006,1(1/2):24-45.