Paper 2019/221

Group Signatures without NIZK: From Lattices in the Standard Model

Shuichi Katsumata and Shota Yamada

Abstract

In a group signature scheme, users can anonymously sign messages on behalf of the group they belong to, yet it is possible to trace the signer when needed. Since the first proposal of lattice-based group signatures in the random oracle model by Gordon, Katz, and Vaikuntanathan (ASIACRYPT 2010), the realization of them in the standard model from lattices has attracted much research interest, however, it has remained unsolved. In this paper, we make progress on this problem by giving the first such construction. Our schemes satisfy CCA-selfless anonymity and full traceability, which are the standard security requirements for group signatures proposed by Bellare, Micciancio, and Warinschi (EUROCRYPT 2003) with a slight relaxation in the anonymity requirement suggested by Camenisch and Groth (SCN 2004). We emphasize that even with this relaxed anonymity requirement, all previous group signature constructions rely on random oracles or NIZKs, where currently NIZKs are not known to be implied from lattice-based assumptions. We propose two constructions that provide tradeoffs regarding the security assumption and efficiency: - Our first construction is proven secure assuming the standard LWE and the SIS assumption. The sizes of the public parameters and the signatures grow linearly in the number of users in the system. - Our second construction is proven secure assuming the standard LWE and the subexponential hardness of the SIS problem. The sizes of the public parameters and the signatures are independent of the number of users in the system. Technically, we obtain the above schemes by combining a secret key encryption scheme with additional properties and a special type of attribute-based signature (ABS) scheme, thus bypassing the utilization of NIZKs. More specifically, we introduce the notion of \emph{indexed} ABS, which is a relaxation of standard ABS. The above two schemes are obtained by instantiating the indexed ABS with different constructions. One is a direct construction we propose and the other is based on previous work.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
A major revision of an IACR publication in EUROCRYPT 2019
Keywords
Group signaturesLatticesAttribute-based signatures
Contact author(s)
shuichi katsumata000 @ gmail com
shota yamada enc @ gmail com
yamada-shota @ aist go jp
History
2019-04-25: revised
2019-02-27: received
See all versions
Short URL
https://ia.cr/2019/221
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2019/221,
      author = {Shuichi Katsumata and Shota Yamada},
      title = {Group Signatures without NIZK: From Lattices in the Standard Model},
      howpublished = {Cryptology ePrint Archive, Paper 2019/221},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/221}},
      url = {https://eprint.iacr.org/2019/221}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.