TY - GEN
T1 - Lattice-based group signature scheme with verifier-local revocation
AU - Langlois, Adeline
AU - Ling, San
AU - Nguyen, Khoa
AU - Wang, Huaxiong
PY - 2014
Y1 - 2014
N2 - Support of membership revocation is a desirable functionality for any group signature scheme. Among the known revocation approaches, verifier-local revocation (VLR) seems to be the most flexible one, because it only requires the verifiers to possess some up-to-date revocation information, but not the signers. All of the contemporary VLR group signatures operate in the bilinear map setting, and all of them will be insecure once quantum computers become a reality. In this work, we introduce the first lattice-based VLR group signature, and thus, the first such scheme that is believed to be quantum-resistant. In comparison with existing lattice-based group signatures, our scheme has several noticeable advantages: support of membership revocation, logarithmic-size signatures, and weaker security assumption. In the random oracle model, our scheme is proved to be secure based on the hardness of the SIVPO(n1.5) problem in general lattices - an assumption that is as weak as those of state-of-the-art lattice-based standard signatures. Moreover, our construction works without relying on encryption schemes, which is an intriguing feature for group signatures.
AB - Support of membership revocation is a desirable functionality for any group signature scheme. Among the known revocation approaches, verifier-local revocation (VLR) seems to be the most flexible one, because it only requires the verifiers to possess some up-to-date revocation information, but not the signers. All of the contemporary VLR group signatures operate in the bilinear map setting, and all of them will be insecure once quantum computers become a reality. In this work, we introduce the first lattice-based VLR group signature, and thus, the first such scheme that is believed to be quantum-resistant. In comparison with existing lattice-based group signatures, our scheme has several noticeable advantages: support of membership revocation, logarithmic-size signatures, and weaker security assumption. In the random oracle model, our scheme is proved to be secure based on the hardness of the SIVPO(n1.5) problem in general lattices - an assumption that is as weak as those of state-of-the-art lattice-based standard signatures. Moreover, our construction works without relying on encryption schemes, which is an intriguing feature for group signatures.
KW - group signature
KW - lattice-based cryptography
KW - verifier-local revocation
UR - http://www.scopus.com/inward/record.url?scp=84958522145&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-54631-0_20
DO - 10.1007/978-3-642-54631-0_20
M3 - Conference proceeding contribution
AN - SCOPUS:84958522145
SN - 9783642546303
VL - 8383 LNCS
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 345
EP - 361
BT - Public-Key Cryptography
A2 - Krawczyk, Hugo
PB - Springer, Springer Nature
CY - Heidelberg
T2 - 17th IACR International Conference on Practice and Theory in Public-Key Cryptography, PKC 2014
Y2 - 26 March 2014 through 28 March 2014
ER -