Signature schemes with efficient protocols and dynamic group signatures from lattice assumptions

Benoît Libert*, San Ling, Fabrice Mouhartem, Khoa Nguyen, Huaxiong Wang

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

94 Citations (Scopus)

Abstract

A recent line of works – initiated by Gordon, Katz and Vaikuntanathan (Asiacrypt 2010) – gave lattice-based constructions allowing users to authenticate while remaining hidden in a crowd. Despite five years of efforts, known constructions are still limited to static sets of users, which cannot be dynamically updated. This work provides new tools enabling the design of anonymous authentication systems whereby new users can join the system at any time. Our first contribution is a signature scheme with efficient protocols, which allows users to obtain a signature on a committed value and subsequently prove knowledge of a signature on a committed message. This construction is well-suited to the design of anonymous credentials and group signatures. It indeed provides the first lattice-based group signature supporting dynamically growing populations of users. As a critical component of our group signature, we provide a simple joining mechanism of introducing new group members using our signature scheme. This technique is combined with zero-knowledge arguments allowing registered group members to prove knowledge of a secret short vector of which the corresponding public syndrome was certified by the group manager. These tools provide similar advantages to those of structure-preserving signatures in the realm of bilinear groups. Namely, they allow group members to generate their own public key without having to prove knowledge of the underlying secret key. This results in a two-message joining protocol supporting concurrent enrollments, which can be used in other settings such as group encryption. Our zero-knowledge arguments are presented in a unified framework where: (i) The involved statements reduce to arguing possession of a {−1, 0, 1}-vector x with a particular structure and satisfying P · x = v mod q for some public matrix P and vector v; (ii) The reduced statements can be handled using permuting techniques for Stern-like protocols. Our framework can serve as a blueprint for proving many other relations in lattice-based cryptography.

Original languageEnglish
Title of host publicationAdvances in cryptology - ASIACRYPT 2016
Subtitle of host publication22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, December 4 - 8, 2016, proceedings
EditorsJung Hee Cheon, Tsuyoshi Takagi
Place of PublicationBerlin
PublisherSpringer, Springer Nature
Pages373-403
Number of pages31
ISBN (Print)9783662538890
DOIs
Publication statusPublished - 2016
Externally publishedYes
Event22nd International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2016 - Hanoi, Viet Nam
Duration: 4 Dec 20168 Dec 2016

Publication series

NameLecture Notes in Computer Science
Volume10032 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other22nd International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2016
Country/TerritoryViet Nam
CityHanoi
Period4/12/168/12/16

Keywords

  • lattice-based cryptography
  • anonymity
  • signatures with efficient protocols
  • dynamic group signatures
  • anonymous credentials

Fingerprint

Dive into the research topics of 'Signature schemes with efficient protocols and dynamic group signatures from lattice assumptions'. Together they form a unique fingerprint.

Cite this