doi: 10.3934/amc.2020027

Group signature from lattices preserving forward security in dynamic setting

Department of Mathematics, Indian Institute of Technology Kharagpur, Kharagpur-721302, India

* Corresponding author: Meenakshi Kansal

Received  October 2018 Revised  March 2019 Published  September 2019

We propose the first lattice-based dynamic group signature scheme achieving forward security. Our scheme is proven to be secure against framing attack, misidentification attack and preserves anonymity under the learning with errors (${\mathsf{LWE}}$) and short integer solution (${\mathsf{SIS}}$) assumptions in the random oracle model. More interestingly, our setting allows the group manager to generate distinct certificates to distinct users which can be updated by the users themselves without any interaction with the group manager. Furthermore, our scheme is dynamic where signing key of a user is not fixed during the setup and is issued only at the joining time of the user.

Citation: Meenakshi Kansal, Ratna Dutta, Sourav Mukhopadhyay. Group signature from lattices preserving forward security in dynamic setting. Advances in Mathematics of Communications, doi: 10.3934/amc.2020027
References:
[1]

S. Agrawal, D. Boneh and X. Boyen, Efficient lattice (H)IBE in the standard model, in Advances in cryptology—EUROCRYPT 2010, Lecture Notes in Comput. Sci., Springer, Berlin, 6110 (2010), 553–572. doi: 10.1007/978-3-642-13190-5_28. Google Scholar

[2]

M. Ajtai, Generating hard instances of lattice problems (extended abstract), in Proceedings of the Twenty-eighth Annual ACM Symposium on Theory of Computing, ACM, New York, (1996), 99–108. doi: 10.1145/237814.237838. Google Scholar

[3]

J. Alwen and C. Peikert, Generating shorter bases for hard random lattices, Theory of Computing Systems, 48 (2011), 535-553. doi: 10.1007/s00224-010-9278-3. Google Scholar

[4]

E. Brickell, D. Pointcheval, S. Vaudenay and M. Yung, Design validations for discrete logarithm based signature schemes, in Public Key Cryptography, Lecture Notes in Comput. Sci., Springer, Berlin, 1751 (2000), 276–292. doi: 10.1007/978-3-540-46588-1_19. Google Scholar

[5]

J. Camenisch, G. Neven and M. Rückert, Fully anonymous attribute tokens from lattices, in International Conference on Security and Cryptography for Networks, Springer, 2012, 57–75. doi: 10.1007/978-3-642-32928-9_4. Google Scholar

[6]

D. Cash, D. Hofheinz, E. Kiltz and C. Peikert, Bonsai trees, or how to delegate a lattice basis, in Advances in cryptology—EUROCRYPT 2010, Lecture Notes in Comput. Sci., Springer, Berlin, 6110 (2010), 523–552. doi: 10.1007/978-3-642-13190-5_27. Google Scholar

[7]

C. Gentry, C. Peikert and V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions, in STOC'08, ACM, New York, (2008), 197–206. doi: 10.1145/1374376.1374407. Google Scholar

[8]

S. D. Gordon, J. Katz and V. Vaikuntanathan, A group signature scheme from lattice assumptions, in Advances in cryptology—ASIACRYPT 2010, Lecture Notes in Comput. Sci., Springer, Berlin, 6477 (2010), 395–412. doi: 10.1007/978-3-642-17373-8_23. Google Scholar

[9]

U. Hohenberger, Honest verifier zk and fiat-shamir (lecture 1), (2007), https://www.cs.jhu.edu/susan/600.641/scribes/lecture11.pdf.Google Scholar

[10]

F. Laguillaumie, A. Langlois, B. Libert and D. Stehlé, Lattice-based group signatures with logarithmic signature size, in Advances in cryptology—ASIACRYPT 2013. Part Ⅱ, Lecture Notes in Comput. Sci., Springer, Heidelberg, 8270 (2013), 41–61. doi: 10.1007/978-3-642-42045-0_3. Google Scholar

[11]

B. Libert, S. Ling, F. Mouhartem, K. Nguyen and H. X. Wang, Signature schemes with efficient protocols and dynamic group signatures from lattice assumptions, in Advances in Cryptology—ASIACRYPT 2016. Part Ⅱ, Lecture Notes in Comput. Sci., Springer, Berlin, 10032 (2016), 373–403. doi: 10.1007/978-3-662-53890-6_13. Google Scholar

[12]

B. Libert and M. Yung, Fully forward-secure group signatures, in Cryptography and Security: From Theory to Applications, Springer, (2012), 156–184. doi: 10.1007/978-3-642-28368-0_13. Google Scholar

[13]

S. Ling, K. Nguyen, D. Stehlé and H. X. Wang, Improved zero-knowledge proofs of knowledge for the ISIS problem, and applications, in Public Key Cryptography—PKC 2013, Lecture Notes in Comput. Sci., Springer, Heidelberg, 7778 (2013), 107–124. doi: 10.1007/978-3-642-36362-7_8. Google Scholar

[14]

S. Ling, K. Nguyen and H. X. Wang, Group signatures from lattices: simpler, tighter, shorter, ring-based, in Public-key Cryptography—PKC 2015, Lecture Notes in Comput. Sci., Springer, Heidelberg, 9020 (2015), 427–449. doi: 10.1007/978-3-662-46447-2_19. Google Scholar

[15]

S. Ling, K. Nguyen, H. X. Wang and Y. H. Xu, Forward-secure group signatures from lattices, International Conference on Post-Quantum Cryptography, 11505 (2019), 44–64, arXiv: 1801.08323. doi: 10.1007/978-3-030-25510-7_3. Google Scholar

[16]

O. Regev, On lattices, learning with errors, random linear codes, and cryptography, Journal of the ACM (JACM), 56 (2009), Art. 34, 40 pp. doi: 10.1145/1568318.1568324. Google Scholar

show all references

References:
[1]

S. Agrawal, D. Boneh and X. Boyen, Efficient lattice (H)IBE in the standard model, in Advances in cryptology—EUROCRYPT 2010, Lecture Notes in Comput. Sci., Springer, Berlin, 6110 (2010), 553–572. doi: 10.1007/978-3-642-13190-5_28. Google Scholar

[2]

M. Ajtai, Generating hard instances of lattice problems (extended abstract), in Proceedings of the Twenty-eighth Annual ACM Symposium on Theory of Computing, ACM, New York, (1996), 99–108. doi: 10.1145/237814.237838. Google Scholar

[3]

J. Alwen and C. Peikert, Generating shorter bases for hard random lattices, Theory of Computing Systems, 48 (2011), 535-553. doi: 10.1007/s00224-010-9278-3. Google Scholar

[4]

E. Brickell, D. Pointcheval, S. Vaudenay and M. Yung, Design validations for discrete logarithm based signature schemes, in Public Key Cryptography, Lecture Notes in Comput. Sci., Springer, Berlin, 1751 (2000), 276–292. doi: 10.1007/978-3-540-46588-1_19. Google Scholar

[5]

J. Camenisch, G. Neven and M. Rückert, Fully anonymous attribute tokens from lattices, in International Conference on Security and Cryptography for Networks, Springer, 2012, 57–75. doi: 10.1007/978-3-642-32928-9_4. Google Scholar

[6]

D. Cash, D. Hofheinz, E. Kiltz and C. Peikert, Bonsai trees, or how to delegate a lattice basis, in Advances in cryptology—EUROCRYPT 2010, Lecture Notes in Comput. Sci., Springer, Berlin, 6110 (2010), 523–552. doi: 10.1007/978-3-642-13190-5_27. Google Scholar

[7]

C. Gentry, C. Peikert and V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions, in STOC'08, ACM, New York, (2008), 197–206. doi: 10.1145/1374376.1374407. Google Scholar

[8]

S. D. Gordon, J. Katz and V. Vaikuntanathan, A group signature scheme from lattice assumptions, in Advances in cryptology—ASIACRYPT 2010, Lecture Notes in Comput. Sci., Springer, Berlin, 6477 (2010), 395–412. doi: 10.1007/978-3-642-17373-8_23. Google Scholar

[9]

U. Hohenberger, Honest verifier zk and fiat-shamir (lecture 1), (2007), https://www.cs.jhu.edu/susan/600.641/scribes/lecture11.pdf.Google Scholar

[10]

F. Laguillaumie, A. Langlois, B. Libert and D. Stehlé, Lattice-based group signatures with logarithmic signature size, in Advances in cryptology—ASIACRYPT 2013. Part Ⅱ, Lecture Notes in Comput. Sci., Springer, Heidelberg, 8270 (2013), 41–61. doi: 10.1007/978-3-642-42045-0_3. Google Scholar

[11]

B. Libert, S. Ling, F. Mouhartem, K. Nguyen and H. X. Wang, Signature schemes with efficient protocols and dynamic group signatures from lattice assumptions, in Advances in Cryptology—ASIACRYPT 2016. Part Ⅱ, Lecture Notes in Comput. Sci., Springer, Berlin, 10032 (2016), 373–403. doi: 10.1007/978-3-662-53890-6_13. Google Scholar

[12]

B. Libert and M. Yung, Fully forward-secure group signatures, in Cryptography and Security: From Theory to Applications, Springer, (2012), 156–184. doi: 10.1007/978-3-642-28368-0_13. Google Scholar

[13]

S. Ling, K. Nguyen, D. Stehlé and H. X. Wang, Improved zero-knowledge proofs of knowledge for the ISIS problem, and applications, in Public Key Cryptography—PKC 2013, Lecture Notes in Comput. Sci., Springer, Heidelberg, 7778 (2013), 107–124. doi: 10.1007/978-3-642-36362-7_8. Google Scholar

[14]

S. Ling, K. Nguyen and H. X. Wang, Group signatures from lattices: simpler, tighter, shorter, ring-based, in Public-key Cryptography—PKC 2015, Lecture Notes in Comput. Sci., Springer, Heidelberg, 9020 (2015), 427–449. doi: 10.1007/978-3-662-46447-2_19. Google Scholar

[15]

S. Ling, K. Nguyen, H. X. Wang and Y. H. Xu, Forward-secure group signatures from lattices, International Conference on Post-Quantum Cryptography, 11505 (2019), 44–64, arXiv: 1801.08323. doi: 10.1007/978-3-030-25510-7_3. Google Scholar

[16]

O. Regev, On lattices, learning with errors, random linear codes, and cryptography, Journal of the ACM (JACM), 56 (2009), Art. 34, 40 pp. doi: 10.1145/1568318.1568324. Google Scholar

Figure 1.  Node Labeling
Table 1.  Comparative summary of lattice based group signature schemes
Scheme Forward secure Dynamic Signature size Public key size Certificate size Signer's SK size
[8] No No $ N\cdot \tilde{\mathcal{O}}(n^2) $ $ N\cdot \tilde{\mathcal{O}}(n^2) $ - $ \tilde{\mathcal{O}}(n^2) $
[5] No No $ N\cdot \tilde{\mathcal{O}}(n^2) $ $ N\cdot \tilde{\mathcal{O}}(n^2) $ - $ \tilde{\mathcal{O}}(n^2) $
[10] No No $ \log N \cdot \tilde{\mathcal{O}}(n) $ $ \log N \cdot \tilde{\mathcal{O}}(n^2) $ - $ \tilde{\mathcal{O}}(n^2) $
[14] No No $ \log N \cdot \tilde{\mathcal{O}}(n) $ $ \log N \cdot \tilde{\mathcal{O}}(n^2) $ - $ \tilde{\mathcal{O}}(n) $
[11] No Yes $ \log N \cdot \tilde{\mathcal{O}}(n) $ $ \log N \cdot \tilde{\mathcal{O}}(n^2) $ $ \log N \cdot \mathcal{O}(n) $ $ \tilde{\mathcal{O}}(n) $
[15] Yes No $ \log N \cdot \tilde{\mathcal{O}}(n) $ $ \log N \cdot \tilde{\mathcal{O}}(n^2) $ - $ \log N \; \tilde{\mathcal{O}}(n^2) $
Ours Yes Yes $ \log N\; \tilde{\mathcal{O}}(n^3) $ $ \log N \cdot \tilde{\mathcal{O}}(n^2) $ $ \log N \; \tilde{\mathcal{O}}(n^2) $ $ \tilde{\mathcal{O}}(n) $
Scheme Forward secure Dynamic Signature size Public key size Certificate size Signer's SK size
[8] No No $ N\cdot \tilde{\mathcal{O}}(n^2) $ $ N\cdot \tilde{\mathcal{O}}(n^2) $ - $ \tilde{\mathcal{O}}(n^2) $
[5] No No $ N\cdot \tilde{\mathcal{O}}(n^2) $ $ N\cdot \tilde{\mathcal{O}}(n^2) $ - $ \tilde{\mathcal{O}}(n^2) $
[10] No No $ \log N \cdot \tilde{\mathcal{O}}(n) $ $ \log N \cdot \tilde{\mathcal{O}}(n^2) $ - $ \tilde{\mathcal{O}}(n^2) $
[14] No No $ \log N \cdot \tilde{\mathcal{O}}(n) $ $ \log N \cdot \tilde{\mathcal{O}}(n^2) $ - $ \tilde{\mathcal{O}}(n) $
[11] No Yes $ \log N \cdot \tilde{\mathcal{O}}(n) $ $ \log N \cdot \tilde{\mathcal{O}}(n^2) $ $ \log N \cdot \mathcal{O}(n) $ $ \tilde{\mathcal{O}}(n) $
[15] Yes No $ \log N \cdot \tilde{\mathcal{O}}(n) $ $ \log N \cdot \tilde{\mathcal{O}}(n^2) $ - $ \log N \; \tilde{\mathcal{O}}(n^2) $
Ours Yes Yes $ \log N\; \tilde{\mathcal{O}}(n^3) $ $ \log N \cdot \tilde{\mathcal{O}}(n^2) $ $ \log N \; \tilde{\mathcal{O}}(n^2) $ $ \tilde{\mathcal{O}}(n) $
[1]

Jie Xu, Lanjun Dang. An efficient RFID anonymous batch authentication protocol based on group signature. Discrete & Continuous Dynamical Systems - S, 2019, 12 (4&5) : 1489-1500. doi: 10.3934/dcdss.2019102

[2]

Philip Lafrance, Alfred Menezes. On the security of the WOTS-PRF signature scheme. Advances in Mathematics of Communications, 2019, 13 (1) : 185-193. doi: 10.3934/amc.2019012

[3]

Yang Lu, Jiguo Li. Forward-secure identity-based encryption with direct chosen-ciphertext security in the standard model. Advances in Mathematics of Communications, 2017, 11 (1) : 161-177. doi: 10.3934/amc.2017010

[4]

Florian Luca, Igor E. Shparlinski. On finite fields for pairing based cryptography. Advances in Mathematics of Communications, 2007, 1 (3) : 281-286. doi: 10.3934/amc.2007.1.281

[5]

Gérard Maze, Chris Monico, Joachim Rosenthal. Public key cryptography based on semigroup actions. Advances in Mathematics of Communications, 2007, 1 (4) : 489-507. doi: 10.3934/amc.2007.1.489

[6]

Santanu Sarkar, Subhamoy Maitra. Some applications of lattice based root finding techniques. Advances in Mathematics of Communications, 2010, 4 (4) : 519-531. doi: 10.3934/amc.2010.4.519

[7]

Dariusz Borkowski. Forward and backward filtering based on backward stochastic differential equations. Inverse Problems & Imaging, 2016, 10 (2) : 305-325. doi: 10.3934/ipi.2016002

[8]

Rainer Steinwandt, Adriana Suárez Corona. Attribute-based group key establishment. Advances in Mathematics of Communications, 2010, 4 (3) : 381-398. doi: 10.3934/amc.2010.4.381

[9]

Chun-Xiang Guo, Guo Qiang, Jin Mao-Zhu, Zhihan Lv. Dynamic systems based on preference graph and distance. Discrete & Continuous Dynamical Systems - S, 2015, 8 (6) : 1139-1154. doi: 10.3934/dcdss.2015.8.1139

[10]

Mohammad Sadeq Dousti, Rasool Jalili. FORSAKES: A forward-secure authenticated key exchange protocol based on symmetric key-evolving schemes. Advances in Mathematics of Communications, 2015, 9 (4) : 471-514. doi: 10.3934/amc.2015.9.471

[11]

Xinxin Tan, Shujuan Li, Sisi Liu, Zhiwei Zhao, Lisa Huang, Jiatai Gang. Dynamic simulation of a SEIQR-V epidemic model based on cellular automata. Numerical Algebra, Control & Optimization, 2015, 5 (4) : 327-337. doi: 10.3934/naco.2015.5.327

[12]

Mohammad Afzalinejad, Zahra Abbasi. A slacks-based model for dynamic data envelopment analysis. Journal of Industrial & Management Optimization, 2019, 15 (1) : 275-291. doi: 10.3934/jimo.2018043

[13]

Shi'an Wang, N. U. Ahmed. Optimum management of the network of city bus routes based on a stochastic dynamic model. Journal of Industrial & Management Optimization, 2019, 15 (2) : 619-631. doi: 10.3934/jimo.2018061

[14]

Neal Koblitz, Alfred Menezes. Another look at security definitions. Advances in Mathematics of Communications, 2013, 7 (1) : 1-38. doi: 10.3934/amc.2013.7.1

[15]

Isabelle Déchène. On the security of generalized Jacobian cryptosystems. Advances in Mathematics of Communications, 2007, 1 (4) : 413-426. doi: 10.3934/amc.2007.1.413

[16]

Haiying Liu, Wenjie Bi, Kok Lay Teo, Naxing Liu. Dynamic optimal decision making for manufacturers with limited attention based on sparse dynamic programming. Journal of Industrial & Management Optimization, 2019, 15 (2) : 445-464. doi: 10.3934/jimo.2018050

[17]

José Moreira, Marcel Fernández, Miguel Soriano. On the relationship between the traceability properties of Reed-Solomon codes. Advances in Mathematics of Communications, 2012, 6 (4) : 467-478. doi: 10.3934/amc.2012.6.467

[18]

Ke Gu, Xinying Dong, Linyu Wang. Efficient traceable ring signature scheme without pairings. Advances in Mathematics of Communications, 2019, 0 (0) : 0-0. doi: 10.3934/amc.2020016

[19]

Anton Stolbunov. Constructing public-key cryptographic schemes based on class group action on a set of isogenous elliptic curves. Advances in Mathematics of Communications, 2010, 4 (2) : 215-235. doi: 10.3934/amc.2010.4.215

[20]

Diego F. Aranha, Ricardo Dahab, Julio López, Leonardo B. Oliveira. Efficient implementation of elliptic curve cryptography in wireless sensors. Advances in Mathematics of Communications, 2010, 4 (2) : 169-187. doi: 10.3934/amc.2010.4.169

2018 Impact Factor: 0.879

Metrics

  • PDF downloads (3)
  • HTML views (47)
  • Cited by (0)

[Back to Top]