Highly-Efficient Fully-Anonymous Dynamic Group Signatures

David Derler, Daniel Slamanig

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

Group signatures are a central tool in privacy-enhancing cryptography, which allow members of a group to anonymously produce signatures on behalf of the group. Consequently, they are an attractive means to implement privacy-friendly authentication mechanisms. Ideally, group signatures are dynamic and thus allow to dynamically and concurrently enroll new members to a group. For such schemes, Bellare et al. (CT-RSA»05) proposed the currently strongest security model (BSZ model). This model, in particular, ensures desirable anonymity guarantees. Given the prevalence of the resource asymmetry in current computing scenarios, i.e., a multitude of (highly) resource-constrained devices are communicating with powerful (cloud-powered) services, it is of utmost importance to have group signatures that are highly-efficient and can be deployed in such scenarios. Satisfying these requirements in particular means that the signing (client) operations are lightweight.
We propose a novel, generic approach to construct dynamic group signature schemes, being provably secure in the BSZ model and particularly suitable for resource-constrained devices. Our results are interesting for various reasons: We can prove our construction secure without requiring random oracles. Moreover, when opting for an instantiation in the random oracle model (ROM) the so obtained scheme is extremely efficient and outperforms the fastest constructions providing anonymity in the BSZ model - which also rely on the ROM - known to date. Regarding constructions providing a weaker anonymity notion than BSZ, we surprisingly outperform the popular short BBS group signature scheme (CRYPTO»04; also proven secure in the ROM) and thereby even obtain shorter signatures. We provide a rigorous comparison with existing schemes that highlights the benefits of our scheme. On a more theoretical side, we provide the first construction following the "without encryption" paradigm introduced by Bichsel et al. (SCN»10) in the strong BSZ model.
Original languageEnglish
Title of host publicationProceedings of the 2018 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2018
PublisherAssociation of Computing Machinery
Pages551-565
ISBN (Print)978-1-4503-5576-6
DOIs
Publication statusPublished - 2018
Event13th ACM ASIA Conference on Information, Computer and Communications Security - Incheon, Korea, Republic of
Duration: 4 Jun 20188 Jun 2018
http://asiaccs2018.org/

Conference

Conference13th ACM ASIA Conference on Information, Computer and Communications Security
Abbreviated titleASIACCS 2018
CountryKorea, Republic of
CityIncheon
Period4/06/188/06/18
Internet address

Fingerprint

Cryptography
Bulletin boards
Authentication

Cite this

Derler, D., & Slamanig, D. (2018). Highly-Efficient Fully-Anonymous Dynamic Group Signatures. In Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2018 (pp. 551-565). Association of Computing Machinery. https://doi.org/10.1145/3196494.3196507

Highly-Efficient Fully-Anonymous Dynamic Group Signatures. / Derler, David; Slamanig, Daniel.

Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2018. Association of Computing Machinery, 2018. p. 551-565.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Derler, D & Slamanig, D 2018, Highly-Efficient Fully-Anonymous Dynamic Group Signatures. in Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2018. Association of Computing Machinery, pp. 551-565, 13th ACM ASIA Conference on Information, Computer and Communications Security, Incheon, Korea, Republic of, 4/06/18. https://doi.org/10.1145/3196494.3196507
Derler D, Slamanig D. Highly-Efficient Fully-Anonymous Dynamic Group Signatures. In Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2018. Association of Computing Machinery. 2018. p. 551-565 https://doi.org/10.1145/3196494.3196507
Derler, David ; Slamanig, Daniel. / Highly-Efficient Fully-Anonymous Dynamic Group Signatures. Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2018. Association of Computing Machinery, 2018. pp. 551-565
@inproceedings{e103c9cd490441ab993a861950db9b19,
title = "Highly-Efficient Fully-Anonymous Dynamic Group Signatures",
abstract = "Group signatures are a central tool in privacy-enhancing cryptography, which allow members of a group to anonymously produce signatures on behalf of the group. Consequently, they are an attractive means to implement privacy-friendly authentication mechanisms. Ideally, group signatures are dynamic and thus allow to dynamically and concurrently enroll new members to a group. For such schemes, Bellare et al. (CT-RSA»05) proposed the currently strongest security model (BSZ model). This model, in particular, ensures desirable anonymity guarantees. Given the prevalence of the resource asymmetry in current computing scenarios, i.e., a multitude of (highly) resource-constrained devices are communicating with powerful (cloud-powered) services, it is of utmost importance to have group signatures that are highly-efficient and can be deployed in such scenarios. Satisfying these requirements in particular means that the signing (client) operations are lightweight.We propose a novel, generic approach to construct dynamic group signature schemes, being provably secure in the BSZ model and particularly suitable for resource-constrained devices. Our results are interesting for various reasons: We can prove our construction secure without requiring random oracles. Moreover, when opting for an instantiation in the random oracle model (ROM) the so obtained scheme is extremely efficient and outperforms the fastest constructions providing anonymity in the BSZ model - which also rely on the ROM - known to date. Regarding constructions providing a weaker anonymity notion than BSZ, we surprisingly outperform the popular short BBS group signature scheme (CRYPTO»04; also proven secure in the ROM) and thereby even obtain shorter signatures. We provide a rigorous comparison with existing schemes that highlights the benefits of our scheme. On a more theoretical side, we provide the first construction following the {"}without encryption{"} paradigm introduced by Bichsel et al. (SCN»10) in the strong BSZ model.",
author = "David Derler and Daniel Slamanig",
year = "2018",
doi = "10.1145/3196494.3196507",
language = "English",
isbn = "978-1-4503-5576-6",
pages = "551--565",
booktitle = "Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2018",
publisher = "Association of Computing Machinery",
address = "United States",

}

TY - GEN

T1 - Highly-Efficient Fully-Anonymous Dynamic Group Signatures

AU - Derler, David

AU - Slamanig, Daniel

PY - 2018

Y1 - 2018

N2 - Group signatures are a central tool in privacy-enhancing cryptography, which allow members of a group to anonymously produce signatures on behalf of the group. Consequently, they are an attractive means to implement privacy-friendly authentication mechanisms. Ideally, group signatures are dynamic and thus allow to dynamically and concurrently enroll new members to a group. For such schemes, Bellare et al. (CT-RSA»05) proposed the currently strongest security model (BSZ model). This model, in particular, ensures desirable anonymity guarantees. Given the prevalence of the resource asymmetry in current computing scenarios, i.e., a multitude of (highly) resource-constrained devices are communicating with powerful (cloud-powered) services, it is of utmost importance to have group signatures that are highly-efficient and can be deployed in such scenarios. Satisfying these requirements in particular means that the signing (client) operations are lightweight.We propose a novel, generic approach to construct dynamic group signature schemes, being provably secure in the BSZ model and particularly suitable for resource-constrained devices. Our results are interesting for various reasons: We can prove our construction secure without requiring random oracles. Moreover, when opting for an instantiation in the random oracle model (ROM) the so obtained scheme is extremely efficient and outperforms the fastest constructions providing anonymity in the BSZ model - which also rely on the ROM - known to date. Regarding constructions providing a weaker anonymity notion than BSZ, we surprisingly outperform the popular short BBS group signature scheme (CRYPTO»04; also proven secure in the ROM) and thereby even obtain shorter signatures. We provide a rigorous comparison with existing schemes that highlights the benefits of our scheme. On a more theoretical side, we provide the first construction following the "without encryption" paradigm introduced by Bichsel et al. (SCN»10) in the strong BSZ model.

AB - Group signatures are a central tool in privacy-enhancing cryptography, which allow members of a group to anonymously produce signatures on behalf of the group. Consequently, they are an attractive means to implement privacy-friendly authentication mechanisms. Ideally, group signatures are dynamic and thus allow to dynamically and concurrently enroll new members to a group. For such schemes, Bellare et al. (CT-RSA»05) proposed the currently strongest security model (BSZ model). This model, in particular, ensures desirable anonymity guarantees. Given the prevalence of the resource asymmetry in current computing scenarios, i.e., a multitude of (highly) resource-constrained devices are communicating with powerful (cloud-powered) services, it is of utmost importance to have group signatures that are highly-efficient and can be deployed in such scenarios. Satisfying these requirements in particular means that the signing (client) operations are lightweight.We propose a novel, generic approach to construct dynamic group signature schemes, being provably secure in the BSZ model and particularly suitable for resource-constrained devices. Our results are interesting for various reasons: We can prove our construction secure without requiring random oracles. Moreover, when opting for an instantiation in the random oracle model (ROM) the so obtained scheme is extremely efficient and outperforms the fastest constructions providing anonymity in the BSZ model - which also rely on the ROM - known to date. Regarding constructions providing a weaker anonymity notion than BSZ, we surprisingly outperform the popular short BBS group signature scheme (CRYPTO»04; also proven secure in the ROM) and thereby even obtain shorter signatures. We provide a rigorous comparison with existing schemes that highlights the benefits of our scheme. On a more theoretical side, we provide the first construction following the "without encryption" paradigm introduced by Bichsel et al. (SCN»10) in the strong BSZ model.

U2 - 10.1145/3196494.3196507

DO - 10.1145/3196494.3196507

M3 - Conference contribution

SN - 978-1-4503-5576-6

SP - 551

EP - 565

BT - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2018

PB - Association of Computing Machinery

ER -