A short anonymously revocable group signature scheme from decision linear assumption

Toru Nakanishi, Nobuo Funabiki

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)

Abstract

In group signature schemes, a signature is anonymous for a verifier, while only a designated Privacy Manager (PM) can identify the signer. This identification is used for tracing a dishonest anonymous signer in case of an illegal act using the signature. However, PM can violate signers' anonymity. Recently, Brickell and Li propose a novel countermeasure for the anonymous dishonest signer without PM in the setting of the direct anonymous attestation. Here, we call the generalized group signature version anonymously revocable group signature scheme. In this scheme, after an illegal act using a group signature was found, the membership of the dishonest signer can be anonymously revoked for excluding the signer without the help of any PM. However, since the Brickell-Li scheme is based on the RSA assumption and the DDH assumption, the signature is long. In this paper, we propose a short anonymously revocable group signature scheme from supersingular curves, where we adopt the decision linear (DLIN) assumption. Compared to the simple adoption of the Brickell-Li DDH-based revoking approach to supersingular curves, the length of our signature is reduced to about from 30% to 60%.

Original languageEnglish
Title of host publicationProceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS '08
Pages337-340
Number of pages4
DOIs
Publication statusPublished - 2008
Event2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS '08 - Tokyo, Japan
Duration: Mar 18 2008Mar 20 2008

Other

Other2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS '08
CountryJapan
CityTokyo
Period3/18/083/20/08

Fingerprint

Managers

Keywords

  • Aanonymity
  • Group signature
  • Revocation

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Computer Networks and Communications
  • Computer Science Applications

Cite this

Nakanishi, T., & Funabiki, N. (2008). A short anonymously revocable group signature scheme from decision linear assumption. In Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS '08 (pp. 337-340) https://doi.org/10.1145/1368310.1368359

A short anonymously revocable group signature scheme from decision linear assumption. / Nakanishi, Toru; Funabiki, Nobuo.

Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS '08. 2008. p. 337-340.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Nakanishi, T & Funabiki, N 2008, A short anonymously revocable group signature scheme from decision linear assumption. in Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS '08. pp. 337-340, 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS '08, Tokyo, Japan, 3/18/08. https://doi.org/10.1145/1368310.1368359
Nakanishi T, Funabiki N. A short anonymously revocable group signature scheme from decision linear assumption. In Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS '08. 2008. p. 337-340 https://doi.org/10.1145/1368310.1368359
Nakanishi, Toru ; Funabiki, Nobuo. / A short anonymously revocable group signature scheme from decision linear assumption. Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS '08. 2008. pp. 337-340
@inproceedings{781523a4cb5a439fab291af6cd27a846,
title = "A short anonymously revocable group signature scheme from decision linear assumption",
abstract = "In group signature schemes, a signature is anonymous for a verifier, while only a designated Privacy Manager (PM) can identify the signer. This identification is used for tracing a dishonest anonymous signer in case of an illegal act using the signature. However, PM can violate signers' anonymity. Recently, Brickell and Li propose a novel countermeasure for the anonymous dishonest signer without PM in the setting of the direct anonymous attestation. Here, we call the generalized group signature version anonymously revocable group signature scheme. In this scheme, after an illegal act using a group signature was found, the membership of the dishonest signer can be anonymously revoked for excluding the signer without the help of any PM. However, since the Brickell-Li scheme is based on the RSA assumption and the DDH assumption, the signature is long. In this paper, we propose a short anonymously revocable group signature scheme from supersingular curves, where we adopt the decision linear (DLIN) assumption. Compared to the simple adoption of the Brickell-Li DDH-based revoking approach to supersingular curves, the length of our signature is reduced to about from 30{\%} to 60{\%}.",
keywords = "Aanonymity, Group signature, Revocation",
author = "Toru Nakanishi and Nobuo Funabiki",
year = "2008",
doi = "10.1145/1368310.1368359",
language = "English",
isbn = "9781595939791",
pages = "337--340",
booktitle = "Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS '08",

}

TY - GEN

T1 - A short anonymously revocable group signature scheme from decision linear assumption

AU - Nakanishi, Toru

AU - Funabiki, Nobuo

PY - 2008

Y1 - 2008

N2 - In group signature schemes, a signature is anonymous for a verifier, while only a designated Privacy Manager (PM) can identify the signer. This identification is used for tracing a dishonest anonymous signer in case of an illegal act using the signature. However, PM can violate signers' anonymity. Recently, Brickell and Li propose a novel countermeasure for the anonymous dishonest signer without PM in the setting of the direct anonymous attestation. Here, we call the generalized group signature version anonymously revocable group signature scheme. In this scheme, after an illegal act using a group signature was found, the membership of the dishonest signer can be anonymously revoked for excluding the signer without the help of any PM. However, since the Brickell-Li scheme is based on the RSA assumption and the DDH assumption, the signature is long. In this paper, we propose a short anonymously revocable group signature scheme from supersingular curves, where we adopt the decision linear (DLIN) assumption. Compared to the simple adoption of the Brickell-Li DDH-based revoking approach to supersingular curves, the length of our signature is reduced to about from 30% to 60%.

AB - In group signature schemes, a signature is anonymous for a verifier, while only a designated Privacy Manager (PM) can identify the signer. This identification is used for tracing a dishonest anonymous signer in case of an illegal act using the signature. However, PM can violate signers' anonymity. Recently, Brickell and Li propose a novel countermeasure for the anonymous dishonest signer without PM in the setting of the direct anonymous attestation. Here, we call the generalized group signature version anonymously revocable group signature scheme. In this scheme, after an illegal act using a group signature was found, the membership of the dishonest signer can be anonymously revoked for excluding the signer without the help of any PM. However, since the Brickell-Li scheme is based on the RSA assumption and the DDH assumption, the signature is long. In this paper, we propose a short anonymously revocable group signature scheme from supersingular curves, where we adopt the decision linear (DLIN) assumption. Compared to the simple adoption of the Brickell-Li DDH-based revoking approach to supersingular curves, the length of our signature is reduced to about from 30% to 60%.

KW - Aanonymity

KW - Group signature

KW - Revocation

UR - http://www.scopus.com/inward/record.url?scp=77950353119&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77950353119&partnerID=8YFLogxK

U2 - 10.1145/1368310.1368359

DO - 10.1145/1368310.1368359

M3 - Conference contribution

AN - SCOPUS:77950353119

SN - 9781595939791

SP - 337

EP - 340

BT - Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS '08

ER -