Revocable group signature schemes with constant costs for signing and verifying

Toru Nakanishi, Hiroki Fujii, Yuta Hira, Nobuo Funabiki

Research output: Contribution to journalArticle

53 Citations (Scopus)

Abstract

Lots of revocable group signature schemes have been proposed so far. In one type of revocable schemes, signing and/or verifying algorithms have O(N)or O(R) complexity, where N is the group size and R is the number of revoked members. On the other hand, in Camenisch- Lysyanskaya scheme and the followers, signing and verifying algorithms have O(1) complexity. However, before signing, updates of the secret key are required. The complexity is O(R) in the worst case. In this paper, we propose a revocable scheme with signing and verifying of O(1) complexity, where no updates of secret key are required. The compensation is the long public key of O(N). In addition, we extend it to the scheme with 0(v'A)-size public key, where signing and verifying have constant extra costs.

Original languageEnglish
Pages (from-to)463-480
Number of pages18
JournalLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5443
DOIs
Publication statusPublished - 2009

Fingerprint

Group Signature
Group Scheme
Signature Scheme
Costs
Public key
Update
Compensation and Redress

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

@article{c2d4bc4a3a2649da8354362205cb2dfb,
title = "Revocable group signature schemes with constant costs for signing and verifying",
abstract = "Lots of revocable group signature schemes have been proposed so far. In one type of revocable schemes, signing and/or verifying algorithms have O(N)or O(R) complexity, where N is the group size and R is the number of revoked members. On the other hand, in Camenisch- Lysyanskaya scheme and the followers, signing and verifying algorithms have O(1) complexity. However, before signing, updates of the secret key are required. The complexity is O(R) in the worst case. In this paper, we propose a revocable scheme with signing and verifying of O(1) complexity, where no updates of secret key are required. The compensation is the long public key of O(N). In addition, we extend it to the scheme with 0(v'A)-size public key, where signing and verifying have constant extra costs.",
author = "Toru Nakanishi and Hiroki Fujii and Yuta Hira and Nobuo Funabiki",
year = "2009",
doi = "10.1007/978-3-642-00468-1_26",
language = "English",
volume = "5443",
pages = "463--480",
journal = "Lecture Notes in Computer Science",
issn = "0302-9743",
publisher = "Springer Verlag",

}

TY - JOUR

T1 - Revocable group signature schemes with constant costs for signing and verifying

AU - Nakanishi, Toru

AU - Fujii, Hiroki

AU - Hira, Yuta

AU - Funabiki, Nobuo

PY - 2009

Y1 - 2009

N2 - Lots of revocable group signature schemes have been proposed so far. In one type of revocable schemes, signing and/or verifying algorithms have O(N)or O(R) complexity, where N is the group size and R is the number of revoked members. On the other hand, in Camenisch- Lysyanskaya scheme and the followers, signing and verifying algorithms have O(1) complexity. However, before signing, updates of the secret key are required. The complexity is O(R) in the worst case. In this paper, we propose a revocable scheme with signing and verifying of O(1) complexity, where no updates of secret key are required. The compensation is the long public key of O(N). In addition, we extend it to the scheme with 0(v'A)-size public key, where signing and verifying have constant extra costs.

AB - Lots of revocable group signature schemes have been proposed so far. In one type of revocable schemes, signing and/or verifying algorithms have O(N)or O(R) complexity, where N is the group size and R is the number of revoked members. On the other hand, in Camenisch- Lysyanskaya scheme and the followers, signing and verifying algorithms have O(1) complexity. However, before signing, updates of the secret key are required. The complexity is O(R) in the worst case. In this paper, we propose a revocable scheme with signing and verifying of O(1) complexity, where no updates of secret key are required. The compensation is the long public key of O(N). In addition, we extend it to the scheme with 0(v'A)-size public key, where signing and verifying have constant extra costs.

UR - http://www.scopus.com/inward/record.url?scp=67049119911&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=67049119911&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-00468-1_26

DO - 10.1007/978-3-642-00468-1_26

M3 - Article

AN - SCOPUS:67049119911

VL - 5443

SP - 463

EP - 480

JO - Lecture Notes in Computer Science

JF - Lecture Notes in Computer Science

SN - 0302-9743

ER -