Cryptology ePrint Archive: Report 2014/033

Lattice-based Group Signature Scheme with Veri er-local Revocation

Adeline Langlois and San Ling and Khoa Nguyen and Huaxiong Wang

Abstract: Support of membership revocation is a desirable functionality for any group signature scheme. Among the known revocation approaches, verifier-local revocation (VLR) seems to be the most flexible one, because it only requires the verifiers to possess some up-to-date revocation information, but not the signers. All of the contemporary VLR group signatures operate in the bilinear map setting, and all of them will be insecure once quantum computers become a reality. In this work, we introduce the first lattice-based VLR group signature, and thus, the first such scheme that is believed to be quantum-resistant. In comparison with existing lattice-based group signatures, our scheme has several noticeable advantages: support of membership revocation, logarithmic-size signatures, and milder hardness assumptions. In the random oracle model, our scheme is proven secure based on the hardness of the SIVP_O(n^{2.5}) problem in general lattices. Moreover, our construction works without relying on public-key encryption schemes, which is an intriguing feature for group signatures.

Category / Keywords: group signature, verifier-local revocation, lattice-based cryptography

Original Publication (with major differences): IACR-PKC-2014

Date: received 11 Jan 2014, last revised 5 Aug 2016

Contact author: khoantt at ntu edu sg

Available format(s): PDF | BibTeX Citation

Note: The previous version, published at PKC 2014, contains a flaw in the revocation mechanism. This flaw is fixed in the present version, by binding the user's revocation token to an LWE instance. The authors are grateful to Shota Yamada for pointing out the flaw, and for insightful discussions that lead to the amendment.

Version: 20160805:095033 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]