Cryptology ePrint Archive: Report 2015/743
Short Group Signatures via Structure-Preserving Signatures: Standard Model Security from Simple Assumptions
Benoit Libert and Thomas Peters and Moti Yung
Abstract: Group signatures are a central cryptographic primitive which allows users to sign messages while hiding their identity within a crowd of group members. In the standard model (without the random oracle idealization), the most efficient constructions rely on the Groth-Sahai proof systems (Eurocrypt'08). The structure-preserving signatures of Abe et al. (Asiacrypt'12) make it possible to design group signatures based on well-established, constant-size number theoretic assumptions (a.k.a. ``simple assumptions'') like the Symmetric eXternal Diffie-Hellman or Decision Linear assumptions. While much more efficient than group signatures built on general assumptions, these constructions incur a significant overhead w.r.t.
constructions secure in the idealized random oracle model. Indeed, the best known solution based on simple assumptions requires 2.8 kB per signature for currently recommended parameters. Reducing this size and presenting techniques for shorter signatures are thus natural questions. In this paper, our first contribution is to significantly reduce this overhead. Namely, we obtain the first fully anonymous group signatures based on simple assumptions with signatures shorter than 2 kB at the 128-bit security level. In dynamic (resp. static) groups, our signature length drops to 1.8 kB (resp. 1 kB). This improvement is enabled by two technical tools. As a result of independent interest, we first construct a new structure-preserving signature based on simple assumptions which shortens the best previous scheme by 25%. Our second tool is a new method for attaining anonymity in the strongest sense using a new CCA2-secure encryption scheme which is simultaneously a Groth-Sahai commitment.
Category / Keywords: public-key cryptography / Group signatures, standard model, simple assumptions, efficiency, structure-preserving cryptography, QA-NIZK arguments
Original Publication (with minor differences): IACR-CRYPTO-2015
Date: received 23 Jul 2015, last revised 28 Sep 2015
Contact author: benoit libert at gmail com
Available format(s): PDF | BibTeX Citation
Note: Fixed typos
Version: 20150928:090518 (All versions of this report)
Short URL: ia.cr/2015/743
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]