Cryptology ePrint Archive: Report 2013/308

Lattice-Based Group Signatures with Logarithmic Signature Size

Fabien Laguillaumie and Adeline Langlois and Benoit Libert and Damien Stehle

Abstract: Group signatures are cryptographic primitives where users can anonymously sign messages in the name of a population they belong to. Gordon et al. (Asiacrypt 2010) suggested the first realization of group signatures based on lattice assumptions in the random oracle model. A significant drawback of their scheme is its linear signature size in the cardinality $N$ of the group. A recent extension proposed by Camenisch et al. (SCN 2012) suffers from the same overhead. In this paper, we describe the first lattice-based group signature schemes where the signature and public key sizes are essentially logarithmic in $N$ (for any fixed security level). Our basic construction only satisfies a relaxed definition of anonymity (just like the Gordon et al. system) but readily extends into a fully anonymous group signature (i.e., that resists adversaries equipped with a signature opening oracle). We prove the security of our schemes in the random oracle model under the SIS and LWE assumptions.

Category / Keywords: cryptographic protocols / group signatures, lattice-based cryptography

Date: received 22 May 2013, last revised 4 Jul 2014

Contact author: damien stehle at ens-lyon fr

Available format(s): PDF | BibTeX Citation

Version: 20140704:111036 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]