In this paper we show how pairing-based group signature schemes (PB-GSSs) following the sign-and-encrypt-and-prove (SEP) paradigm that are secure in the BSZ model can be generically transformed in order to support one particular enhanced anonymity management mechanism, i.e., we propose a transformation that turns every such PB-GSS into a PB-GSS with controllable linkability. Basically, this transformation replaces the public key encryption scheme used for identity escrow within a group signature scheme with a modified all-or-nothing public key encryption with equality tests scheme (denoted AoN-PKEET$^*$) instantiated from the respective public key encryption scheme. Thereby, the respective trapdoor is given to the linking authority as a linking key. The appealing benefit of this approach in contrast to other anonymity management mechanisms (such as those provided by traceable signatures) is that controllable linkability can be added to PB-GSSs based on the SEP paradigm for free, i.e., it neither influences the signature size nor the computational costs for signers and verifiers in comparison to the scheme without this feature.
Category / Keywords: cryptographic protocols / Controllable linkability, generic transformation, pairing-based group signature schemes Original Publication (with major differences): ISC 2014 Date: received 7 Aug 2014, last revised 17 Nov 2016 Contact author: raphael spreitzer at iaik tugraz at Available format(s): PDF | BibTeX Citation Note: An extended abstract of this paper appears in the proceedings of ISC 2014, this is the full version. Version: 20161117:101500 (All versions of this report) Short URL: ia.cr/2014/607