Paper 2015/858
Skipping the $q$ in Group Signatures
Olivier Blazy and Saqib A. Kakvi
Abstract
he notion of group signatures was introduced to allow group members to sign anonymously on behalf of a group. A group manager allows a user to join a group, and another will be able to open a signature to revoke its anonymity. Several schemes have already been proposed to fulfil these properties, however very few of them are proven in the standard model. Of those proven in the standard model, most schemes rely on a so called $q$-assumption. The underlying idea of a $q$-assumptions is that to prove the security of the scheme, we are given a challenge long enough to allow the simulator to answer queries. Another common solution is to rely on interactive hypothesis. We provide one of the first schemes proven in the standard model, requiring a constant-size non-interactive hypothesis. We then compare its efficiency to existing schemes, and show that this trade-off is acceptable as most schemes with better efficiency rely on either an interactive or a $q$-hypothesis. The exception to this is the recent independent of our work Libert, Peters and Yung (CRYPTO 2015), who presented an efficient group signature scheme in the standard model relying on standard assumptions.
Note: Full version for INDOCRYPT 2020
Metadata
- Available format(s)
-
PDF
- Category
- Foundations
- Publication info
- Published elsewhere. MINOR revision.INDOCRYPT 2020
- Keywords
- signaturesgroup signaturesstandard modelq-assumptions
- Contact author(s)
- kakvi @ uni-wuppertal de
- History
- 2020-10-26: last of 2 revisions
- 2015-09-06: received
- See all versions
- Short URL
- https://ia.cr/2015/858
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2015/858,
author = {Olivier Blazy and Saqib A. Kakvi},
title = {Skipping the $q$ in Group Signatures},
howpublished = {Cryptology ePrint Archive, Paper 2015/858},
year = {2015},
note = {\url{https://eprint.iacr.org/2015/858}},
url = {https://eprint.iacr.org/2015/858}
}
