Cryptology ePrint Archive: Report 2016/477

Shortening the Libert-Peters-Yung Revocable Group Signature Scheme by Using the Random Oracle Methodology

Kazuma Ohara and Keita Emura and Goichiro Hanaoka and Ai Ishida and Kazuo Ohta and Yusuke Sakai

Abstract: At EUROCRYPT 2012, Libert, Peters and Yung (LPY) proposed the first scalable revocable group signature (R-GS) scheme in the standard model which achieves constant signing/verification costs and other costs regarding signers are at most logarithmic in N, where N is the maximum number of group members. However, although the LPY R-GS scheme is asymptotically quite efficient, this scheme is not sufficiently efficient in practice. For example, the signature size of the LPY scheme is roughly 10 times larger than that of an RSA signature (for 160-bit security). In this paper, we propose a compact R-GS scheme secure in the random oracle model that is efficient not only in the asymptotic sense but also in practical parameter settings. We achieve the same efficiency as the LPY scheme in an asymptotic sense, and the signature size is nearly equal to that of an RSA signature (for 160-bit security). It is particularly worth noting that our R-GS scheme has the smallest signature size compared to those of previous R-GS schemes which enable constant signing/verification costs. Our technique, which we call parallel Boneh–Boyen–Shacham group signature technique, helps to construct an R-GS scheme without following the technique used in LPY, i.e., we directly apply the Naor–Naor–Lotspiech framework without using any identity-based encryption.

Category / Keywords: public-key cryptography / group signature, revocation, scalability

Original Publication (with major differences): IEICE Transactions, Vol.E102-A:2019

Date: received 18 May 2016, last revised 26 Aug 2019

Contact author: k-ohara at ax jp nec com, yusuke sakai at aist go jp, k-emura at nict go jp, hanaoka-goichiro at aist go jp, a ishida at aist go jp, kazuo ohta at uec ac jp

Available format(s): PDF | BibTeX Citation

Version: 20190826:125713 (All versions of this report)

Short URL: ia.cr/2016/477


[ Cryptology ePrint archive ]