Paper 2018/1115

Group Signature without Random Oracles from Randomizable Signatures

Remi Clarisse and Olivier Sanders

Abstract

Group signature is a central tool for privacy-preserving protocols, ensuring authentication, anonymity and accountability. It has been massively used in cryptography, either directly or through variants such as direct anonymous attestations. However, it remains a complex tool, especially if ones wants to avoid proving security in the random oracle model. In this work, we propose a new group signature scheme proven secure without random oracles which significantly decreases the complexity in comparison with the state-of-the-art. More specifically, we halve both the size and the computational cost compared to the most efficient alternative in the same model. Moreover, our construction is also competitive against the most efficient ones in the random oracle model. Our construction is based on a tailored combination of two popular signatures, which avoids the explicit use of encryption schemes or zero-knowledge proofs while signing. It is flexible enough to achieve security in different models and is thus suitable for most contexts.

Note: Our original title has been modified to avoid confusion with previous papers published with the same title. In the first versions of this paper, non-frameability was directly proved in the generic group model. We now introduce a new assumption and prove that it underlies the non-frameability of our construction.