Paper 2018/1251

Accountable Tracing Signatures from Lattices

San Ling, Khoa Nguyen, Huaxiong Wang, and Yanhong Xu

Abstract

Group signatures allow users of a group to sign messages anonymously in the name of the group, while incorporating a tracing mechanism to revoke anonymity and identify the signer of any message. Since its introduction by Chaum and van Heyst (EUROCRYPT 1991), numerous proposals have been put forward, yielding various improvements on security, efficiency and functionality. However, a drawback of traditional group signatures is that the opening authority is given too much power, i.e., he can indiscriminately revoke anonymity and there is no mechanism to keep him accountable. To overcome this problem, Kohlweiss and Miers (PoPET 2015) introduced the notion of accountable tracing signatures ($\mathsf{ATS}$) - an enhanced group signature variant in which the opening authority is kept accountable for his actions. Kohlweiss and Miers demonstrated a generic construction of $\mathsf{ATS}$ and put forward a concrete instantiation based on number-theoretic assumptions. To the best of our knowledge, no other $\mathsf{ATS}$ scheme has been known, and the problem of instantiating $\mathsf{ATS}$ under post-quantum assumptions, e.g., lattices, remains open to date. ~~In this work, we provide the first lattice-based accountable tracing signature scheme. The scheme satisfies the security requirements suggested by Kohlweiss and Miers, assuming the hardness of the Ring Short Integer Solution ($\mathsf{RSIS}$) and the Ring Learning With Errors ($\mathsf{RLWE}$) problems. At the heart of our construction are a lattice-based key-oblivious encryption scheme and a zero-knowledge argument system allowing to prove that a given ciphertext is a valid $\mathsf{RLWE}$ encryption under some hidden yet certified key. These technical building blocks may be of independent interest, e.g., they can be useful for the design of other lattice-based privacy-preserving protocols.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Major revision. CT-RSA 2019
Contact author(s)
xu0014ng @ ntu edu sg
History
2019-01-03: received
Short URL
https://ia.cr/2018/1251
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/1251,
      author = {San Ling and Khoa Nguyen and Huaxiong Wang and Yanhong Xu},
      title = {Accountable Tracing Signatures from Lattices},
      howpublished = {Cryptology ePrint Archive, Paper 2018/1251},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/1251}},
      url = {https://eprint.iacr.org/2018/1251}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.