Paper 2018/453

Floppy-Sized Group Signatures from Lattices

Cecilia Boschini, Jan Camenisch, and Gregory Neven


We present the first lattice-based group signature scheme whose cryptographic artifacts are of size small enough to be usable in practice: for a group of $2^{25}$ users, signatures take 910 kB and public keys are 501 kB. Our scheme builds upon two recently proposed lattice-based primitives: the verifiable encryption scheme by Lyubashevsky and Neven (Eurocrypt 2017) and the signature scheme by Boschini, Camenisch, and Neven (IACR ePrint 2017). To achieve such short signatures and keys, we first re-define verifiable encryption to allow one to encrypt a function of the witness, rather than the full witness. This definition enables more efficient realizations of verifiable encryption and is of independent interest. Second, to minimize the size of the signatures and public keys of our group signature scheme, we revisit the proof of knowledge of a signature and the proofs in the verifiable encryption scheme provided in the respective papers.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. MINOR revision.ACNS 2018
LatticesGroup SignatureVerifiable Encryption
Contact author(s)
bos @ zurich ibm com
2019-06-28: revised
2018-05-21: received
See all versions
Short URL
Creative Commons Attribution


      author = {Cecilia Boschini and Jan Camenisch and Gregory Neven},
      title = {Floppy-Sized Group Signatures from Lattices},
      howpublished = {Cryptology ePrint Archive, Paper 2018/453},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.