Cryptology ePrint Archive: Report 2019/027

Group Signatures with Selective Linkability

Lydia Garms and Anja Lehmann

Abstract: Group signatures allow members of a group to anonymously produce signatures on behalf of the group. They are an important building block for privacy-enhancing applications, e.g., enabling user data to be collected in authenticated form while preserving the userís privacy. The linkability between the signatures thereby plays a crucial role for balancing utility and privacy: knowing the correlation of events significantly increases the utility of the data but also severely harms the userís privacy. Therefore group signatures are unlinkable per default, but either support linking or identity escrow through a dedicated central party or offer user-controlled linkability. However, both approaches have significant limitations. The former relies on a fully trusted entity and reveals too much information, and the latter requires exact knowledge of the needed linkability at the moment when the signatures are created. However, often the exact purpose of the data might not be clear at the point of data collection. In fact, data collectors tend to gather large amounts of data at first, but will need linkability only for selected, small subsets of the data. We introduce a new type of group signatures that provide a more flexible and privacy-friendly access to such selective linkability. When created, all signatures are fully unlinkable. Only when strictly needed or desired, should the required pieces be made linkable with the help of a central entity. For privacy, this linkability is established in an oblivious and non-transitive manner. We formally define the requirements for this new type of group signatures and provide an efficient instantiation that provably satisfies these requirements under discrete-logarithm based assumptions.

Category / Keywords: public-key cryptography / group signatures, unlinkability, pseudonyms, privacy-enhancing technologies

Original Publication (with major differences): IACR-PKC-2019

Date: received 11 Jan 2019

Contact author: anj at zurich ibm com

Available format(s): PDF | BibTeX Citation

Version: 20190115:192348 (All versions of this report)

Short URL: ia.cr/2019/027


[ Cryptology ePrint archive ]