Cryptology ePrint Archive: Report 2019/064

A Revocable Group Signature Scheme with Scalability from Simple Assumptions and Its Application to Identity Management

Keita Emura and Takuya Hayashi

Abstract: Group signatures are signatures providing signer anonymity where signers can produce signatures on behalf of the group that they belong to. Although such anonymity is quite attractive considering privacy issues, it is not trivial to check whether a signer has been revoked or not. Thus, how to revoke the rights of signers is one of the major topics in the research on group signatures. In particular, scalability, where the signing and verification costs and the signature size are constant in terms of the number of signers N, and other costs regarding signers are at most logarithmic in N, is quite important.

In this paper, we propose a revocable group signature scheme which is currently more efficient compared to previous all scalable schemes. Moreover, our revocable group signature scheme is secure under simple assumptions (in the random oracle model), whereas all scalable schemes are secure under q-type assumptions. We implemented our scheme by employing Barreto-Lynn-Scott curves of embedding degree 12 over a 455-bit prime field (BLS-12-455), and Barreto-Naehrig curves of embedding degree 12 over a 382-bit prime field (BN-12-382), respectively, by using the RELIC library. We showed that the online running times of our signing algorithm were approximately 14 msec (BLS-12-455) and 11 msec (BN-12-382), and those of our verification algorithm were approximately 20 msec (BLS-12-455) and 16 msec (BN-12-382), respectively. Finally, we showed that our scheme is applied to an identity management system proposed by Isshiki et al.

Category / Keywords: public-key cryptography / Group Signatures, Anonymity, Revocation, Scalability, Identity Management System

Original Publication (with minor differences): ISC 2018

Date: received 19 Jan 2019, last revised 18 Aug 2019

Contact author: k-emura at nict go jp

Available format(s): PDF | BibTeX Citation

Note: An extended abstract appears in the 21st Information Security Conference (ISC) 2018. This is the full version. We additionally considered weak opening soundness and showed that our scheme can be applied to an identity management system proposed by Isshiki et al. We also additionally gave the implementation result of the Judge algorithm.

Version: 20190819:014922 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]