Paper 2019/284

Proper Usage of the Group Signature Scheme in ISO/IEC 20008-2

Ai Ishida, Yusuke Sakai, Keita Emura, Goichiro Hanaoka, and Keisuke Tanaka

Abstract

In ISO/IEC 20008-2, several anonymous digital signature schemes are specified. Among these, the scheme denoted as Mechanism 6, is the only plain group signature scheme that does not aim at providing additional functionalities. The Intel Enhanced Privacy Identification (EPID) scheme, which has many applications in connection with Intel Software Guard Extensions (Intel SGX), is in practice derived from Mechanism 6. In this paper, we firstly show that Mechanism 6 does not satisfy anonymity in the standard security model, i.e., the Bellare-Shi-Zhang model [CT-RSA 2005]. We then provide a detailed analysis of the security properties offered by Mechanism 6 and characterize the conditions under which its anonymity is preserved. Consequently, it is seen that Mechanism 6 is secure under the condition that the issuer, who generates user signing keys, does not join the attack. We also derive a simple patch for Mechanism 6 from the analysis.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Minor revision. ASIACCS2019
Keywords
Group signatureCryptanalysisISOIEC 20008-2SGX
Contact author(s)
a ishida @ aist go jp
History
2019-07-05: revised
2019-03-16: received
See all versions
Short URL
https://ia.cr/2019/284
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/284,
      author = {Ai Ishida and Yusuke Sakai and Keita Emura and Goichiro Hanaoka and Keisuke Tanaka},
      title = {Proper Usage of the Group Signature Scheme in ISO/IEC 20008-2},
      howpublished = {Cryptology ePrint Archive, Paper 2019/284},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/284}},
      url = {https://eprint.iacr.org/2019/284}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.