Cryptology ePrint Archive: Report 2020/921

Practical Dynamic Group Signature with Efficient Concurrent Joins and Batch Verifications

Hyoseung Kim and Youngkyung Lee and Michel Abdalla and Jong Hwan Park

Abstract: Dynamic group signatures (DGS) enable a user to generate a signature on behalf of a group of users, allowing a prospective user to join via an appropriate join protocol. A natural security requirement in the dynamic setting is to permit an adversary to concurrently perform join protocol executions. To date, most of DGS schemes do not provide the efficient concurrent join protocols in their security analysis, because of the need to use knowledge extractors. Also, DGS schemes have to provide efficient batch verifications for practical applications such as Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) communication, where a large number of group signatures should be verified in a very short time. In this paper, we propose a new practical DGS scheme that supports not only efficient concurrent joins but also batch verifications. The concurrent security is proven by showing that our join protocols are simulated without any knowledge extractor in security analysis. To do this, we introduce a modified Pointcheval-Sanders (PS) problem that can guarantee efficiently checking equality of discrete logarithms. In terms of efficiency, when considering a type-3 pairing, our DGS scheme has the advantages that the signature generation and verification are faster and especially our batch verification is at least 7 times faster in case of verifying 100 signatures, compared to other comparable pairing-based DGS schemes in the literature.

Category / Keywords: public-key cryptography / Batch verification and Concurrent join and Dynamic group signature and Pointcheval-Sanders

Date: received 24 Jul 2020, last revised 27 Jul 2020

Contact author: hyoseung_kim at korea ac kr,jhpark@smu ac kr

Available format(s): PDF | BibTeX Citation

Version: 20200727:144217 (All versions of this report)

Short URL: ia.cr/2020/921


[ Cryptology ePrint archive ]