An Identity-Based Group Signature with Membership Revocation in the Standard Model

L. Ibraimi, S.I. Nikova, Willem Jonker, Pieter H. Hartel

Research output: Book/ReportReportProfessional

41 Downloads (Pure)

Abstract

Group signatures allow group members to sign an arbitrary number of messages on behalf of the group without revealing their identity. Under certain circumstances the group manager holding a tracing key can reveal the identity of the signer from the signature. Practical group signature schemes should support membership revocation where the revoked member loses the capability to sign a message on behalf of the group without influencing the other non-revoked members. A model known as verifier-local revocation supports membership revocation. In this model the trusted revocation authority sends revocation messages to the verifiers and there is no need for the trusted revocation authority to contact non-revoked members to update their secret keys. Previous constructions of verifier-local revocation group signature schemes either have a security proof in the random oracle model or are non-identity based. A security proof in the random oracle model is only a heuristic proof and non-identity-based group signature suffer from standard Public Key Infrastructure (PKI) problems, i.e. the group public key is not derived from the group identity and therefore has to be certified. In this work we construct the first verifier-local revocation group signature scheme which is identity-based and which has a security proof in the standard model. In particular, we give a formal security model for the proposed scheme and prove that the scheme has the property of anonymity under the decision Linear (DLIN) assumption and it is fully-traceable under the Computation Diffie-Hellman (CDH) assumption. The proposed scheme is based on prime order bilinear groups.
Original languageUndefined
Place of PublicationEnschede
PublisherCentre for Telematics and Information Technology (CTIT)
Number of pages16
Publication statusPublished - 17 Jun 2010

Publication series

NameCTIT Technical Report Series
PublisherCentre for Telematics and Information Technology, University of Twente
No.TR-CTIT-10-26
ISSN (Print)1381-3625

Keywords

  • Revocation
  • Pairing Cryptography
  • IR-72270
  • EWI-18073
  • Group MembershipRevocation
  • SCS-Cybersecurity
  • METIS-270875
  • Group Membership
  • Group Signatures

Cite this

Ibraimi, L., Nikova, S. I., Jonker, W., & Hartel, P. H. (2010). An Identity-Based Group Signature with Membership Revocation in the Standard Model. (CTIT Technical Report Series; No. TR-CTIT-10-26). Enschede: Centre for Telematics and Information Technology (CTIT).
Ibraimi, L. ; Nikova, S.I. ; Jonker, Willem ; Hartel, Pieter H. / An Identity-Based Group Signature with Membership Revocation in the Standard Model. Enschede : Centre for Telematics and Information Technology (CTIT), 2010. 16 p. (CTIT Technical Report Series; TR-CTIT-10-26).
@book{6703c61f8fc34828b46de875925c7569,
title = "An Identity-Based Group Signature with Membership Revocation in the Standard Model",
abstract = "Group signatures allow group members to sign an arbitrary number of messages on behalf of the group without revealing their identity. Under certain circumstances the group manager holding a tracing key can reveal the identity of the signer from the signature. Practical group signature schemes should support membership revocation where the revoked member loses the capability to sign a message on behalf of the group without influencing the other non-revoked members. A model known as verifier-local revocation supports membership revocation. In this model the trusted revocation authority sends revocation messages to the verifiers and there is no need for the trusted revocation authority to contact non-revoked members to update their secret keys. Previous constructions of verifier-local revocation group signature schemes either have a security proof in the random oracle model or are non-identity based. A security proof in the random oracle model is only a heuristic proof and non-identity-based group signature suffer from standard Public Key Infrastructure (PKI) problems, i.e. the group public key is not derived from the group identity and therefore has to be certified. In this work we construct the first verifier-local revocation group signature scheme which is identity-based and which has a security proof in the standard model. In particular, we give a formal security model for the proposed scheme and prove that the scheme has the property of anonymity under the decision Linear (DLIN) assumption and it is fully-traceable under the Computation Diffie-Hellman (CDH) assumption. The proposed scheme is based on prime order bilinear groups.",
keywords = "Revocation, Pairing Cryptography, IR-72270, EWI-18073, Group MembershipRevocation, SCS-Cybersecurity, METIS-270875, Group Membership, Group Signatures",
author = "L. Ibraimi and S.I. Nikova and Willem Jonker and Hartel, {Pieter H.}",
year = "2010",
month = "6",
day = "17",
language = "Undefined",
series = "CTIT Technical Report Series",
publisher = "Centre for Telematics and Information Technology (CTIT)",
number = "TR-CTIT-10-26",
address = "Netherlands",

}

Ibraimi, L, Nikova, SI, Jonker, W & Hartel, PH 2010, An Identity-Based Group Signature with Membership Revocation in the Standard Model. CTIT Technical Report Series, no. TR-CTIT-10-26, Centre for Telematics and Information Technology (CTIT), Enschede.

An Identity-Based Group Signature with Membership Revocation in the Standard Model. / Ibraimi, L.; Nikova, S.I.; Jonker, Willem; Hartel, Pieter H.

Enschede : Centre for Telematics and Information Technology (CTIT), 2010. 16 p. (CTIT Technical Report Series; No. TR-CTIT-10-26).

Research output: Book/ReportReportProfessional

TY - BOOK

T1 - An Identity-Based Group Signature with Membership Revocation in the Standard Model

AU - Ibraimi, L.

AU - Nikova, S.I.

AU - Jonker, Willem

AU - Hartel, Pieter H.

PY - 2010/6/17

Y1 - 2010/6/17

N2 - Group signatures allow group members to sign an arbitrary number of messages on behalf of the group without revealing their identity. Under certain circumstances the group manager holding a tracing key can reveal the identity of the signer from the signature. Practical group signature schemes should support membership revocation where the revoked member loses the capability to sign a message on behalf of the group without influencing the other non-revoked members. A model known as verifier-local revocation supports membership revocation. In this model the trusted revocation authority sends revocation messages to the verifiers and there is no need for the trusted revocation authority to contact non-revoked members to update their secret keys. Previous constructions of verifier-local revocation group signature schemes either have a security proof in the random oracle model or are non-identity based. A security proof in the random oracle model is only a heuristic proof and non-identity-based group signature suffer from standard Public Key Infrastructure (PKI) problems, i.e. the group public key is not derived from the group identity and therefore has to be certified. In this work we construct the first verifier-local revocation group signature scheme which is identity-based and which has a security proof in the standard model. In particular, we give a formal security model for the proposed scheme and prove that the scheme has the property of anonymity under the decision Linear (DLIN) assumption and it is fully-traceable under the Computation Diffie-Hellman (CDH) assumption. The proposed scheme is based on prime order bilinear groups.

AB - Group signatures allow group members to sign an arbitrary number of messages on behalf of the group without revealing their identity. Under certain circumstances the group manager holding a tracing key can reveal the identity of the signer from the signature. Practical group signature schemes should support membership revocation where the revoked member loses the capability to sign a message on behalf of the group without influencing the other non-revoked members. A model known as verifier-local revocation supports membership revocation. In this model the trusted revocation authority sends revocation messages to the verifiers and there is no need for the trusted revocation authority to contact non-revoked members to update their secret keys. Previous constructions of verifier-local revocation group signature schemes either have a security proof in the random oracle model or are non-identity based. A security proof in the random oracle model is only a heuristic proof and non-identity-based group signature suffer from standard Public Key Infrastructure (PKI) problems, i.e. the group public key is not derived from the group identity and therefore has to be certified. In this work we construct the first verifier-local revocation group signature scheme which is identity-based and which has a security proof in the standard model. In particular, we give a formal security model for the proposed scheme and prove that the scheme has the property of anonymity under the decision Linear (DLIN) assumption and it is fully-traceable under the Computation Diffie-Hellman (CDH) assumption. The proposed scheme is based on prime order bilinear groups.

KW - Revocation

KW - Pairing Cryptography

KW - IR-72270

KW - EWI-18073

KW - Group MembershipRevocation

KW - SCS-Cybersecurity

KW - METIS-270875

KW - Group Membership

KW - Group Signatures

M3 - Report

T3 - CTIT Technical Report Series

BT - An Identity-Based Group Signature with Membership Revocation in the Standard Model

PB - Centre for Telematics and Information Technology (CTIT)

CY - Enschede

ER -

Ibraimi L, Nikova SI, Jonker W, Hartel PH. An Identity-Based Group Signature with Membership Revocation in the Standard Model. Enschede: Centre for Telematics and Information Technology (CTIT), 2010. 16 p. (CTIT Technical Report Series; TR-CTIT-10-26).