<p>Group signature is an interesting primitive of cryptography, enabling each group member to sign messages on behalf of the entire group anonymously. In the literature, most lattice-based group signatures are designed for static settings, hindering their practical efficiency and effectiveness. A practically feasible group signature scheme should prioritize user-friendliness. It should also provide flexibility in user enrollment and revocation while maintaining an appropriate signature size. Keeping these considerations in mind, we have developed a variant of a lattice-based fully dynamic group signature scheme. Our scheme does not rely on a trapdoor function, which reduces its operational complexity. In our scheme, we employ an updatable Merkle tree accumulator based on the shortest integer solution <InlineEquation ID="IEq1"> <EquationSource Format="TEX">\((\textsf{SIS})\)</EquationSource> </InlineEquation> hardness. This ensures the security of a user’s identity and enables timely updates to user information as needed. We have presented the signature sizes for standard parameter settings under different security levels. Our results are also compared with existing similar schemes.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Secure and efficient fully dynamic lattice-based group signature scheme

  • Vishal Pareek,
  • Chinmoy Biswas,
  • Aditi Kar Gangopadhyay,
  • Sugata Gangopadhyay

摘要

Group signature is an interesting primitive of cryptography, enabling each group member to sign messages on behalf of the entire group anonymously. In the literature, most lattice-based group signatures are designed for static settings, hindering their practical efficiency and effectiveness. A practically feasible group signature scheme should prioritize user-friendliness. It should also provide flexibility in user enrollment and revocation while maintaining an appropriate signature size. Keeping these considerations in mind, we have developed a variant of a lattice-based fully dynamic group signature scheme. Our scheme does not rely on a trapdoor function, which reduces its operational complexity. In our scheme, we employ an updatable Merkle tree accumulator based on the shortest integer solution \((\textsf{SIS})\) hardness. This ensures the security of a user’s identity and enables timely updates to user information as needed. We have presented the signature sizes for standard parameter settings under different security levels. Our results are also compared with existing similar schemes.