On Randomness Exposure Resilience of Group Signatures

Tomoyoshi ONO  Kazuki YONEYAMA  

IEICE TRANSACTIONS on Information and Systems   Vol.E100-D   No.10   pp.2357-2367
Publication Date: 2017/10/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2016INP0015
Type of Manuscript: Special Section PAPER (Special Section on Security, Privacy and Anonymity in Computation, Communication and Storage Systems)
Category: Privacy, anonymity, and fundamental theory
group signature,  full-anonymity,  selfless-anonymity,  randomness exposure,  

Full Text: PDF(266.9KB)
>>Buy this Article

Group signature (GS) schemes guarantee anonymity of the actual signer among group members. Previous GS schemes assume that randomness in signing is never exposed. However, in the real world, full randomness exposure can be caused by implementation problems (e.g., using a bad random number generator). In this paper, we study (im)possibility of achieving anonymity against full randomness exposure. First, we formulate a new security model for GS schemes capturing full randomness exposure. Next, we clarify that it is impossible to achieve full-anonymity against full randomness exposure without any secure component (e.g., a tamper-proof module or a trusted outside storage). Finally, we show a possibility result that selfless-anonymity can be achieved against full randomness exposure. While selfless-anonymity is weaker than full-anonymity, it is strong enough in practice. Our transformation is quite simple; and thus, previous GS schemes used in real-world systems can be easily replaced by a slight modification to strengthen the security.