
For FullText PDF, please login, if you are a member of IEICE,
or go to Pay Per View on menu list, if you are a nonmember of IEICE.

A Revocable Group Signature Scheme with Scalability from Simple Assumptions
Keita EMURA Takuya HAYASHI
Publication
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences
Vol.E103A
No.1
pp.125140 Publication Date: 2020/01/01 Online ISSN: 17451337
DOI: 10.1587/transfun.2019CIP0004 Type of Manuscript: Special Section PAPER (Special Section on Cryptography and Information Security) Category: Keyword: group signatures, anonymity, revocation, scalability, identity management system,
Full Text: PDF(935KB)>>
Summary:
Group signatures are signatures providing signer anonymity where signers can produce signatures on behalf of the group that they belong to. Although such anonymity is quite attractive considering privacy issues, it is not trivial to check whether a signer has been revoked or not. Thus, how to revoke the rights of signers is one of the major topics in the research on group signatures. In particular, scalability, where the signing and verification costs and the signature size are constant in terms of the number of signers N, and other costs regarding signers are at most logarithmic in N, is quite important. In this paper, we propose a revocable group signature scheme which is currently more efficient compared to previous all scalable schemes. Moreover, our revocable group signature scheme is secure under simple assumptions (in the random oracle model), whereas all scalable schemes are secure under qtype assumptions. We implemented our scheme by employing a BarretoLynnScott curve of embedding degree 12 over a 455bit prime field (BLS12455), and a BarretoNaehrig curve of embedding degree 12 over a 382bit prime field (BN12382), respectively, by using the RELIC library. We showed that the online running times of our signing algorithm were approximately 14msec (BLS12455) and 11msec (BN12382), and those of our verification algorithm were approximately 20msec (BLS12455) and 16msec (BN12382), respectively. Finally, we showed that our scheme (with a slight extension) is applied to an identity management system proposed by Isshiki et al.


