Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Simple forward-secure signatures from any signature scheme
Proceedings of the 7th ACM conference on Computer and communications security
Practical forward secure group signature schemes
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
A Forward-Secure Digital Signature Scheme
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Forward-Secure Signatures with Optimal Signing and Verifying
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Key-Insulated Public Key Cryptosystems
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Efficient Generic Forward-Secure Signatures with an Unbounded Number Of Time Periods
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
A New Forward-Secure Digital Signature Scheme
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
SiBIR: Signer-Base Intrusion-Resilient Signatures
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
A Practical and Provably Secure Coalition-Resistant Group Signature Scheme
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Group signatures with verifier-local revocation
Proceedings of the 11th ACM conference on Computer and communications security
Proceedings of the 11th ACM conference on Computer and communications security
Direct chosen ciphertext security from identity-based techniques
Proceedings of the 12th ACM conference on Computer and communications security
Forward-secure signatures with untrusted update
Proceedings of the 13th ACM conference on Computer and communications security
Forward-secure signatures in untrusted update environments: efficient and generic constructions
Proceedings of the 14th ACM conference on Computer and communications security
Secure scalable group signature with dynamic joins and separable authorities
International Journal of Security and Networks
Tweaking TBE/IBE to PKE Transforms with Chameleon Hash Functions
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Forward-Secure Group Signatures from Pairings
Pairing '09 Proceedings of the 3rd International Conference Palo Alto on Pairing-Based Cryptography
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Dynamic fully forward-secure group signatures
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Full-domain subgroup hiding and constant-size group signatures
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Perfect NIZK with adaptive soundness
TCC'07 Proceedings of the 4th conference on Theory of cryptography
A forward-secure public-key encryption scheme
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Fully anonymous group signatures without random oracles
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Efficient non-interactive proof systems for bilinear groups
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
P-signatures and noninteractive anonymous credentials
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Key Evolution Systems in Untrusted Update Environments
ACM Transactions on Information and System Security (TISSEC)
Efficient traceable signatures in the standard model
Theoretical Computer Science
Simulation-sound NIZK proofs for a practical language and constant size group signatures
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Foundations of group signatures: the case of dynamic groups
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Efficient identity-based encryption without random oracles
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Group signatures with efficient concurrent join
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Hierarchical identity based encryption with constant size ciphertext
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Non-interactive zaps and new techniques for NIZK
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Compact group signatures without random oracles
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Chosen-Ciphertext security from tag-based encryption
TCC'06 Proceedings of the Third conference on Theory of Cryptography
| Hi-index | 0.00 |
When embedding cryptographic tools in actual computing systems, it is important to ensure physical layer protection to cryptographic keys. A simple risk analysis shows that taking advantage of system (i.e., hardware, software, network) vulnerabilities is usually much easier than cryptanalyzing the cryptographic primitives themselves. For-ward-secure cryptosystems, in turn, are one of the suggested protective measures, where private keys periodically evolve in such a way that, if a break-in occurs, past uses of those keys in earlier periods are protected. Group signatures are primary privacy-preserving credentials that enable both, non-repudiation and abuser-tracing. In 2001, Song argued why key exposures may cause even greater concerns in the context of group signatures (namely, under the mask of anonymity within a group of other key holders). She then gave two examples of forward-secure group signatures, and argued their ad hoc properties based on the state of understanding of group signature security properties at that time (proper security models had not been formalized yet). These implementations are fruitful initial efforts, but still suffer from certain imperfections. In the first scheme for instance, forward security is only guaranteed to signers as long as the group manager's private key is safe. Another scheme recently described by Nakanishi et al. for static groups also fails to maintain security when the group manager is compromised. In this paper, we reconsider the subject and first formalize the notion of "fully forward-secure group signature" (FS-GS) in dynamic groups. We carefully define the correctness and security properties that such a scheme ought to have. We then give a realization of the primitive with quite attractive features: constant-size signatures, constant cost of signing/verifying, and at most polylog complexity of other metrics. The scheme is further proven secure in the standard model (no random oracle idealization is assumed).