Identity-Based Encryption from the Weil Pairing
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Differential Cryptanalysis of the Full 16-Round DES
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Some Open Issues and New Directions in Group Signatures
FC '99 Proceedings of the Third International Conference on Financial Cryptography
Efficient Revocation in Group Signatures
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
A Practical and Provably Secure Coalition-Resistant Group Signature Scheme
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Group signatures with verifier-local revocation
Proceedings of the 11th ACM conference on Computer and communications security
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups
Journal of Cryptology
Revocable Group Signature Schemes with Constant Costs for Signing and Verifying
Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials
Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
Group Signatures with Verifier-Local Revocation and Backward Unlinkability in the Standard Model
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Security proofs for signature schemes
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Lower bounds for discrete logarithms and related problems
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Quasi-efficient revocation of group signatures
FC'02 Proceedings of the 6th international conference on Financial cryptography
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Verifier-Local revocation group signature schemes with backward unlinkability from bilinear maps
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Group signature schemes with membership revocation for large groups
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Group signatures: better efficiency and new theoretical aspects
SCN'04 Proceedings of the 4th international conference on Security in Communication Networks
Foundations of group signatures: the case of dynamic groups
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Hierarchical identity based encryption with constant size ciphertext
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
A short verifier-local revocation group signature scheme with backward unlinkability
IWSEC'06 Proceedings of the 1st international conference on Security
Shorter verifier-local revocation group signatures from bilinear maps
CANS'06 Proceedings of the 5th international conference on Cryptology and Network Security
Scalable group signatures with revocation
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
| Hi-index | 0.00 |
Membership revocation, being an important property for applications of group signatures, represents a bottleneck in today's schemes. Most revocation methods require linear amount of work to be performed by unrevoked signers or verifiers, who usually have to obtain fresh update information (sometimes of linear size) published by the group manager. We overcome these disadvantages by proposing a novel group signature scheme, where computation costs for unrevoked signers and potential verifiers remain constant, and so is the length of the update information that must be fetched by these parties from the data published by the group manager. We achieve this complexity by increasing the amount of work at the group manager's side, which growths quadratic with the total number of members. This increase is acceptable since algorithms of the group manager are typically executed on resourceful devices. Our scheme uses a slightly modified version of the pairing-based dynamic accumulator, introduced by Camenisch, Kohlweiss, and Soriente (PKC 2009), which we implicitly combine with the short (non-revocable) group signature scheme by Boneh, Boyen, and Shacham (CRYPTO 2004). We prove that our revocable scheme satisfies the desired security properties of anonymity, traceability, and non-frameability in the random oracle model, although for better efficiency we resort to a somewhat stronger hardness assumption.