On the security of dynamic group signatures: preventing signature hijacking

Authors:
Yusuke Sakai;Jacob C. N. Schuldt;Keita Emura;Goichiro Hanaoka;Kazuo Ohta
Affiliations:
The University of Electro-Communications, Japan;National Institute of Advanced Industrial Science and Technology, Japan;National Institute of Information and Communications Technology, Japan;National Institute of Advanced Industrial Science and Technology, Japan;The University of Electro-Communications, Japan
Venue:
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Year:
2012

Citing 23
Cited 0

A digital signature scheme secure against adaptive chosen-message attacks

SIAM Journal on Computing - Special issue on cryptography
Noninteractive zero-knowledge

SIAM Journal on Computing
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Identity Escrow

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
A Group Signature Scheme with Improved Efficiency

ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
A Practical and Provably Secure Coalition-Resistant Group Signature Scheme

CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Non-Malleable Non-Interactive Zero Knowledge and Adaptive Chosen-Ciphertext Security

FOCS '99 Proceedings of the 40th Annual Symposium on Foundations of Computer Science
Multiple non-interactive zero knowledge proofs based on a single random string

SFCS '90 Proceedings of the 31st Annual Symposium on Foundations of Computer Science
Group signatures

EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Full-domain subgroup hiding and constant-size group signatures

PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions

EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Fully anonymous group signatures without random oracles

ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Efficient non-interactive proof systems for bilinear groups

EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Get shorty via group signatures without encryption

SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Simulation-sound NIZK proofs for a practical language and constant size group signatures

ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Dynamic fully anonymous short group signatures

VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
An efficient group signature scheme from bilinear maps

ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Foundations of group signatures: the case of dynamic groups

CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Group signatures with efficient concurrent join

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Public-key encryption with non-interactive opening: new constructions and stronger definitions

AFRICACRYPT'10 Proceedings of the Third international conference on Cryptology in Africa
Compact group signatures without random oracles

EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Shorter verifier-local revocation group signatures from bilinear maps

CANS'06 Proceedings of the 5th international conference on Cryptology and Network Security
Chosen-Ciphertext security from tag-based encryption

TCC'06 Proceedings of the Third conference on Theory of Cryptography

Quantified Score

Hi-index	0.00

Visualization

Abstract

We identify a potential weakness in the standard security model for dynamic group signatures which appears to have been overlooked previously. More specifically, we highlight that even if a scheme provably meets the security requirements of the model, a malicious group member can potentially claim ownership of a group signature produced by an honest group member by forging a proof of ownership. This property leads to a number of vulnerabilities in scenarios in which dynamic group signatures are likely to be used. We furthermore show that the currently most efficient dynamic group signature scheme does not provide protection against this type of malicious behavior. To address this, we introduce the notion of opening soundness for group signatures which essentially requires that it is infeasible to produce a proof of ownership of a valid group signature for any user except the original signer. We then show a relatively simple modification of the scheme by Groth (ASIACRYPT 2007, full version) which allows us to prove opening soundness for the modified scheme without introducing any additional assumptions. We believe that opening soundness is an important and natural security requirement for group signatures, and hope that future schemes will adopt this type of security.