Identity-Based Encryption from the Weil Pairing
SIAM Journal on Computing
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups
Journal of Cryptology
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Efficient non-interactive proof systems for bilinear groups
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Structure-preserving signatures and commitments to group elements
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Foundations of group signatures: the case of dynamic groups
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Group to group commitments do not shrink
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Group signatures with message-dependent opening
Pairing'12 Proceedings of the 5th international conference on Pairing-Based Cryptography
Hi-index | 0.00 |
Group signature with message-dependent opening (GS-MDO) is a kind of group signature in which only the signers who have created group signatures on problematic messages will be identified. In the previous GS-MDO scheme, however, the number of problematic messages is bounded owing to a limitation of the Groth-Sahai proofs. In this paper, we propose the first GS-MDO scheme with the unbounded-MDO functionality in the random oracle model. Our unbounded GS-MDO scheme is based on the short group signature scheme proposed by Boneh, Boyen, and Shacham and the Boneh-Franklin identity-based encryption scheme. To combine these building blocks and to achieve CCA-anonymity, we also construct a special type of multiple encryption. This technique yields an efficient construction compared with the previous bounded GS-MDO scheme: the signature of our scheme contains about 16 group elements (3630 bits), whereas that of the previous scheme has about 450 group elements (75820 bits).