Group Signature with Deniability: How to Disavow a Signature
Summary :
Group signatures are a class of digital signatures with enhanced privacy. By using this type of signature, a user can sign a message on behalf of a specific group without revealing his identity, but in the case of a dispute, an authority can expose the identity of the signer. However, it is not always the case that we need to know the specific identity of a signature. In this paper, we propose the notion of deniable group signatures, where the authority can issue a proof showing that the specified user is NOT the signer of a signature, without revealing the actual signer. We point out that existing efficient non-interactive zero-knowledge proof systems cannot be straightforwardly applied to prove such a statement. We circumvent this problem by giving a fairly practical construction through extending the Groth group signature scheme (ASIACRYPT 2007). In particular, a denial proof in our scheme consists of 96 group elements, which is about twice the size of a signature in the Groth scheme. The proposed scheme is provably secure under the same assumptions as those of the Groth scheme.
- Publication
- IEICE TRANSACTIONS on Fundamentals Vol.E100-A No.9 pp.1825-1837
- Publication Date
- 2017/09/01
- Publicized
- Online ISSN
- 1745-1337
- DOI
- 10.1587/transfun.E100.A.1825
- Type of Manuscript
- Special Section PAPER (Special Section on Discrete Mathematics and Its Applications)
- Category
Authors
Ai ISHIDA
Tokyo Institute of Technology,the National Institute of Advanced Industrial Science and Technology
Keita EMURA
the National Institute of Information and Communications Technology
Goichiro HANAOKA
the National Institute of Advanced Industrial Science and Technology
Yusuke SAKAI
the National Institute of Advanced Industrial Science and Technology
Keisuke TANAKA
Tokyo Institute of Technology
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Ai ISHIDA, Keita EMURA, Goichiro HANAOKA, Yusuke SAKAI, Keisuke TANAKA, "Group Signature with Deniability: How to Disavow a Signature" in IEICE TRANSACTIONS on Fundamentals,
vol. E100-A, no. 9, pp. 1825-1837, September 2017, doi: 10.1587/transfun.E100.A.1825.
Abstract: Group signatures are a class of digital signatures with enhanced privacy. By using this type of signature, a user can sign a message on behalf of a specific group without revealing his identity, but in the case of a dispute, an authority can expose the identity of the signer. However, it is not always the case that we need to know the specific identity of a signature. In this paper, we propose the notion of deniable group signatures, where the authority can issue a proof showing that the specified user is NOT the signer of a signature, without revealing the actual signer. We point out that existing efficient non-interactive zero-knowledge proof systems cannot be straightforwardly applied to prove such a statement. We circumvent this problem by giving a fairly practical construction through extending the Groth group signature scheme (ASIACRYPT 2007). In particular, a denial proof in our scheme consists of 96 group elements, which is about twice the size of a signature in the Groth scheme. The proposed scheme is provably secure under the same assumptions as those of the Groth scheme.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E100.A.1825/_p
Copy
@ARTICLE{e100-a_9_1825,
author={Ai ISHIDA, Keita EMURA, Goichiro HANAOKA, Yusuke SAKAI, Keisuke TANAKA, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Group Signature with Deniability: How to Disavow a Signature},
year={2017},
volume={E100-A},
number={9},
pages={1825-1837},
abstract={Group signatures are a class of digital signatures with enhanced privacy. By using this type of signature, a user can sign a message on behalf of a specific group without revealing his identity, but in the case of a dispute, an authority can expose the identity of the signer. However, it is not always the case that we need to know the specific identity of a signature. In this paper, we propose the notion of deniable group signatures, where the authority can issue a proof showing that the specified user is NOT the signer of a signature, without revealing the actual signer. We point out that existing efficient non-interactive zero-knowledge proof systems cannot be straightforwardly applied to prove such a statement. We circumvent this problem by giving a fairly practical construction through extending the Groth group signature scheme (ASIACRYPT 2007). In particular, a denial proof in our scheme consists of 96 group elements, which is about twice the size of a signature in the Groth scheme. The proposed scheme is provably secure under the same assumptions as those of the Groth scheme.},
keywords={},
doi={10.1587/transfun.E100.A.1825},
ISSN={1745-1337},
month={September},}
Copy
TY - JOUR
TI - Group Signature with Deniability: How to Disavow a Signature
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 1825
EP - 1837
AU - Ai ISHIDA
AU - Keita EMURA
AU - Goichiro HANAOKA
AU - Yusuke SAKAI
AU - Keisuke TANAKA
PY - 2017
DO - 10.1587/transfun.E100.A.1825
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E100-A
IS - 9
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - September 2017
AB - Group signatures are a class of digital signatures with enhanced privacy. By using this type of signature, a user can sign a message on behalf of a specific group without revealing his identity, but in the case of a dispute, an authority can expose the identity of the signer. However, it is not always the case that we need to know the specific identity of a signature. In this paper, we propose the notion of deniable group signatures, where the authority can issue a proof showing that the specified user is NOT the signer of a signature, without revealing the actual signer. We point out that existing efficient non-interactive zero-knowledge proof systems cannot be straightforwardly applied to prove such a statement. We circumvent this problem by giving a fairly practical construction through extending the Groth group signature scheme (ASIACRYPT 2007). In particular, a denial proof in our scheme consists of 96 group elements, which is about twice the size of a signature in the Groth scheme. The proposed scheme is provably secure under the same assumptions as those of the Groth scheme.
ER -
English
