Group signature (GS) schemes guarantee anonymity of the actual signer among group members. Previous GS schemes assume that randomness in signing is never exposed. However, in the real world, full randomness exposure can be caused by implementation problems (e.g., using a bad random number generator). In this paper, we study (im)possibility of achieving anonymity against full randomness exposure. First, we formulate a new security model for GS schemes capturing full randomness exposure. Next, we clarify that it is impossible to achieve full-anonymity against full randomness exposure without any secure component (e.g., a tamper-proof module or a trusted outside storage). Finally, we show a possibility result that selfless-anonymity can be achieved against full randomness exposure. While selfless-anonymity is weaker than full-anonymity, it is strong enough in practice. Our transformation is quite simple; and thus, previous GS schemes used in real-world systems can be easily replaced by a slight modification to strengthen the security.
Tomoyoshi ONO
Ibaraki University
Kazuki YONEYAMA
Ibaraki University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Tomoyoshi ONO, Kazuki YONEYAMA, "On Randomness Exposure Resilience of Group Signatures" in IEICE TRANSACTIONS on Information,
vol. E100-D, no. 10, pp. 2357-2367, October 2017, doi: 10.1587/transinf.2016INP0015.
Abstract: Group signature (GS) schemes guarantee anonymity of the actual signer among group members. Previous GS schemes assume that randomness in signing is never exposed. However, in the real world, full randomness exposure can be caused by implementation problems (e.g., using a bad random number generator). In this paper, we study (im)possibility of achieving anonymity against full randomness exposure. First, we formulate a new security model for GS schemes capturing full randomness exposure. Next, we clarify that it is impossible to achieve full-anonymity against full randomness exposure without any secure component (e.g., a tamper-proof module or a trusted outside storage). Finally, we show a possibility result that selfless-anonymity can be achieved against full randomness exposure. While selfless-anonymity is weaker than full-anonymity, it is strong enough in practice. Our transformation is quite simple; and thus, previous GS schemes used in real-world systems can be easily replaced by a slight modification to strengthen the security.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2016INP0015/_p
Copy
@ARTICLE{e100-d_10_2357,
author={Tomoyoshi ONO, Kazuki YONEYAMA, },
journal={IEICE TRANSACTIONS on Information},
title={On Randomness Exposure Resilience of Group Signatures},
year={2017},
volume={E100-D},
number={10},
pages={2357-2367},
abstract={Group signature (GS) schemes guarantee anonymity of the actual signer among group members. Previous GS schemes assume that randomness in signing is never exposed. However, in the real world, full randomness exposure can be caused by implementation problems (e.g., using a bad random number generator). In this paper, we study (im)possibility of achieving anonymity against full randomness exposure. First, we formulate a new security model for GS schemes capturing full randomness exposure. Next, we clarify that it is impossible to achieve full-anonymity against full randomness exposure without any secure component (e.g., a tamper-proof module or a trusted outside storage). Finally, we show a possibility result that selfless-anonymity can be achieved against full randomness exposure. While selfless-anonymity is weaker than full-anonymity, it is strong enough in practice. Our transformation is quite simple; and thus, previous GS schemes used in real-world systems can be easily replaced by a slight modification to strengthen the security.},
keywords={},
doi={10.1587/transinf.2016INP0015},
ISSN={1745-1361},
month={October},}
Copy
TY - JOUR
TI - On Randomness Exposure Resilience of Group Signatures
T2 - IEICE TRANSACTIONS on Information
SP - 2357
EP - 2367
AU - Tomoyoshi ONO
AU - Kazuki YONEYAMA
PY - 2017
DO - 10.1587/transinf.2016INP0015
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E100-D
IS - 10
JA - IEICE TRANSACTIONS on Information
Y1 - October 2017
AB - Group signature (GS) schemes guarantee anonymity of the actual signer among group members. Previous GS schemes assume that randomness in signing is never exposed. However, in the real world, full randomness exposure can be caused by implementation problems (e.g., using a bad random number generator). In this paper, we study (im)possibility of achieving anonymity against full randomness exposure. First, we formulate a new security model for GS schemes capturing full randomness exposure. Next, we clarify that it is impossible to achieve full-anonymity against full randomness exposure without any secure component (e.g., a tamper-proof module or a trusted outside storage). Finally, we show a possibility result that selfless-anonymity can be achieved against full randomness exposure. While selfless-anonymity is weaker than full-anonymity, it is strong enough in practice. Our transformation is quite simple; and thus, previous GS schemes used in real-world systems can be easily replaced by a slight modification to strengthen the security.
ER -