TY - CHAP

T1 - Zero-Knowledge Proof for Lattice-Based Group Signature Schemes with Verifier-Local Revocation

AU - Perera, Maharage Nisansala Sevwandi

AU - Koshiba, Takeshi

N1 - Funding Information:
Acknowledgments. This work is supported in part by JSPS Grant-in-Aids for Scientific Research (A) JP16H01705 and for Scientic Research (B) JP17H01695.
Publisher Copyright:
© 2019, Springer Nature Switzerland AG.

PY - 2019

Y1 - 2019

N2 - In group signature schemes, signers prove verifiers, their validity of signing through an interactive protocol in zero-knowledge. In lattice-based group signatures with Verifier-local revocation (VLR), group members have both secret signing key and revocation token. Thus, the members in VLR schemes should show the verifiers, that he has a valid secret signing key and his token is not in the revoked members list. These conditions are satisfied in the underlying interactive protocol provided in the first lattice-based group signature scheme with VLR suggested by Langlois et al. in PKC 2014. In their scheme, member revocation token is a part of the secret signing key and has an implicit tracing algorithm to trace signers. For a scheme which generates member revocation token separately, the suggested interactive protocol by Langlois et al. is not suitable. Moreover, if the group manager wants to use an explicit tracing algorithm to trace signers instead the implicit tracing algorithm given in VLR schemes, then the signer should encrypt his index at the time of signing, and the interactive protocol should show signer’s index is correctly encrypted. This work presents a combined interactive protocol that signer can use to prove his validity of signing, his separately generated revocation token is not in the revocation list, and his index is correctly encrypted required for such kind of schemes.

AB - In group signature schemes, signers prove verifiers, their validity of signing through an interactive protocol in zero-knowledge. In lattice-based group signatures with Verifier-local revocation (VLR), group members have both secret signing key and revocation token. Thus, the members in VLR schemes should show the verifiers, that he has a valid secret signing key and his token is not in the revoked members list. These conditions are satisfied in the underlying interactive protocol provided in the first lattice-based group signature scheme with VLR suggested by Langlois et al. in PKC 2014. In their scheme, member revocation token is a part of the secret signing key and has an implicit tracing algorithm to trace signers. For a scheme which generates member revocation token separately, the suggested interactive protocol by Langlois et al. is not suitable. Moreover, if the group manager wants to use an explicit tracing algorithm to trace signers instead the implicit tracing algorithm given in VLR schemes, then the signer should encrypt his index at the time of signing, and the interactive protocol should show signer’s index is correctly encrypted. This work presents a combined interactive protocol that signer can use to prove his validity of signing, his separately generated revocation token is not in the revocation list, and his index is correctly encrypted required for such kind of schemes.

KW - Interactive protocol

KW - Lattice-based group signatures

KW - Verifier-local revocation

KW - Zero-knowledge proof

UR - http://www.scopus.com/inward/record.url?scp=85072872936&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85072872936&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-98530-5_68

DO - 10.1007/978-3-319-98530-5_68

M3 - Chapter

AN - SCOPUS:85072872936

T3 - Lecture Notes on Data Engineering and Communications Technologies

SP - 772

EP - 782

BT - Lecture Notes on Data Engineering and Communications Technologies

PB - Springer Science and Business Media Deutschland GmbH

ER -