TY - CHAP
T1 - Zero-Knowledge Proof for Lattice-Based Group Signature Schemes with Verifier-Local Revocation
AU - Perera, Maharage Nisansala Sevwandi
AU - Koshiba, Takeshi
N1 - Funding Information:
Acknowledgments. This work is supported in part by JSPS Grant-in-Aids for Scientific Research (A) JP16H01705 and for Scientic Research (B) JP17H01695.
Publisher Copyright:
© 2019, Springer Nature Switzerland AG.
PY - 2019
Y1 - 2019
N2 - In group signature schemes, signers prove verifiers, their validity of signing through an interactive protocol in zero-knowledge. In lattice-based group signatures with Verifier-local revocation (VLR), group members have both secret signing key and revocation token. Thus, the members in VLR schemes should show the verifiers, that he has a valid secret signing key and his token is not in the revoked members list. These conditions are satisfied in the underlying interactive protocol provided in the first lattice-based group signature scheme with VLR suggested by Langlois et al. in PKC 2014. In their scheme, member revocation token is a part of the secret signing key and has an implicit tracing algorithm to trace signers. For a scheme which generates member revocation token separately, the suggested interactive protocol by Langlois et al. is not suitable. Moreover, if the group manager wants to use an explicit tracing algorithm to trace signers instead the implicit tracing algorithm given in VLR schemes, then the signer should encrypt his index at the time of signing, and the interactive protocol should show signer’s index is correctly encrypted. This work presents a combined interactive protocol that signer can use to prove his validity of signing, his separately generated revocation token is not in the revocation list, and his index is correctly encrypted required for such kind of schemes.
AB - In group signature schemes, signers prove verifiers, their validity of signing through an interactive protocol in zero-knowledge. In lattice-based group signatures with Verifier-local revocation (VLR), group members have both secret signing key and revocation token. Thus, the members in VLR schemes should show the verifiers, that he has a valid secret signing key and his token is not in the revoked members list. These conditions are satisfied in the underlying interactive protocol provided in the first lattice-based group signature scheme with VLR suggested by Langlois et al. in PKC 2014. In their scheme, member revocation token is a part of the secret signing key and has an implicit tracing algorithm to trace signers. For a scheme which generates member revocation token separately, the suggested interactive protocol by Langlois et al. is not suitable. Moreover, if the group manager wants to use an explicit tracing algorithm to trace signers instead the implicit tracing algorithm given in VLR schemes, then the signer should encrypt his index at the time of signing, and the interactive protocol should show signer’s index is correctly encrypted. This work presents a combined interactive protocol that signer can use to prove his validity of signing, his separately generated revocation token is not in the revocation list, and his index is correctly encrypted required for such kind of schemes.
KW - Interactive protocol
KW - Lattice-based group signatures
KW - Verifier-local revocation
KW - Zero-knowledge proof
UR - http://www.scopus.com/inward/record.url?scp=85072872936&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85072872936&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-98530-5_68
DO - 10.1007/978-3-319-98530-5_68
M3 - Chapter
AN - SCOPUS:85072872936
T3 - Lecture Notes on Data Engineering and Communications Technologies
SP - 772
EP - 782
BT - Lecture Notes on Data Engineering and Communications Technologies
PB - Springer Science and Business Media Deutschland GmbH
ER -