Skip to main content
SpringerLink
Log in

A code-based group signature scheme

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

This work is the extended version of Alamélou et al. (in: Tillich et al. (eds.) The 9th International workshop on coding and cryptography 2015 (WCC2015), 2015) which proposed the first code-based group signature. The new group signature scheme we present here has numerous advantages over all existing post-quantum constructions and even competes (in terms of properties) with pairing based constructions: it allows to add new members during the lifetime of the group (dynamic). Plus, it appears that our scheme might be extended into a traceable signature according to the definition of Kiayias et al. (in: Cachin and Camenisch (eds.) Advances in cryptology—EUROCRYPT 2004, 2004) (KTY model) while handling membership revocation. Our security is based on a relaxation of the model of Bellare et al. (in: Topics in cryptology—CT-RSA 2005, 2005) (BSZ model) verifying the properties of anonymity, traceability and non-frameability. The main idea of our scheme consists in building an offset collision of two syndromes associated to two different matrices: a random one which enables to build a random syndrome from a chosen small weight vector; and a trapdoor matrix for the syndrome decoding problem, which permits to find a small weight preimage of the previous random syndrome to which a fixed syndrome is added. These two small weight vectors will constitute the group member’s secret signing key whose knowledge will be proved thanks to a variation of Stern’s authentication protocol. For applications, we consider the case of the code-based CFS signature scheme (Nicolas in Advances in cryptology—ASIACRYPT 2001, 2001) of Courtois, Finiasz and Sendrier. If one denotes by N the number of group members, CFS leads to signatures and public keys sizes in \(N^{1/\sqrt{{\log }(N)}}\). Along with this work, we also introduce a new kind of proof of knowledge, Testable weak Zero Knowledge (TwZK), implicitly covered in the short version of this paper (Alamélou et al. in: Tillich et al. (eds.) The 9th international workshop on coding and cryptography 2015 (WCC2015), 2015). TwZK proofs appear particularly well fitted in the context of group signature schemes: it allows a verifier to test whether a specific witness is used without learning anything more from the proof. Under the random oracle model (ROM), we ensure the security of our scheme by defining the One More Syndrome Decoding problem, a new code-based problem related to the syndrome decoding problem (Berlekamp et al. in IEEE Trans Inf Theory 24(3):384–386, 1978).

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Chaum D., van Heyst E.: Group signatures. In: Advances in Cryptology—EUROCRYPT ’91, Workshop on the Theory and Application of Cryptographic Techniques, Brighton 8–11 April 1991, Proceedings, pp. 257–265 (1991).

  2. Bellare M., Micciancio D., Warinschi B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Advances in Cryptology—EUROCRYPT 2003, International Conference on the Theory and Applications of Cryptographic Techniques, Warsaw, 4–8 May 2003, Proceedings, pp. 614–629 (2003).

  3. Bellare M., Shi H., Zhang C.: Foundations of group signatures: the case of dynamic groups. In: Topics in Cryptology—CT-RSA 2005, The Cryptographers’ Track at the RSA Conference 2005, San Francisco, 14–18 Feb 2005, Proceedings, pp. 136–153 (2005).

  4. Boneh D., Boyen X., Shacham H.: Short group signatures. In: Advances in Cryptology—CRYPTO 2004, 24th Annual International Cryptology Conference, Santa Barbara, 15–19 Aug 2004, Proceedings, pp. 41–55 (2004).

  5. Boneh D., Shacham H.: Group signatures with verifier-local revocation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS 2004), Washington, DC, 25–29 Oct 2004, pp. 168–177 (2004).

  6. Camenisch J., Lysyanskaya A.: Signature schemes and anonymous credentials from bilinear maps. In: Advances in Cryptology—CRYPTO 2004, 24th Annual International Cryptology Conference, Santa Barbara, 15–19 Aug 2004, Proceedings, pp. 56–72 (2004).

  7. Delerablée C., Pointcheval D.: Dynamic fully anonymous short group signatures. In: Progress in Cryptology—VIETCRYPT 2006, First International Conference on Cryptology in Vietnam, 25–28 Sept 2006, Revised Selected Papers, pp. 193–210 (2006).

  8. Groth J.: Fully anonymous group signatures without random oracles. In: Advances in Cryptology—ASIACRYPT 2007, 13th International Conference on the Theory and Application of Cryptology and Information Security, Kuching, 2–6 Dec 2007, Proceedings, pp. 164–180 (2007).

  9. Kiayias A., Tsiounis Y., Yung M.: Traceable signatures. In: Cachin C., Camenisch J.L. (eds.) Advances in Cryptology—EUROCRYPT 2004. Lecture Notes in Computer Science, vol. 3027, pp. 571–589. Springer, Berlin (2004).

  10. Libert B., Yung M.: Efficient traceable signatures in the standard model. In: Pairing-Based Cryptography—Pairing 2009, Third International Conference, Palo Alto, 12–14 Aug 2009, Proceedings, pp. 187–205 (2009).

  11. Gordon S.D., Katz J., Vaikuntanathan V.: A group signature scheme from lattice assumptions. In: Advances in Cryptology—ASIACRYPT 2010, 16th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, 5–9 Dec 2010, Proceedings, pp. 395–412 (2010).

  12. Laguillaumie F., Langlois A., Libert B., Stehlé D.: Lattice-based group signatures with logarithmic signature size. In: Advances in Cryptology—ASIACRYPT 2013, 19th International Conference on the Theory and Application of Cryptology and Information Security, Bengaluru, 1–5 Dec 2013, Proceedings, Part II, pp. 41–61 (2013).

  13. Langlois A., Ling S., Nguyen K., Wang H.: Lattice-based group signature scheme with verifier-local revocation. In: Public-Key Cryptography—PKC 2014, 17th International Conference on Practice and Theory in Public-Key Cryptography, Buenos Aires, 26–28 March 2014, Proceedings, pp. 345–361 (2014).

  14. Ling S., Nguyen K., Wang H.: Group signatures from lattices: simpler, tighter, shorter, ring-based. In: Public-Key Cryptography—PKC 2015, 18th IACR International Conference on Practice and Theory in Public-Key Cryptography, Gaithersburg, 30 March–1 April 2015, Proceedings, pp. 427–449 (2015).

  15. Nguyen P.Q., Zhang J., Zhang Z.: Simpler efficient group signatures from lattices. In: Public-Key Cryptography—PKC 2015, 18th IACR International Conference on Practice and Theory in Public-Key Cryptography, Gaithersburg, 30 March–1 April 2015, Proceedings, pp. 401–426 (2015).

  16. Ezerman M.F., Lee H.T., Ling, S., Nguyen, K., Wang, H.: A provably secure group signature scheme from code-based assumptions. In: IACR Cryptology ePrint Archive 2015, 479 (2015).

  17. Libert B., Ling S., Mouhartem F., Nguyen K., Wang H.: Signature schemes with efficient protocols and dynamic group signatures from lattice assumptions. In: IACR Cryptology ePrint Archive 2016, 101 (2016).

  18. Courtois N., Finiasz M., Sendrier N.: How to achieve a McEliece-based digital signature scheme. In: Advances in Cryptology—ASIACRYPT 2001, 7th International Conference on the Theory and Application of Cryptology and Information Security, Gold Coast, 9–13 Dec 2001, Proceedings, pp. 157–174 (2001).

  19. Alamélou Q., Blazy O., Cauchie S., Gaborit P.: A code-based group signature scheme. In: Charpin P., Sendrier N., Tillich J.-P. (eds.) The 9th International Workshop on Coding and Cryptography 2015 WCC2015, Proceedings of the 9th International Workshop on Coding and Cryptography 2015 (WCC2015), France, April 2015.

  20. Goldwasser S., Micali S., Rackoff C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989).

  21. Berlekamp E.R., McEliece R.J., van Tilborg H.C.A.: On the inherent intractability of certain coding problems (corresp.). IEEE Trans. Inf. Theory 24(3), 384–386 (1978).

  22. MacWilliams F.J., Sloane N.J.A.: The Theory of Error-Correcting Codes, 2nd edn. North-Holland, Amsterdam (1978).

  23. Arora S., Babai L., Stern J., Sweedyk Z.: The hardness of approximate optima in lattices, codes, and systems of linear equations. In: 34th Annual Symposium on Foundations of Computer Science, Palo Alto, 3–5 Nov 1993, pp. 724–733 (1993).

  24. Bellare M., Namprempre C., Pointcheval D., Semanko M.: The one-more-RSA-inversion problems and the security of Chaum’s blind signature scheme. J. Cryptol. 16(3), 185–215 (2003).

  25. Stern J.: A new identification scheme based on syndrome decoding. In: Advances in Cryptology—CRYPTO ’93, 13th Annual International Cryptology Conference, Santa Barbara, 22–26 Aug 1993, Proceedings, pp. 13–21 (1993).

  26. Stern J.: A new paradigm for public key identification. IEEE Trans. Inf. Theory 42(6), 1757–1768 (1996).

  27. Fiat A., Shamir A.: How to prove yourself: practical solutions to identification and signature problems. In: Advances in Cryptology—CRYPTO ’86, Santa Barbara, 1986, Proceedings, pp. 186–194 (1986).

  28. Feige U., Shamir A.: Witness indistinguishable and witness hiding protocols. In: Proceedings of the 22nd Annual ACM Symposium on Theory of Computing, 13–17 May 1990, Baltimore, pp. 416–426 (1990).

  29. Faugère J.-C., Gauthier-Umaña V., Otmani A., Perret L., Tillich J.-P.: A distinguisher for high rate mceliece cryptosystems. In: 2011 IEEE Information Theory Workshop, ITW 2011, Paraty Brazil, 16–20 Oct 2011, pp. 282–286 (2011).

  30. Mathew, K. P., Vasant, S., Rangan, C. P.: A provably secure signature and signcryption scheme using the hardness assumptions in coding theory. In: Lee H.-S., Han D.-G. (eds.) Information Security and Cryptology—ICISC 2013: 16th International Conference, Seoul, Korea, 27–29 Nov 2013, Revised Selected Papers, pp. 342–362 (2013).

  31. Becker A., Joux A., May A., Meurer A.: Decoding random binary linear codes in 2 n/20: how \(1 + 1 = 0\) improves information set decoding. In: Advances in Cryptology—EUROCRYPT 2012, 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cambridge, 15–19 April 2012, Proceedings, pp. 520–536 (2012).

  32. Finiasz M., Sendrier N.: Security bounds for the design of code-based cryptosystems. In: Advances in Cryptology—ASIACRYPT 2009, 15th International Conference on the Theory and Application of Cryptology and Information Security, Tokyo, 6–10 Dec 2009. Proceedings, pp. 88–105 (2009).

Download references

Acknowledgments

The authors would like to thank the anonymous reviewers for their helpful comments that led to notably improve the present work.

Author information

Authors and Affiliations

  1. XLIM-DMI, Université de Limoges, Limoges, France

    Quentin Alamélou, Olivier Blazy & Philippe Gaborit

  2. R&D Department, Worldline, Seclin, France

    Quentin Alamélou & Stéphane Cauchie

Authors
  1. Quentin Alamélou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Olivier Blazy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stéphane Cauchie
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Philippe Gaborit
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Quentin Alamélou.

Additional information

This is one of several papers published in Designs, Codes and Cryptography comprising the “Special Issue on Coding and Cryptography”.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Alamélou, Q., Blazy, O., Cauchie, S. et al. A code-based group signature scheme. Des. Codes Cryptogr. 82, 469–493 (2017). https://doi.org/10.1007/s10623-016-0276-6

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-016-0276-6

Keywords

Mathematics Subject Classification

Search

Navigation