1 / 21

Compact Group Signatures Without Random Oracles

This paper presents an innovative approach to vehicle safety communication (VSC) by leveraging efficient group signatures without the reliance on random oracles. It introduces a hierarchical identity-based signature system, allowing anonymous group members to sign messages while maintaining traceability for authorities. The method ensures integrity, as no outsider can spoof the vehicle status, and promotes anonymity, making it difficult to track individual vehicle movements. We explore applications in remote attestation and vehicle communications, emphasizing security, efficiency, and practical implementation.

matana
Download Presentation

Compact Group Signatures Without Random Oracles

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Compact Group Signatures Without Random Oracles Xavier Boyen and Brent Waters

  2. Vehicle Safety Communication (VSC) • Embedded chips sign status • Integrity- No outsider can spoof • Anonymity- Can’t track person 65 mph breaking 8 mpg

  3. Vehicle Safety Communication (VSC) • Traceability by Authority 120 mph 65 mph breaking 8 mpg

  4. Group Signatures [CvH’91] • Group of N users • Any member can sign for group • Anonymous to Outsiders / Authority can trace • Applications • VSC • Remote Attestation

  5. Prior Work • Random Oracle Constructions • RSA [ACJT’00, AST’02,CL’02…] • Bilinear Map [BBS’04,CL’04] • Generic [BMW’03] • Formalized definitions • Open – Efficient Const. w/o Random Oracles

  6. This work Hierarchical ID-Based Signatures in Bilinear Group GOS ’06 Style NIZK Techniques + = Efficient Group Signatures w/o ROs

  7. “Alice” : ”Hi Bob” “Alice” : ”Transfer $45” Hierarchical Identity-Based Sigs ID-based signature where derive down further levels Authority “Alice”

  8. Our Approach Setup: N users Assign identities 0,1,…,n-1 User i gets HIBS on “i” … “0” “1” “n-2” “n-1”

  9. Our Approach Sign (i,M): User i signs “Message” by deriving “i” : “Message” Encrypts first level to authority and proves well formed “i” : ”Message” + Proof “i” : ”Message” “i”

  10. Bilinear groups of order N=pq [BGN’05] • G: group of order N=pq. (p,q) – secret. bilinear map: e: G  G  GT

  11. BGN encryption, GOS NIZK [GOS’06] • Subgroup assumption: G p Gp • E(m) : r  ZN , C  gm (gp)r  G • GOS NIZK: Statement: C  G Claim: “ C = E(0) or C = E(1) ’’ Proof:   G idea: IF: C = g  (gp)r or C = (gp)r THEN: e(C , Cg-1) = e(gp,gp)r  (GT)q

  12. ID part Our Group Signature • Params: g, u’,u1,…,ulg(n), v’,v1,…,vm, 2 G, A=e(g,g)2GT , h 2 Gq • Sign (KID, M): g(u’ ki=1 uIDi)r(v’ ki=1 vMi)r’ , g-r , g-r’ gCr (v’ ki=1 vMi)r’ , g-r , g-r’ Proofs- For i= 1 to lg(n): ci= uiIDi hti, i=(u2IDi-1hti)ti C= i=1lg(n) ci C is a BGN enc of ID

  13. Verification • Sig = (s1,s2,s3), (c1, 1),…, (clg(n),lg(n) ) • Check Proofs: (c1, 1),…, (clg(n),lg(n) ) • C= i=1lg(n) ci Know this is an enc. of ID • e(s_1,g) e(s_2,C) e(s_3, v’ ki=1 vMi ) = A Doesn’t know what 1st level signature is on

  14. Traceability And Anonymity • Proofs: • ci= uiIDihti, i=(u2IDi-1hti)ti • Traceability • Authority can decrypt (know factorization) • Proofs guarantee that it is well formed • Anonymity • BGN encryption • IF h2 G (and not Gq) leaks nothing

  15. Open Issues • CCA Security • Tracing key = Factorization of Group • Separate the two • Smaller Signatures • Currently lg(n) size • Stronger than CDH Assumption? • Should be Refutable Assumption ! • Strong Excupability

  16. Summary • Group Signature Scheme w/o random oracles • ~lg(n) elements • Several Extensions • Partial Revelation … • Applied GOS proofs • Bilinear groups popular • Proofs work “natively” in these groups

  17. THE END

  18. A 2-level Sig Scheme [W’05] • Params: g, u’,u1,…,ulg(n), v’,v1,…,vm, 2 G, A=e(g,g)2 GT , • Enroll (ID): (K1,K2) = g(u’ ki=1 uIDi)r, g-r 0· ID < n • Sign (KID, M): (s1’,s2’,s3’)= (K1 (v’ ki=1 vMi)r’ , K2, g-r’ ) = g(u’ ki=1 uIDi)r (v’ ki=1 vMi)r’ , g-r , g-r’ • Verify: e(s1’,g) e( s2’, u’ ki=1 uIDi) e(s3’, v’ ki=1 vMi ) = A

  19. Extensions • Partial Revelation • Prime order group proofs • Hierarchical Identities

  20. Our Group Signature • Params: g, u’,u1,…,ulg(n), v’,v1,…,vm, 2 G, A=e(g,g)2GT , h 2 Gq • Enroll (ID): KID (K1,K2 ,K3) = g(u’ ki=1 uIDi)r, g-r , hr • Sign (KID, M): Proofs- For i= 1 to lg(n): ci= uiIDi hti, i=(u2IDi-1hti)ti C= i=1lg(n) ci (s1’,s2’,s3’) = gCr(v’ ki=1 vMi)r’ , g-r , g-r’ C is a BGN enc of ID

More Related