当前位置:
X-MOL 学术
›
J. Cryptol.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Foundations of Fully Dynamic Group Signatures
Journal of Cryptology ( IF 2.3 ) Pub Date : 2020-06-02 , DOI: 10.1007/s00145-020-09357-w Jonathan Bootle , Andrea Cerulli , Pyrros Chaidos , Essam Ghadafi , Jens Groth
Journal of Cryptology ( IF 2.3 ) Pub Date : 2020-06-02 , DOI: 10.1007/s00145-020-09357-w Jonathan Bootle , Andrea Cerulli , Pyrros Chaidos , Essam Ghadafi , Jens Groth
Group signatures allow members of a group to anonymously sign on behalf of the group. Membership is administered by a designated group manager. The group manager can also reveal the identity of a signer if and when needed to enforce accountability and deter abuse. For group signatures to be applicable in practice, they need to support fully dynamic groups, i.e., users may join and leave at any time. Existing security definitions for fully dynamic group signatures are informal, have shortcomings, and are mutually incompatible. We fill the gap by providing a formal rigorous security model for fully dynamic group signatures. Our model is general and is not tailored toward a specific design paradigm and can therefore, as we show, be used to argue about the security of different existing constructions following different design paradigms. Our definitions are stringent and when possible incorporate protection against maliciously chosen keys. We consider both the case where the group management and tracing signatures are administered by the same authority, i.e., a single group manager, and also the case where those roles are administered by two separate authorities, i.e., a group manager and an opening authority. We also show that a specialization of our model captures existing models for static and partially dynamic schemes. In the process, we identify a subtle gap in the security achieved by group signatures using revocation lists. We show that in such schemes new members achieve a slightly weaker notion of traceability. The flexibility of our security model allows to capture such relaxation of traceability.
中文翻译:
全动态组签名的基础
群组签名允许群组成员代表群组匿名签名。成员资格由指定的组经理管理。组经理还可以在需要时披露签名者的身份以加强问责制和阻止滥用。群签名要在实践中应用,需要支持完全动态的群,即用户可以随时加入和离开。完全动态组签名的现有安全定义是非正式的,有缺点,并且相互不兼容。我们通过为完全动态组签名提供正式严格的安全模型来填补空白。我们的模型是通用的,并不是针对特定的设计范式量身定制的,因此,正如我们所展示的,可以用来争论遵循不同设计范式的不同现有结构的安全性。我们的定义很严格,并在可能的情况下包含针对恶意选择的密钥的保护。我们考虑了组管理和跟踪签名由同一权限(即单个组管理员)管理的情况,以及这些角色由两个单独的权限(即组管理员和开放权限)管理的情况。我们还展示了我们模型的专业化捕获了静态和部分动态方案的现有模型。在此过程中,我们确定了使用撤销列表的组签名所实现的安全性的细微差距。我们表明,在此类计划中,新成员实现的可追溯性概念稍弱。我们安全模型的灵活性允许捕获这种可追溯性的放松。
更新日期:2020-06-02
中文翻译:
全动态组签名的基础
群组签名允许群组成员代表群组匿名签名。成员资格由指定的组经理管理。组经理还可以在需要时披露签名者的身份以加强问责制和阻止滥用。群签名要在实践中应用,需要支持完全动态的群,即用户可以随时加入和离开。完全动态组签名的现有安全定义是非正式的,有缺点,并且相互不兼容。我们通过为完全动态组签名提供正式严格的安全模型来填补空白。我们的模型是通用的,并不是针对特定的设计范式量身定制的,因此,正如我们所展示的,可以用来争论遵循不同设计范式的不同现有结构的安全性。我们的定义很严格,并在可能的情况下包含针对恶意选择的密钥的保护。我们考虑了组管理和跟踪签名由同一权限(即单个组管理员)管理的情况,以及这些角色由两个单独的权限(即组管理员和开放权限)管理的情况。我们还展示了我们模型的专业化捕获了静态和部分动态方案的现有模型。在此过程中,我们确定了使用撤销列表的组签名所实现的安全性的细微差距。我们表明,在此类计划中,新成员实现的可追溯性概念稍弱。我们安全模型的灵活性允许捕获这种可追溯性的放松。
京公网安备 11010802027423号