G-Merkle: A Hash-Based Group Signature Scheme From Standard Assumptions

  title={G-Merkle: A Hash-Based Group Signature Scheme From Standard Assumptions},
  author={Rachid El Bansarkhani and Rafael Misoczki},
  booktitle={IACR Cryptol. ePrint Arch.},
Hash-based signature schemes are the most promising cryptosystem candidates in a post-quantum world, but offer little structure to enable more sophisticated constructions such as group signatures. Group signatures allow a group member to anonymously sign messages on behalf of the whole group (as needed for anonymous remote attestation). In this work, we introduce G-Merkle, the first (stateful) hash-based group signature scheme. Our proposal relies on minimal assumptions, namely the existence of… 

A scalable post-quantum hash-based group signature

This work presents a construction for hash-based one-time group signature schemes, and develops a traceable post-quantum multi- time group signature upon it, and extends the scheme to multi-time signatures using Merkle trees and shows that this process maintains the scalability property of MerKle-based signatures.

DGM: A Dynamic and Revocable Group Merkle Signature

This study proposes a dynamic post-quantum group signature extending the static G-Merkle group signature (PQCRYPTO 2018), which provides a significantly smaller signature size than other GSs based on symmetric primitives and also reduces the influence of the number of group members on the signature size and on the limitations of the application of G- Merkle.

Distributed and Threshold Hash-Based Signatures

It is argued that delegating one’s signing capability to some coalitions of trustees, as done by the schemes, substantially decreases the risk of such a compromise of stateful hash-bases signatures.

Post-Quantum EPID Group Signatures from Symmetric Primitives

  • D. Boneh
  • Computer Science, Mathematics
  • 2018
The study of group signature schemes built only from symmetric primitives, such as hash functions and PRFs, widely regarded as the safest primitives for post-quantum security are initiated.

One-time Traceable Ring Signatures

This work introduces one-time traceable ring signatures, where a member can sign anonymously only one message, which is fast, with a signing time of less than 1 second for a ring of 2 signers (and much less for smaller rings); it is post-quantum resistant, as it only requires hash evaluations.

GMMT: A Revocable Group Merkle Multi-Tree Signature Scheme

GM builds on GM and adopts a multi-tree construction that constructs new GM trees for new signing leaves assignment while keeping the group public key unchanged, and allows growing the multi- tree structure adaptively to support 2 signatures under the same public key.

Group Signatures and Accountable Ring Signatures from Isogeny-based Assumptions

This work proposes the first isogeny-based group signatures (GS) based on the decisional CSIDH assumption (D-CSIDH) and is proven secure under the quantum random oracle model (QROM).

Coalition and Threshold Hash-Based Signatures

This work shows how to construct a threshold version of stateful hash-based signature schemes like those defined in XMSS and LMS and proposes the addition of an untrusted Helper to manage the large storage required without being given access to any secret information.

Collusion Resistant Revocable Ring Signatures and Group Signatures from Hard Homogeneous Spaces

This work introduces a stronger security notion—collusion resistance—for revocable ring signatures and shows how to derive a group signature scheme from it, which provides a new approach to obtaining group signatures.



Lattice-Based Group Signatures with Logarithmic Signature Size

This paper describes the first lattice-based group signature schemes where the signature and public key sizes are essentially logarithmic in N (for any fixed security level) and proves the security of the schemes in the random oracle model under the SIS and LWE assumptions.

Lattice-based Group Signature Scheme with Verifier-local Revocation

This work introduces the first lattice-based VLR group signature, and thus, the first such scheme that is believed to be quantum-resistant, and in the random oracle model, the scheme is proved to be secure based on the hardness of the $\mathsf{SIVP}_{\widetilde{O}}n^{1.5}}$ problem in general lattices.

Simpler Efficient Group Signatures from Lattices

A simpler lattice-based group signature, which is more efficient by a \(O(\log N)\) factor in both the group public key and the signature size, and can be reduced to the hardness of SIS and LWE in the random oracle model.

W-OTS+ - Shorter Signatures for Hash-Based Signature Schemes

It is proved that W-OTS+ is strongly unforgeable under chosen message attacks in the standard model, and an improvement in signature size directly carries over to all recent hash-based signature schemes.

Group Signatures from Lattices: Simpler, Tighter, Shorter, Ring-Based

A new lattice-based cryptographic tool is constructed: a statistical zero-knowledge argument of knowledge of a valid message-signature pair for Boyen's signature scheme (Boyen, PKC’10), which potentially can be used as the building block to design various privacy-enhancing cryptographic constructions.

Provably Secure Group Signature Schemes From Code-Based Assumptions

A new verifiable encryption protocol for the randomized McEliece encryption and a novel approach to design formal security reductions from the Syndrome Decoding problem are introduced.

XMSS: Extended Hash-Based Signatures

This note describes the eXtended Merkle Signature Scheme (XMSS), a hash-based digital signature system that is suitable for compact implementations, relatively simple to implement, and naturally resists side-channel attacks.

A Practical and Provably Secure Coalition-Resistant Group Signature Scheme

This work introduces a new provably secure group signature and a companion identity escrow scheme that are significantly more efficient than the state of the art.

State Management for Hash-Based Signatures

This paper analyze state management in N-time hash-based signature schemes, considering both security and performance, and categorize the security issues that can occur due to state synchronization failures, and describes a state reservation and nonvolatile storage, and shows that it can be naturally realized in a hierarchical signature scheme.

Dynamic Fully Anonymous Short Group Signatures

This work presents an extremely short dynamic group signature scheme, with concurrent join, provably secure in this model, and achieves stronger security notions than BBS, and namely the full anonymity, while still shorter.