# G-Merkle: A Hash-Based Group Signature Scheme From Standard Assumptions

@inproceedings{Bansarkhani2018GMerkleAH, title={G-Merkle: A Hash-Based Group Signature Scheme From Standard Assumptions}, author={Rachid El Bansarkhani and Rafael Misoczki}, booktitle={IACR Cryptol. ePrint Arch.}, year={2018} }

Hash-based signature schemes are the most promising cryptosystem candidates in a post-quantum world, but offer little structure to enable more sophisticated constructions such as group signatures. Group signatures allow a group member to anonymously sign messages on behalf of the whole group (as needed for anonymous remote attestation). In this work, we introduce G-Merkle, the first (stateful) hash-based group signature scheme. Our proposal relies on minimal assumptions, namely the existence of…

## 19 Citations

### A scalable post-quantum hash-based group signature

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2019

This work presents a construction for hash-based one-time group signature schemes, and develops a traceable post-quantum multi- time group signature upon it, and extends the scheme to multi-time signatures using Merkle trees and shows that this process maintains the scalability property of MerKle-based signatures.

### DGM: A Dynamic and Revocable Group Merkle Signature

- Computer Science, MathematicsESORICS
- 2019

This study proposes a dynamic post-quantum group signature extending the static G-Merkle group signature (PQCRYPTO 2018), which provides a significantly smaller signature size than other GSs based on symmetric primitives and also reduces the influence of the number of group members on the signature size and on the limitations of the application of G- Merkle.

### Distributed and Threshold Hash-Based Signatures

- Computer Science, Mathematics
- 2022

It is argued that delegating one’s signing capability to some coalitions of trustees, as done by the schemes, substantially decreases the risk of such a compromise of stateful hash-bases signatures.

### Post-Quantum EPID Group Signatures from Symmetric Primitives

- Computer Science, Mathematics
- 2018

The study of group signature schemes built only from symmetric primitives, such as hash functions and PRFs, widely regarded as the safest primitives for post-quantum security are initiated.

### One-time Traceable Ring Signatures

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2021

This work introduces one-time traceable ring signatures, where a member can sign anonymously only one message, which is fast, with a signing time of less than 1 second for a ring of 2 signers (and much less for smaller rings); it is post-quantum resistant, as it only requires hash evaluations.

### GMMT: A Revocable Group Merkle Multi-Tree Signature Scheme

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2021

GM builds on GM and adopts a multi-tree construction that constructs new GM trees for new signing leaves assignment while keeping the group public key unchanged, and allows growing the multi- tree structure adaptively to support 2 signatures under the same public key.

### A secure and efficient group signature scheme based on multivariate public key cryptography

- Computer Science, MathematicsJ. Inf. Secur. Appl.
- 2021

### Group Signatures and Accountable Ring Signatures from Isogeny-based Assumptions

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2021

This work proposes the first isogeny-based group signatures (GS) based on the decisional CSIDH assumption (D-CSIDH) and is proven secure under the quantum random oracle model (QROM).

### Coalition and Threshold Hash-Based Signatures

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2022

This work shows how to construct a threshold version of stateful hash-based signature schemes like those deﬁned in XMSS and LMS and proposes the addition of an untrusted Helper to manage the large storage required without being given access to any secret information.

### Collusion Resistant Revocable Ring Signatures and Group Signatures from Hard Homogeneous Spaces

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2021

This work introduces a stronger security notion—collusion resistance—for revocable ring signatures and shows how to derive a group signature scheme from it, which provides a new approach to obtaining group signatures.

## References

SHOWING 1-10 OF 40 REFERENCES

### Lattice-Based Group Signatures with Logarithmic Signature Size

- Computer Science, MathematicsASIACRYPT
- 2013

This paper describes the first lattice-based group signature schemes where the signature and public key sizes are essentially logarithmic in N (for any fixed security level) and proves the security of the schemes in the random oracle model under the SIS and LWE assumptions.

### Lattice-based Group Signature Scheme with Verifier-local Revocation

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2014

This work introduces the first lattice-based VLR group signature, and thus, the first such scheme that is believed to be quantum-resistant, and in the random oracle model, the scheme is proved to be secure based on the hardness of the $\mathsf{SIVP}_{\widetilde{O}}n^{1.5}}$ problem in general lattices.

### Simpler Efficient Group Signatures from Lattices

- Computer Science, MathematicsPublic Key Cryptography
- 2015

A simpler lattice-based group signature, which is more efficient by a \(O(\log N)\) factor in both the group public key and the signature size, and can be reduced to the hardness of SIS and LWE in the random oracle model.

### W-OTS+ - Shorter Signatures for Hash-Based Signature Schemes

- Computer Science, MathematicsAFRICACRYPT
- 2013

It is proved that W-OTS+ is strongly unforgeable under chosen message attacks in the standard model, and an improvement in signature size directly carries over to all recent hash-based signature schemes.

### Group Signatures from Lattices: Simpler, Tighter, Shorter, Ring-Based

- Computer Science, MathematicsPublic Key Cryptography
- 2015

A new lattice-based cryptographic tool is constructed: a statistical zero-knowledge argument of knowledge of a valid message-signature pair for Boyen's signature scheme (Boyen, PKC’10), which potentially can be used as the building block to design various privacy-enhancing cryptographic constructions.

### Provably Secure Group Signature Schemes From Code-Based Assumptions

- Computer Science, MathematicsIEEE Transactions on Information Theory
- 2020

A new verifiable encryption protocol for the randomized McEliece encryption and a novel approach to design formal security reductions from the Syndrome Decoding problem are introduced.

### XMSS: Extended Hash-Based Signatures

- Computer Science, Mathematics
- 2015

This note describes the eXtended Merkle Signature Scheme (XMSS), a hash-based digital signature system that is suitable for compact implementations, relatively simple to implement, and naturally resists side-channel attacks.

### A Practical and Provably Secure Coalition-Resistant Group Signature Scheme

- Computer Science, MathematicsCRYPTO
- 2000

This work introduces a new provably secure group signature and a companion identity escrow scheme that are significantly more efficient than the state of the art.

### State Management for Hash-Based Signatures

- Computer ScienceSSR
- 2016

This paper analyze state management in N-time hash-based signature schemes, considering both security and performance, and categorize the security issues that can occur due to state synchronization failures, and describes a state reservation and nonvolatile storage, and shows that it can be naturally realized in a hierarchical signature scheme.

### Dynamic Fully Anonymous Short Group Signatures

- Computer Science, MathematicsVIETCRYPT
- 2006

This work presents an extremely short dynamic group signature scheme, with concurrent join, provably secure in this model, and achieves stronger security notions than BBS, and namely the full anonymity, while still shorter.