IACR News item: 27 May 2013
Fabien Laguillaumie, Adeline Langlois, Benoit Libert, Damien Stehle
ePrint Reportanonymously sign messages in the name of a population they belong
to. Gordon et al. (Asiacrypt 2010) suggested the first realization of group signatures based on lattice assumptions in the random oracle model. A significant drawback of their scheme is its linear signature size in the cardinality $N$ of the group. A recent extension proposed by Camenisch et al. (SCN 2012) suffers from the same overhead. In this paper, we describe the first lattice-based group signature schemes where the signature and public key sizes are essentially logarithmic in $N$ (for any fixed security level). Our basic construction only satisfies a relaxed definition of anonymity (just like the Gordon et al. system) but readily extends into a fully anonymous group signature (i.e., that resists adversaries equipped with a signature opening
oracle). We prove the security of our schemes in the random oracle
model under the SIS and LWE assumptions.
Additional news items may be found on the IACR news page.