Tang Yongli, Li Yuanhong, Zhang Xiaohang, Ye Qing. Identity-Based Group Signatures Scheme on Lattice[J]. Journal of Computer Research and Development, 2022, 59(12): 2723-2734. DOI: 10.7544/issn1000-1239.20210930
Citation:
Tang Yongli, Li Yuanhong, Zhang Xiaohang, Ye Qing. Identity-Based Group Signatures Scheme on Lattice[J]. Journal of Computer Research and Development, 2022, 59(12): 2723-2734. DOI: 10.7544/issn1000-1239.20210930
Tang Yongli, Li Yuanhong, Zhang Xiaohang, Ye Qing. Identity-Based Group Signatures Scheme on Lattice[J]. Journal of Computer Research and Development, 2022, 59(12): 2723-2734. DOI: 10.7544/issn1000-1239.20210930
Citation:
Tang Yongli, Li Yuanhong, Zhang Xiaohang, Ye Qing. Identity-Based Group Signatures Scheme on Lattice[J]. Journal of Computer Research and Development, 2022, 59(12): 2723-2734. DOI: 10.7544/issn1000-1239.20210930
1(School of Computer Science and Technology, Henan Polytechnic University, Jiaozuo, Henan 454003)
2(Henan College of Industry & Information Technology, Jiaozuo, Henan 454003)
Funds: This work was supported by the National Natural Science Foundation of China (61802117), the Support Plan of Scientific and Technological Innovation Team in Universities of Henan Province (20IRTSTHN013), and the Youth Backbone Teacher Support Program of Henan Polytechnic University (2018XQG-10).
Although the existing group signature schemes on lattice can effectively resist the attacks of quantum computing, it is difficult to avoid the complicated management problem of user’s public key certificate. Based on techniques such as rejection sampling and lattice basis delegation, this paper combines the identity-based encryption with the group signature on lattice to construct an identity-based group signature on lattice in the random oracle model. First of all, the system master key is obtained from the trapdoor generation algorithm; Then, the lattice delegation technology extracts the user’s identity information and obtains the user’s private key. Finally, the signature is generated by using the rejection sampling algorithm instead of the zero-knowledge proof system in the signing stage. Meanwhile, this paper uses the LPR encryption algorithm proposed to ensure that the signature can be opened for group administrator by the traceability key. Security analysis shows that the full anonymity, unforgeability and full traceability of the proposed scheme in this paper can be reduced to the hardness assumptions of RSIS and RLWE. Compared with other group signatures on lattice, the proposed scheme is based on identity-based encryption and has certain advantages in storage overhead. Specifically, the overhead of key and signature are decreased roughly by 79.6%, 39.9%, respectively.