Achieving full security for lattice-based group signatures with verifier-local revocation

Abstract

Even though Verifier-local revocation mechanism seems to be the most flexible revocation method that suits for any size of groups it could not reach strong security yet. Verifier-local revocation technique needs to update only the verifiers with revocation messages when a member is revoked while most of the revocation mechanisms require to re-initialize the group or track changes of the group. The first lattice-based group signature scheme with verifier-local revocability was suggested by Langlois, Ling, Nguyen, and Wang (PKC 2014). However, their scheme relies on a weaker security notion. On the other hand, Bellare, Micciancio, and Warinschi (EUROCRYPT 2003) proposed formal security definitions called full-anonymity and full-traceability for static groups. Achieving full-anonymity for schemes with verifier-local revocation is technically challenging because those schemes use a token system. This paper provides a scheme with verifier-local revocation that achieves the full-anonymity and full-traceability.