Cryptanalysis of a Lattice-Based Group Signature with Verifier-Local Revocation Achieving Full Security

Yanhua Zhang; Ximeng Liu; Yupu Hu; Qikun Zhang; Huiwen Jia

Cryptanalysis of a Lattice-Based Group Signature with Verifier-Local Revocation Achieving Full Security

Yanhua Zhang, Ximeng Liu, Yupu Hu, Qikun Zhang, Huiwen Jia

Published: 01 Jan 2021, Last Modified: 13 Nov 2024ACNS Workshops 2021EveryoneRevisionsBibTeXCC BY-SA 4.0

Abstract: For all existing non-fully dynamic (i.e., only supporting membership revocation and no member’s enrollment is involved) lattice-based group signature schemes with verifier-local revocation (\(\textsf {VLR}\hbox {-}\mathsf{GS}\)), only selfless-anonymity (SA) is achieved, which is strictly weaker than the de facto standard anonymity notion, full-anonymity (\(\textsf {FA}\)), where the adversary is allowed to corrupt all members. At ICICS 2018, Perera and Koshiba delivered a new \(\textsf {VLR}\hbox {-}\mathsf{GS}\) scheme and claimed that it is the first lattice-based construction achieving full security (i.e., FA and full-traceability). In this paper, we demonstrate that their construction does not achieve the claimed FA security by presenting an attack, and only SA security is achieved, the same as the first lattice-based VLR-GS scheme introduced by Langlois et al. at PKC 2014.

Loading