[PDF] Top 20 Group Signature without Random Oracles from Randomizable Signatures

... Our group signature thus only consists of a PS signature and a FHS one which are both re-randomizable, leading to an anonymity proof under the DDH ...valid group signature unless ... See full document

... ring signatures lies in the dual privacy requirement: that is the dilemma of having parts of the witness of the same proof of knowledge coming from different parties who do not trust each ...the ... See full document

... Structure-Preserving Signatures (SPSs) [4] are signature schemes over bilinear groups where the messages, the verification key and the signatures consist of only group elements from ... See full document

... secure without random oracles were only recently ...concrete group signature scheme with constant signature size by exploiting the properties of bilinear groups [19], though ... See full document

... ring signature (ARS), introduced by Xu and Yung (CARDIS 2004), combines many useful properties of ring and group ...hoc group of users, and signing on their behalf (like a ring ...with ... See full document

... Ring signature is a useful cryptographic primitive for many anonymous applications, which makes a signer sign any message ...ring signature allows that ring member signs any message without revealing ... See full document

... new signature on ...new signature for a previously signed ...[22-25] without random oracles have been ...non-ID-based signature schemes. Re- cently, without applying any ... See full document

... as group signatures [BCN + 10], direct anonymous attestations [CPS10,BFG + 13], aggregate signa- tures [LLY13] or E-cash systems ...its signatures to be randomized: given a valid CL-signature ... See full document

... Traditional group signatures, introduced by Chaum and van Heyst [19], allow a member of a group to sign a message anonymously on behalf of the group while ensuring that a recipient of the ... See full document

... B’s signature to acquire goods or service from B, then B can always ask A to show the keystone before providing service to ...concurrent signature schemes were proposed in the litera- ture [17, 19, ... See full document

... thought from the most punctual beginning stage of the ...pictures without revealing information from either the compacted picture tests or the essential picture ... See full document

... combining signature, commitment, and encryption schemes with zero-knowledge ...manner from Camenisch-Lysyanskaya sig- natures and generalized Schnorr ...a signature and com- mitment scheme that are ... See full document

... Auxiliary inputs. As mentioned above, a closely related model to BRO is the Auxiliary-Input RO (AI-RO) model, introduced by Unruh [36] and recently refined by Dodis, Guo, and Katz [13] and Coretti et al. [11]. Here the ... See full document

... A group signature is a set of algorithms (GPGen, GKGen, UKGen, OKGen, GSign, GVerify, GOpen) run by a group manager, an opener and ...The group sig- nature parameters gpar are generated via ... See full document

... policy AB-KEM (KP-AB-KEM). For the ciphertext-policy AB-KEM (CP-AB-KEM) this is more involved. Next, we add some redundancy to the encapsulation to make it CCA-secure. As in the identity-based key encapsulation mechanism ... See full document

... Unfortunately, the latter construction is now considered broken [CHL + 14 , CLT 14 ]. Additionally, neither construction is useful in practical schemes when the degree of multilinearity is large. For example, the paper ... See full document

... Lindell’s transform is based on a primitive named dual-mode (DM) commitment scheme (DMCS). A DMCS is based on a membership-hard language Λ and each specific commitment takes as input an instance ρ of Λ and has the ... See full document

... Ring signature is a capable candidate to build an unidentified and authentic data distribution ...ring signature, which reduces the process of certificate authentication, can be used instead ... See full document

... the random oracle model, parties are given oracle access to a random function ...function from the set of all functions), and are assumed to have unbounded computational power (though they can only ... See full document

... the random oracle model (ROM) [BR93], we model hash functions as random ...A random oracle can be viewed as a resource that is available to all parties in a given setting, and allows each of them to ... See full document