Provably Secure Group Signature Schemes from Code-Based Assumptions

TL;DR

This paper introduces two provably secure group signature schemes based on code-based assumptions, achieving smaller sizes and stronger anonymity, supported by implementation results and novel techniques in cryptography.

Contribution

It presents the first provably secure code-based group signature schemes with improved efficiency and anonymity, using new cryptographic techniques and security reductions.

Findings

Schemes satisfy CPA-anonymity and traceability in the random oracle model.

Key and signature sizes are smaller than lattice-based schemes for groups up to 2^{24}.

Schemes are the first in their class with provable security and practical implementation.

Abstract

We solve an open question in code-based cryptography by introducing two provably secure group signature schemes from code-based assumptions. Our basic scheme satisfies the CPA-anonymity and traceability requirements in the random oracle model, assuming the hardness of the McEliece problem, the Learning Parity with Noise problem, and a variant of the Syndrome Decoding problem. The construction produces smaller key and signature sizes than the previous group signature schemes from lattices, as long as the cardinality of the underlying group does not exceed $2^{24}$, which is roughly comparable to the current population of the Netherlands. We develop the basic scheme further to achieve the strongest anonymity notion, i.e., CCA-anonymity, with a small overhead in terms of efficiency. The feasibility of two proposed schemes is supported by implementation results. Our two schemes are the first in their respective classes of provably secure groups signature schemes. Additionally, the techniques introduced in this work might be of independent interest. These are a new verifiable encryption protocol for the randomized McEliece encryption and a novel approach to design formal security reductions from the Syndrome Decoding problem.