14/10/2019 - 09:30
Group signatures allow users to anonymously sign messages on behalf of a group leaving an authority the ability to identify users if necessary. Although several lattice-based group signatures have been proposed for a decade, there were no known constructions outside the random-oracle methodology until recently. This was made possible with the recent works of Katsumada (EC'19) and Peikert-Shiehian (Crypto'19). However, their constructions either fail to guarantee the anonymity of users whose secret key is exposed or rely on NIZK proofs for general NP statements. In this work, we provide constructions that preserve anonymity under key exposure without relying on the (expensive) general NIZK proofs for all NP.