Abstract
Group signatures allow users to sign messages on behalf of a group without revealing authority is capable of identifying the user who generated it. However, the exposure of the user's signing key will severely damage the group signature scheme. In order to reduce the loss caused by signing key leakage, Song proposed the first forward-secure group signature. If a group signing key is revealed at the current time period, the previous signing key will not be affected. This means that the attacker cannot forge group signatures regarding messages signed in the past. To resist quantum attacks, many lattice-based forward-secure group signatures have been proposed. However, their key-update algorithm is expensive since they require some costly computations such as the Hermite normal form (HNF) operations and conversion from a full-rank set of lattice vectors into a basis. In this paper, we propose the group signature with forward security from lattice. In comparison with previous works, we have several advantages: Firstly, our scheme is more effective since we only need to sample some vectors independently from a discrete Gaussian during the key-update algorithm. Secondly, the derived secret key size is linear instead of quadratic with the lattice dimensions, which is more friendly towards lightweight applications. Anonymous authentication plays an increasingly critical role in protecting privacy and security in the environment where private information could be collected for intelligent analysis. Our work contributes to the anonymous authentication in the post-quantum setting, which has wide potential applications in the IoT environment.