CCA-Almost-Full Anonymous Group Signature with Verifier Local Revocation in the Standard Model

Abstract Group signature (GS) allows each member in a group to do signatures anonymously on behalf of the group under management of a group authority. Membership revocation has been a central issue in GS and widely studied so far. The mechanism of verifier local revocation for GS, first formalized by Boneh and Shacham, has an advantage of making the signers free from fetching the up-to-date information of the revoked users and practicality in the scenario of periodically update in the large population of group users. Most of work related to group signature with verifier-local revocation either can only achieve selfless anonymity or have inefficient constructions due to complicate primitives. Aiming to a recent chosen ciphertext attack-almost-full anonymous notion for GS, this paper presents an efficient GS with verifier local revocation in the standard model by adding a new primitive plaintext searchable encryption into Groth’s GS under Canard et al.’s framework. We prove that it has backward unlinkability to ensure that all signatures generated by the user before the revocation remain anonymous, even if it is revoked later.