{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T00:49:46Z","timestamp":1760057386897,"version":"build-2065373602"},"reference-count":53,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2025,2,6]],"date-time":"2025-02-06T00:00:00Z","timestamp":1738800000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Natural Sciences and Engineering Research Council of Canada"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>A group signature scheme allows a user to sign a message anonymously on behalf of a group and provides accountability by using an opening authority who can \u201copen\u201d a signature and reveal the signer\u2019s identity. Group signature schemes have been widely used in privacy-preserving applications, including anonymous attestation and anonymous authentication. Fully dynamic group signature schemes allow new members to join the group and existing members to be revoked if needed. Symmetric-key based group signature schemes are post-quantum group signatures whose security rely on the security of symmetric-key primitives, and cryptographic hash functions. In this paper, we design a symmetric-key based fully dynamic group signature scheme, called DGMT, that redesigns DGM (Buser et al. ESORICS 2019) and removes its two important shortcomings that limit its application in practice: (i) interaction with the group manager for signature verification, and (ii) the need for storing and managing an unacceptably large amount of data by the group manager. We prove security of DGMT (unforgeability, anonymity, and traceability) and give a full implementation of the system. Compared to all known post-quantum group signature schemes with the same security level, DGMT has the shortest signature size. We also analyze DGM signature revocation approach and show that despite its conceptual novelty, it has significant hidden costs that makes it much more costly than using the traditional revocation list approach.<\/jats:p>","DOI":"10.3390\/cryptography9010012","type":"journal-article","created":{"date-parts":[[2025,2,6]],"date-time":"2025-02-06T09:54:38Z","timestamp":1738835678000},"page":"12","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["DGMT: A Fully Dynamic Group Signature from Symmetric-Key Primitives"],"prefix":"10.3390","volume":"9","author":[{"given":"Mojtaba","family":"Fadavi","sequence":"first","affiliation":[{"name":"Department of Computer Science, University of Calgary, Calgary, AB T2N 1N4, Canada"}]},{"given":"Sabyasachi","family":"Karati","sequence":"additional","affiliation":[{"name":"Cryptology and Security Research Unit, Indian Statistical Institute, Kolkata 700108, India"}]},{"given":"Aylar","family":"Erfanian","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Calgary, Calgary, AB T2N 1N4, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1697-3590","authenticated-orcid":false,"given":"Reihaneh","family":"Safavi-Naini","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Calgary, Calgary, AB T2N 1N4, Canada"}]}],"member":"1968","published-online":{"date-parts":[[2025,2,6]]},"reference":[{"key":"ref_1","unstructured":"Shor, P.W. (1994, January 20\u201322). Algorithms for Quantum Computation: Discrete Logarithms and Factoring. Proceedings of the 35th Annual Symposium on Foundations of Computer Science, Santa Fe, NM, USA."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Alagic, G., Apon, D., Cooper, D., Dang, Q., Dang, T., Kelsey, J., Lichtinger, J., Miller, C., Moody, D., and Peralta, R. (2022). Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process, US Department of Commerce, NIST.","DOI":"10.6028\/NIST.IR.8413-upd1"},{"key":"ref_3","unstructured":"(2023). Quantum Safe Signatures (Standard No. Standard ETSI TR 103 616 v1.1)."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"2141","DOI":"10.1007\/s10623-023-01192-x","article-title":"Group signatures and more from isogenies and lattices: Generic, simple, and efficient","volume":"91","author":"Beullens","year":"2023","journal-title":"Des. Codes Cryptogr."},{"key":"ref_5","first-page":"227","article-title":"CSI-FiSh: Efficient Isogeny Based Signatures Through Class Group Computations","volume":"11921","author":"Beullens","year":"2019","journal-title":"Adv. Cryptol.-Asiacrypt"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"157","DOI":"10.1007\/3-540-45682-1_10","article-title":"How to Achieve a McEliece-Based Digital Signature Scheme","volume":"Volume 2248","author":"Courtois","year":"2001","journal-title":"Advances in Cryptology\u2014ASIACRYPT 2001: 7th International Conference on the Theory and Application of Cryptology and Information Security Gold Coast, Australia, 9\u201313 December 2001"},{"key":"ref_7","first-page":"633","article-title":"CRYSTALS\u2014Dilithium: Digital Signatures from Module Lattices","volume":"2017","author":"Ducas","year":"2017","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"267","DOI":"10.1007\/BFb0054868","article-title":"NTRU: A Ring-Based Public Key Cryptosystem","volume":"Volume 1423","author":"Buhler","year":"1998","journal-title":"Proceedings of the Algorithmic Number Theory, Third International Symposium, ANTS-III"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Buchmann, J., Dahmen, E., and H\u00fclsing, A. (29\u20132, January 29). XMSS\u2014A Practical Forward Secure Signature Scheme Based on Minimal Security Assumptions. Proceedings of the Post-Quantum Cryptography: 4th International Workshop, PQCrypto 2011, Taipei, Taiwan.","DOI":"10.1007\/978-3-642-25405-5_8"},{"key":"ref_10","first-page":"965","article-title":"WOTS+\u2014Shorter Signatures for Hash-Based Signature Schemes","volume":"Volume 2017","author":"Youssef","year":"2013","journal-title":"Proceedings of the Progress in Cryptology\u2013AFRICACRYPT 2013: 6th International Conference on Cryptology in Africa, Cairo, Egypt, 22\u201324 June 2013"},{"key":"ref_11","first-page":"1","article-title":"XMSS: eXtended Merkle Signature Scheme","volume":"8391","author":"Butin","year":"2018","journal-title":"RFC"},{"key":"ref_12","unstructured":"Lamport, L. (1979). Constructing Digital Signatures from a One-Way Function, SRI International. Technical Report CSL-98."},{"key":"ref_13","first-page":"1","article-title":"Leighton-Micali Hash-Based Signatures","volume":"8554","author":"McGrew","year":"2019","journal-title":"RFC"},{"key":"ref_14","first-page":"218","article-title":"A Certified Digital Signature","volume":"Volume 435","author":"Merkle","year":"1989","journal-title":"Advances in Cryptology\u2014CRYPTO \u201989"},{"key":"ref_15","unstructured":"Grover, L.K. (1996, January 22\u201324). A Fast Quantum Mechanical Algorithm for Database Search. Proceedings of the 28th Annual ACM Symposium on Theory of Computing, Philadelphia, PA, USA."},{"key":"ref_16","first-page":"800-208","article-title":"Recommendation for stateful hash-based signature schemes","volume":"800","author":"Cooper","year":"2020","journal-title":"NIST Spec. Publ."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"257","DOI":"10.1007\/3-540-46416-6_22","article-title":"Group Signatures","volume":"Volume 547","author":"Chaum","year":"1991","journal-title":"Advances in Cryptology\u2014EUROCRYPT \u201991"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Bellare, M., Micciancio, D., and Warinschi, B. (2003, January 4\u20138). Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions. Proceedings of the Advances in Cryptology\u2014EUROCRYPT 2003: International Conference on the Theory and Applications of Cryptographic Techniques, Warsaw, Poland.","DOI":"10.1007\/3-540-39200-9_38"},{"key":"ref_19","first-page":"136","article-title":"Foundations of Group Signatures: The Case of Dynamic Groups","volume":"Volume 3376","author":"Bellare","year":"2005","journal-title":"Cryptographers\u2019 Track at the RSA Conference"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"117","DOI":"10.1007\/978-3-319-39555-5_7","article-title":"Foundations of Fully Dynamic Group Signatures","volume":"Volume 9696","author":"Bootle","year":"2016","journal-title":"International Conference on Applied Cryptography and Network Security"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Brickell, E.F., Camenisch, J., and Chen, L. (2004, January 25\u201329). Direct Anonymous Attestation. Proceedings of the 11th ACM Conference on Computer and Communications Security, Washington, DC, USA.","DOI":"10.1145\/1030083.1030103"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Boneh, D., Arian, S., and Fisch, B. (2019, January 4\u20138). Post-quantum EPID Signatures from Symmetric Primitives. Proceedings of the Topics in Cryptology\u2013CT-RSA 2019: The Cryptographers\u2019 Track at the RSA Conference 2019, San Francisco, CA, USA.","DOI":"10.1007\/978-3-030-12612-4_13"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"El Kaafarani, A., Katsumata, S., and Solomon, R. (March, January 26). Anonymous Reputation Systems Achieving Full Dynamicity from Lattices. Proceedings of the Financial Cryptography and Data Security: 22nd International Conference, FC 2018, Nieuwpoort, Cura\u00e7ao.","DOI":"10.1007\/978-3-662-58387-6_21"},{"key":"ref_24","first-page":"630","article-title":"Extracting Group Signatures from Traitor Tracing Schemes","volume":"Volume 2656","author":"Kiayias","year":"2003","journal-title":"International Conference on the Theory and Applications of Cryptographic Techniques"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"441","DOI":"10.1007\/978-3-319-79063-3_21","article-title":"G-Merkle: A Hash-Based Group Signature Scheme from Standard Assumptions","volume":"Volume 10786","author":"Misoczki","year":"2018","journal-title":"International Conference on Post-Quantum Cryptography"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"136","DOI":"10.1007\/978-3-030-92548-2_8","article-title":"GMMT: A Revocable Group Merkle Multi-Tree Signature Scheme","volume":"13099","author":"Yehia","year":"2021","journal-title":"Cryptol. Netw. Secur.\u2014CANS"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Sako, K., Schneider, S., and Ryan, P. (2019, January 23\u201327). DGM: A Dynamic and Revocable Group Merkle Signature. Proceedings of the Computer Security\u2013ESORICS 2019: 24th European Symposium on Research in Computer Security, Luxembourg.","DOI":"10.1007\/978-3-030-29962-0"},{"key":"ref_28","unstructured":"Yu, Y., and Yung, M. Security Analysis of DGM and GM Group Signature Schemes Instantiated with XMSS-T. Proceedings of the Information Security and Cryptology: 17th International Conference, Inscrypt 2021, Virtual Event, 12\u201314 August 2021, Springer International Publishing."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"11:1","DOI":"10.1145\/3638763","article-title":"Sphinx-in-the-Head: Group Signatures from Symmetric Primitives","volume":"27","author":"Chen","year":"2024","journal-title":"ACM Trans. Priv. Secur."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Katz, J., Kolesnikov, V., and Wang, X. (2018, January 15\u201319). Improved Non-Interactive Zero Knowledge with Applications to Post-Quantum Signatures. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada.","DOI":"10.1145\/3243734.3243805"},{"key":"ref_31","unstructured":"Bernstein, D.J., H\u00fclsing, A., K\u00f6lbl, S., Niederhagen, R., Rijneveld, J., and Schwabe, P. (2019, January 11\u201315). The SPHINCS+ signature framework. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK."},{"key":"ref_32","first-page":"387","article-title":"Mitigating Multi-target Attacks in Hash-Based Signatures","volume":"Volume 9614","author":"Cheng","year":"2016","journal-title":"Proceedings of the Public-Key Cryptography\u2014PKC 2016\u201419th IACR International Conference on Practice and Theory in Public-Key Cryptography"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Esgin, M.F., Steinfeld, R., and Zhao, R.K. (2022, January 23\u201325). MatRiCT+: More Efficient Post-Quantum Private Blockchain Payments. Proceedings of the 43rd IEEE Symposium on Security and Privacy, San Francisco, CA, USA.","DOI":"10.1109\/SP46214.2022.9833655"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"395","DOI":"10.1007\/978-3-642-17373-8_23","article-title":"A Group Signature Scheme from Lattice Assumptions","volume":"Volume 6477","author":"Abe","year":"2010","journal-title":"Proceedings of the Advances in Cryptology-ASIACRYPT 2010: 16th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, 5\u20139 December 2010"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1007\/978-3-642-42045-0_3","article-title":"Lattice-Based Group Signatures with Logarithmic Signature Size","volume":"Volume 8270","author":"Laguillaumie","year":"2013","journal-title":"Proceedings of the Advances in Cryptology-ASIACRYPT 2013: 19th International Conference on the Theory and Application of Cryptology and Information Security, Bengaluru, India, 1\u20135 December 2013"},{"key":"ref_36","first-page":"345","article-title":"Lattice-Based Group Signature Scheme with Verifier-Local Revocation","volume":"Volume 8383","author":"Langlois","year":"2014","journal-title":"International Workshop on Public Key Cryptography"},{"key":"ref_37","first-page":"373","article-title":"Signature Schemes with Efficient Protocols and Dynamic Group Signatures from Lattice Assumptions","volume":"Volume 10032","author":"Libert","year":"2016","journal-title":"International Conference on the Theory and Application of Cryptology and Information Security"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Abdalla, M., and Dahab, R. (2018, January 25\u201329). Constant-Size Group Signatures from Lattices. Proceedings of the Public-Key Cryptography\u2013PKC 2018: 21st IACR International Conference on Practice and Theory of Public-Key Cryptography, Rio de Janeiro, Brazil, Switzerland.","DOI":"10.1007\/978-3-319-76581-5"},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"293","DOI":"10.1007\/978-3-319-61204-1_15","article-title":"Lattice-Based Group Signatures: Achieving Full Dynamicity with Ease","volume":"Volume 10355","author":"Gollmann","year":"2017","journal-title":"Proceedings of the Applied Cryptography and Network Security: 15th International Conference, ACNS 2017, Kanazawa, Japan, 10\u201312 July 2017"},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"5754","DOI":"10.1109\/TIT.2020.2976073","article-title":"Provably Secure Group Signature Schemes From Code-Based Assumptions","volume":"66","author":"Ezerman","year":"2020","journal-title":"IEEE Trans. Inf. Theory"},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1007\/978-3-030-34621-8_2","article-title":"New Code-Based Privacy-Preserving Cryptographic Constructions","volume":"Volume 11922","author":"Galbraith","year":"2019","journal-title":"Proceedings of the Advances in Cryptology\u2013ASIACRYPT 2019: 25th International Conference on the Theory and Application of Cryptology and Information Security, Kobe, Japan, 8\u201312 December 2019"},{"key":"ref_42","first-page":"218","article-title":"Shorter Lattice-Based Group Signatures via \u2019Almost Free\u2019 Encryption and Other Optimizations","volume":"Volume 13093","author":"Lyubashevsky","year":"2021","journal-title":"International Conference on the Theory and Application of Cryptology and Information Security"},{"key":"ref_43","unstructured":"Pass, R., and Shelat, A. (2017). A Course in Cryptography, Princeton University Press."},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Goldreich, O. (2004). Foundations of Cryptography, Cambridge University Press.","DOI":"10.1017\/CBO9780511721656"},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"Katz, J., and Lindell, Y. (2014). Introduction to Modern Cryptography, CRC Press. [2nd ed.].","DOI":"10.1201\/b17668"},{"key":"ref_46","first-page":"281","article-title":"Formalizing Human Ignorance: Collision-Resistant Hashing without the Keys","volume":"2006","author":"Rogaway","year":"2006","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"Sun, S., Yuan, X., Liu, J.K., Steinfeld, R., Sakzad, A., Vo, V., and Nepal, S. (2018, January 15\u201319). Practical Backward-Secure Searchable Encryption from Symmetric Puncturable Encryption. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada.","DOI":"10.1145\/3243734.3243782"},{"key":"ref_48","first-page":"79","article-title":"Adaptively Secure Puncturable Pseudorandom Functions in the Standard Model","volume":"Volume 9452","author":"Hohenberger","year":"2015","journal-title":"International Conference on the Theory and Application of Cryptology and Information Security"},{"key":"ref_49","first-page":"194","article-title":"Optimal Parameters for XMSSMT","volume":"Volume 8128","author":"Rausch","year":"2013","journal-title":"Security Engineering and Intelligence Informatics\u2014CD-ARES 2013 Workshops: MoCrySEn and SeCIHD"},{"key":"ref_50","doi-asserted-by":"crossref","first-page":"120","DOI":"10.1007\/978-3-540-30598-9_9","article-title":"Group Signatures: Better Efficiency and New Theoretical Aspects","volume":"3352","author":"Camenisch","year":"2004","journal-title":"Secur. Commun. Netw.\u2014SCN"},{"key":"ref_51","doi-asserted-by":"crossref","unstructured":"Brassard, G., H\u00f8yer, P., and Tapp, A. (1998, January 20\u201324). Quantum Cryptanalysis of Hash and Claw-Free Functions. Proceedings of the LATIN \u201998: Theoretical Informatics, Third Latin American Symposium, Campinas, Brazil.","DOI":"10.1007\/BFb0054319"},{"key":"ref_52","doi-asserted-by":"crossref","unstructured":"Dahmen, E., Okeya, K., Takagi, T., and Vuillaume, C. (2008, January 17\u201319). Digital Signatures Out of Second-Preimage Resistant Hash Functions. Proceedings of the Post-Quantum Cryptography, Second International Workshop, PQCrypto 2008, Cincinnati, OH, USA.","DOI":"10.1007\/978-3-540-88403-3_8"},{"key":"ref_53","unstructured":"Goldreich, O., Goldwasser, S., and Micali, S. (1984, January 24\u201326). How to Construct Random Functions (Extended Abstract). Proceedings of the 25th Annual Symposium on Foundations of Computer Science, West Palm Beach, FL, USA."}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/9\/1\/12\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T16:28:11Z","timestamp":1760027291000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/9\/1\/12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,2,6]]},"references-count":53,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,3]]}},"alternative-id":["cryptography9010012"],"URL":"https:\/\/doi.org\/10.3390\/cryptography9010012","relation":{},"ISSN":["2410-387X"],"issn-type":[{"type":"electronic","value":"2410-387X"}],"subject":[],"published":{"date-parts":[[2025,2,6]]}}}