抄録
The group signature with designated traceability (GSdT) is a kind of group signatures (GS) which aim to restrict the opening authority of the group manager; by setting an access structure over openers’ attributes at the signing, a signer is able to control openers who can open the signature. A generic construction of GSdT was given when the notion was introduced, then a pairing-based construction and a symmetric-key-based one were presented. Nonetheless, it remains open whether a post-quantum GSdT with full anonymity can be truly constructed.
In this paper, we give a lattice-based GSdT scheme that has full anonymity for the first time. In our construction, the lattice-based ciphertext-policy attribute-based encryption (CPABE) by Tsabary and the lattice-based group signatures (GS) by Libert et al. are employed. The CP-ABE is based on the Regev public-key encryption, while the GS uses a non-interactive zero-knowledge proof to prove the correctness of the encryption in the signing process. Based on the compatibility, we combine and modify them to build up a GSdT scheme.
https://ror.org/01zwcys39 
