Visible to the public Biblio

Found 459 results

Filters: First Letter Of Last Name is D  [Clear All Filters]
A B C [D] E F G H I J K L M N O P Q R S T U V W X Y Z   [Show ALL]
D
De Oliveira Nunes, Ivan, ElDefrawy, Karim, Rattanavipanon, Norrathep, Tsudik, Gene.  2019.  PURE: Using Verified Remote Attestation to Obtain Proofs of Update, Reset and Erasure in low-End Embedded Systems. 2019 IEEE/ACM International Conference on Computer-Aided Design (ICCAD). :1–8.
Remote Attestation ( RA) is a security service that enables a trusted verifier ( Vrf) to measure current memory state of an untrusted remote prover ( Prv). If correctly implemented, RA allows Vrf to remotely detect if Prv's memory reflects a compromised state. However, RA by itself offers no means of remedying the situation once P rv is determined to be compromised. In this work we show how a secure RA architecture can be extended to enable important and useful security services for low-end embedded devices. In particular, we extend the formally verified RA architecture, VRASED, to implement provably secure software update, erasure, and system-wide resets. When (serially) composed, these features guarantee to Vrf that a remote Prv has been updated to a functional and malware-free state, and was properly initialized after such process. These services are provably secure against an adversary (represented by malware) that compromises Prv and exerts full control of its software state. Our results demonstrate that such services incur minimal additional overhead (0.4% extra hardware footprint, and 100-s milliseconds to generate combined proofs of update, erasure, and reset), making them practical even for the lowest-end embedded devices, e.g., those based on MSP430 or AVR ATMega micro-controller units (MCUs). All changes introduced by our new services to VRASED trusted components are also formally verified.
de Oliveira Saraiva, F., Nobuhiro Asada, E..  2014.  Multi-agent systems applied to topological reconfiguration of smart power distribution systems. Neural Networks (IJCNN), 2014 International Joint Conference on. :2812-2819.

One of the various features expected for a smart power distribution system - a smart grid in the power distribution level - is the possibility of the fully automated operation for certain control actions. Although this is very expected, it requires various logic, sensor and actuator technologies in a system which, historically, has a low level of automation. One of the most analyzed problems for the distribution system is the topology reconfiguration. The reconfiguration has been applied to various objectives: minimization of power losses, voltage regulation, load balancing, to name a few. The solution method in most cases is centralized and its application is not in real-time. From the new perspectives of advanced distribution systems, fast and adaptive response of the control actions are required, specially in the presence of alternative generation sources and electrical vehicles. In this context, the multi-agent system, which embeds the necessary control actions and decision making is proposed for the topology reconfiguration aiming the loss reduction. The concept of multi-agent system for distribution system is proposed and two case studies with 11-Bus and 16-Bus system are presented.
 

de Rooij, Sjors, Laguna, Antonio Jarquin.  2019.  Modelling of submerged oscillating water columns with mass transfer for wave energy extraction. 2019 Offshore Energy and Storage Summit (OSES). :1—9.
Oscillating-water-column (OWC) devices are a very important type of wave energy converters which have been extensively studied over the years. Although most designs of OWC are based on floating or fixed structures exposed above the surface level, little is known from completely submerged systems which can benefit from reduced environmental loads and a simplified structural design. The submerged type of resonant duct consists of two OWCs separated by a weir and air chamber instead of the commonly used single column. Under conditions close to resonance, water flows from the first column into the second one, resulting in a positive flow through the system from which energy can be extracted by a hydro turbine. While existing work has looked at the study of the behaviour of one OWC, this paper addresses the dynamic interaction between the two water columns including the mass transfer mechanism as well as the associated change of momentum. A numerical time-domain model is used to obtain some initial results on the performance and response of the system for different design parameters. The model is derived from 1D conservation of mass and momentum equations, including hydrodynamic effects, adiabatic air compressibility and turbine induced damping. Preliminary results indicate that the mass transfer has an important effect both on the resonance amplification and on the phase between the motion of the two columns. Simulation results are presented for the system performance over several weir heights and regular wave conditions. Further work will continue in design optimization and experimental validation of the proposed model.
de Sá, Alan Oliveira, Carmo, Luiz Fernando Rust da C., Santos Machado, Raphael C..  2019.  Countermeasure for Identification of Controlled Data Injection Attacks in Networked Control Systems. 2019 II Workshop on Metrology for Industry 4.0 and IoT (MetroInd4.0 IoT). :455–459.
Networked Control Systems (NCS) are widely used in Industry 4.0 to obtain better management and operational capabilities, as well as to reduce costs. However, despite the benefits provided by NCSs, the integration of communication networks with physical plants can also expose these systems to cyber threats. This work proposes a link monitoring strategy to identify linear time-invariant transfer functions performed by a Man-in-the-Middle during controlled data injection attacks in NCSs. The results demonstrate that the proposed identification scheme provides adequate accuracy when estimating the attack function, and does not interfere in the plant behavior when the system is not under attack.
De Santis, Alfredo, Flores, Manuela, Masucci, Barbara.  2017.  One-Message Unilateral Entity Authentication Schemes. Proceedings of the 12th International Conference on Availability, Reliability and Security. :25:1–25:6.
A one-message unilateral entity authentication scheme allows one party, called the prover, to authenticate himself, i.e., to prove his identity, to another party, called the verifier, by sending a single authentication message. In this paper we consider schemes where the prover and the verifier do not share any secret information, such as a password, in advance. We propose the first theoretical characterization for one-message unilateral entity authentication schemes, by formalizing the security requirements for such schemes with respect to different kinds of adversaries. Afterwards, we propose three provably-secure constructions for one-message unilateral entity authentication schemes.
De Santis, Fabrizio, Bauer, Tobias, Sigl, Georg.  2016.  Hiding Higher-Order Univariate Leakages by Shuffling Polynomial Masking Schemes: A More Efficient, Shuffled, and Higher-Order Masked AES S-box. Proceedings of the 2016 ACM Workshop on Theory of Implementation Security. :17–26.

Polynomial masking is a glitch-resistant and higher-order masking scheme based upon Shamir's secret sharing scheme and multi-party computation protocols. Polynomial masking was first introduced at CHES 2011, while a 1st-order implementation of the AES S-box on FPGA was presented at CHES 2013. In this latter work, the authors showed a 2nd-order univariate leakage by side-channel collision analysis on a tuned measurement setup. This negative result motivates the need to evaluate the performance, area-costs, and security margins of combined \shuffled\ and higher-order polynomially masking schemes to counteract trivial univariate leakages. In this work, we provide the following contributions: first, we introduce additional principles for the selection of efficient addition chains, which allow for more compact and faster implementations of cryptographic S-boxes. Our 1st-order AES S-box implementation requires approximately 27% less registers, 20% less clock cycles, and 5% less random bits than the CHES 2013 implementation. Then, we propose a lightweight shuffling countermeasure, which inherently applies to polynomial masking schemes and effectively enhances their univariate security at negligible area expenses. Finally, we present the design of a \combined\ \shuffled\ \and\ higher-order polynomially masked AES S-box in hardware, while providing ASIC synthesis and side-channel analysis results in the Electro-Magnetic (EM) domain.

De Santis, Fabrizio, Bauer, Tobias, Sigl, Georg.  2016.  Hiding Higher-Order Univariate Leakages by Shuffling Polynomial Masking Schemes: A More Efficient, Shuffled, and Higher-Order Masked AES S-box. Chained Attacks, Proceedings of the 2016 ACM Workshop on Theory of Implementation Security. :17–26.

Polynomial masking is a glitch-resistant and higher-order masking scheme based upon Shamir's secret sharing scheme and multi-party computation protocols. Polynomial masking was first introduced at CHES 2011, while a 1st-order implementation of the AES S-box on FPGA was presented at CHES 2013. In this latter work, the authors showed a 2nd-order univariate leakage by side-channel collision analysis on a tuned measurement setup. This negative result motivates the need to evaluate the performance, area-costs, and security margins of combined \shuffled\ and higher-order polynomially masking schemes to counteract trivial univariate leakages. In this work, we provide the following contributions: first, we introduce additional principles for the selection of efficient addition chains, which allow for more compact and faster implementations of cryptographic S-boxes. Our 1st-order AES S-box implementation requires approximately 27% less registers, 20% less clock cycles, and 5% less random bits than the CHES 2013 implementation. Then, we propose a lightweight shuffling countermeasure, which inherently applies to polynomial masking schemes and effectively enhances their univariate security at negligible area expenses. Finally, we present the design of a \combined\ \shuffled\ \and\ higher-order polynomially masked AES S-box in hardware, while providing ASIC synthesis and side-channel analysis results in the Electro-Magnetic (EM) domain.

de Souza, Rick Lopes, Vigil, Martín, Custódio, Ricardo, Caullery, Florian, Moura, Lucia, Panario, Daniel.  2018.  Secret Sharing Schemes with Hidden Sets. 2018 IEEE Symposium on Computers and Communications (ISCC). :00713–00718.
Shamir's Secret Sharing Scheme is well established and widely used. It allows a so-called Dealer to split and share a secret k among n Participants such that at least t shares are needed to reconstruct k, where 0 \textbackslashtextbackslashtextless; t ≤ n. Nothing about the secret can be learned from less than t shares. To split secret k, the Dealer generates a polynomial f, whose independent term is k and the coefficients are randomly selected using a uniform distribution. A share is a pair (x, f(x)) where x is also chosen randomly using a uniform distribution. This scheme is useful, for example, to distribute cryptographic keys among different cloud providers and to create multi-factor authentication. The security of Shamir's Secret Sharing Scheme is usually analyzed using a threat model where the Dealer is trusted to split and share secrets as described above. In this paper, we demonstrate that there exists a different threat model where a malicious Dealer can compute shares such that a subset of less than t shares is allowed to reconstruct the secret. We refer to such subsets as hidden sets. We formally define hidden sets and prove lower bounds on the number of possible hidden sets for polynomials of degree t - 1. Yet, we show how to detect hidden sets given a set of n shares and describe how to create hidden sets while sharing a secret using a modification of Shamir's scheme.
De Sutter, Bjorn, Basile, Cataldo, Ceccato, Mariano, Falcarin, Paolo, Zunke, Michael, Wyseur, Brecht, d'Annoville, Jerome.  2016.  The ASPIRE Framework for Software Protection. Proceedings of the 2016 ACM Workshop on Software PROtection. :91–92.
In the ASPIRE research project, a software protection tool flow was designed and prototyped that targets native ARM Android code. This tool flow supports the deployment of a number of protections against man-at-the-end attacks. In this tutorial, an overview of the tool flow will be presented and attendants will participate to a hands-on demonstration. In addition, we will present an overview of the decision support systems developed in the project to facilitate the use of the protection tool flow.
De Sutter, Bjorn, Falcarin, Paolo, Wyseur, Brecht, Basile, Cataldo, Ceccato, Mariano, DAnnoville, Jerome, Zunke, Michael.  2016.  A Reference Architecture for Software Protection. :291–294.

This paper describes the ASPIRE reference architecture designed to tackle one major problem in this domain: the lack of a clear process and an open software architecture for the composition and deployment of multiple software protections on software applications.
 

De Sutter, Bjorn, Falcarin, Paolo, Wyseur, Brecht, Basile, Cataldo, Ceccato, Mariano, DAnnoville, Jerome, Zunke, Michael.  2016.  A Reference Architecture for Software Protection. :291–294.

This paper describes the ASPIRE reference architecture designed to tackle one major problem in this domain: the lack of a clear process and an open software architecture for the composition and deployment of multiple software protections on software applications.

De, Asmit, Basu, Aditya, Ghosh, Swaroop, Jaeger, Trent.  2019.  FIXER: Flow Integrity Extensions for Embedded RISC-V. 2019 Design, Automation Test in Europe Conference Exhibition (DATE). :348–353.
With the recent proliferation of Internet of Things (IoT) and embedded devices, there is a growing need to develop a security framework to protect such devices. RISC-V is a promising open source architecture that targets low-power embedded devices and SoCs. However, there is a dearth of practical and low-overhead security solutions in the RISC-V architecture. Programs compiled using RISC-V toolchains are still vulnerable to code injection and code reuse attacks such as buffer overflow and return-oriented programming (ROP). In this paper, we propose FIXER, a hardware implemented security extension to RISC-V that provides a defense mechanism against such attacks. FIXER enforces fine-grained control-flow integrity (CFI) of running programs on backward edges (returns) and forward edges (calls) without requiring any architectural modifications to the RISC-V processor core. We implement FIXER on RocketChip, a RISC-V SoC platform, by leveraging the integrated Rocket Custom Coprocessor (RoCC) to detect and prevent attacks. Compared to existing software based solutions, FIXER reduces energy overhead by 60% at minimal execution time (1.5%) and area (2.9%) overheads.
Dean, Andrew, Agyeman, Michael Opoku.  2018.  A Study of the Advances in IoT Security. Proceedings of the 2Nd International Symposium on Computer Science and Intelligent Control. :15:1-15:5.

The Internet-of-things (IoT) holds a lot of benefits to our lives by removing menial tasks and improving efficiency of everyday objects. You are trusting your personal data and device control to the manufactures and you may not be aware of how much risk your putting your privacy at by sending your data over the internet. The internet-of-things may not be as secure as you think when the devices used are constrained by a lot of variables which attackers can exploit to gain access to your data / device and anything they connected to and as the internet-of-things is all about connecting devices together one weak point can be all it takes to gain full access. In this paper we have a look at the current advances in IoT security and the most efficient methods to protect IoT devices.

Deaney, Waleed, Venter, Isabella, Ghaziasgar, Mehrdad, Dodds, Reg.  2017.  A Comparison of Facial Feature Representation Methods for Automatic Facial Expression Recognition. Proceedings of the South African Institute of Computer Scientists and Information Technologists. :10:1–10:10.

A machine translation system that can convert South African Sign Language video to English audio or text and vice versa in real-time would be immensely beneficial to the Deaf and hard of hearing. Sign language gestures are characterised and expressed by five distinct parameters: hand location; hand orientation; hand shape; hand movement and facial expressions. The aim of this research is to recognise facial expressions and to compare the following feature descriptors: local binary patterns; compound local binary patterns and histogram of oriented gradients in two testing environments, a subset of the BU3D-FE dataset and the CK+ dataset. The overall accuracy, accuracy across facial expression classes, robustness to test subjects, and the ability to generalise of each feature descriptor within the context of automatic facial expression recognition are analysed as part of the comparison procedure. Overall, HOG proved to be a more robust feature descriptor to the LBP and CLBP. Furthermore, the CLBP can generally be considered to be superior to the LBP, but the LBP has greater potential in terms of its ability to generalise.

Deb Nath, Atul Prasad, Bhunia, Swarup, Ray, Sandip.  2018.  ArtiFact: Architecture and CAD Flow for Efficient Formal Verification of SoC Security Policies. 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). :411–416.
Verification of security policies represents one of the most critical, complex, and expensive steps of modern SoC design validation. SoC security policies are typically implemented as part of functional design flow, with a diverse set of protection mechanisms sprinkled across various IP blocks. An obvious upshot is that their verification requires comprehension and analysis of the entire system, representing a scalability bottleneck for verification tools. The scale and complexity of industrial SoC is far beyond the analysis capacity of state-of-the-art formal tools; even simulation-based security verification is severely limited in effectiveness because of the need to exercise subtle corner-cases across the entire system. We address this challenge by developing a novel security architecture that accounts for verification needs from the ground up. Our framework, ArtiFact, provides an alternative architecture for security policy implementation that exploits a flexible, centralized, infrastructure IP and enables scalable, streamlined verification of these policies. With our architecture, verification of system-level security policies reduces to analysis of this single IP and its interfaces, enabling off-the-shelf formal tools to successfully verify these policies. We introduce a CAD flow that supports both formal and dynamic (simulation-based) verification, and is built on top of such off-the-shelf tools. Our approach reduces verification time by over 62X and bug detection time by 34X for illustrative policies.
Deb, Supratim, Ge, Zihui, Isukapalli, Sastry, Puthenpura, Sarat, Venkataraman, Shobha, Yan, He, Yates, Jennifer.  2017.  AESOP: Automatic Policy Learning for Predicting and Mitigating Network Service Impairments. Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. :1783–1792.

Efficient management and control of modern and next-gen networks is of paramount importance as networks have to maintain highly reliable service quality whilst supporting rapid growth in traffic demand and new application services. Rapid mitigation of network service degradations is a key factor in delivering high service quality. Automation is vital to achieving rapid mitigation of issues, particularly at the network edge where the scale and diversity is the greatest. This automation involves the rapid detection, localization and (where possible) repair of service-impacting faults and performance impairments. However, the most significant challenge here is knowing what events to detect, how to correlate events to localize an issue and what mitigation actions should be performed in response to the identified issues. These are defined as policies to systems such as ECOMP. In this paper, we present AESOP, a data-driven intelligent system to facilitate automatic learning of policies and rules for triggering remedial actions in networks. AESOP combines best operational practices (domain knowledge) with a variety of measurement data to learn and validate operational policies to mitigate service issues in networks. AESOP's design addresses the following key challenges: (i) learning from high-dimensional noisy data, (ii) capturing multiple fault models, (iii) modeling the high service-cost of false positives, and (iv) accounting for the evolving network infrastructure. We present the design of our system and show results from our ongoing experiments to show the effectiveness of our policy leaning framework.

Debatty, T., Mees, W., Gilon, T..  2018.  Graph-Based APT Detection. 2018 International Conference on Military Communications and Information Systems (ICMCIS). :1-8.

In this paper we propose a new algorithm to detect Advanced Persistent Threats (APT's) that relies on a graph model of HTTP traffic. We also implement a complete detection system with a web interface that allows to interactively analyze the data. We perform a complete parameter study and experimental evaluation using data collected on a real network. The results show that the performance of our system is comparable to currently available antiviruses, although antiviruses use signatures to detect known malwares while our algorithm solely uses behavior analysis to detect new undocumented attacks.

Dechand, Sergej, Naiakshina, Alena, Danilova, Anastasia, Smith, Matthew.  2019.  In Encryption We Don’t Trust: The Effect of End-to-End Encryption to the Masses on User Perception. 2019 IEEE European Symposium on Security and Privacy (EuroS P). :401–415.
With WhatsApp's adoption of the Signal Protocol as its default, end-to-end encryption by the masses happened almost overnight. Unlike iMessage, WhatsApp notifies users that encryption is enabled, explicitly informing users about improved privacy. This rare feature gives us an opportunity to study people's understandings and perceptions of secure messaging pre-and post-mass messenger encryption (pre/post-MME). To study changes in perceptions, we compared the results of two mental models studies: one conducted in 2015 pre-MME and one in 2017 post-MME. Our primary finding is that users do not trust encryption as currently offered. When asked about encryption in the study, most stated that they had heard of encryption, but only a few understood the implications, even on a high level. Their consensus view was that no technical solution to stop skilled attackers from getting their data exists. Even with a major development, such as WhatsApp rolling out end-to-end encryption, people still do not feel well protected by their technology. Surprisingly, despite WhatsApp's end-to-end security info messages and the high media attention, the majority of the participants were not even aware of encryption. Most participants had an almost correct threat model, but don't believe that there is a technical solution to stop knowledgeable attackers to read their messages. Using technology made them feel vulnerable.
Deeba, Farah, Tefera, Getenet, Kun, She, Memon, Hira.  2019.  Protecting the Intellectual Properties of Digital Watermark Using Deep Neural Network. 2019 4th International Conference on Information Systems Engineering (ICISE). :91—95.

Recently in the vast advancement of Artificial Intelligence, Machine learning and Deep Neural Network (DNN) driven us to the robust applications. Such as Image processing, speech recognition, and natural language processing, DNN Algorithms has succeeded in many drawbacks; especially the trained DNN models have made easy to the researchers to produces state-of-art results. However, sharing these trained models are always a challenging task, i.e. security, and protection. We performed extensive experiments to present some analysis of watermark in DNN. We proposed a DNN model for Digital watermarking which investigate the intellectual property of Deep Neural Network, Embedding watermarks, and owner verification. This model can generate the watermarks to deal with possible attacks (fine tuning and train to embed). This approach is tested on the standard dataset. Hence this model is robust to above counter-watermark attacks. Our model accurately and instantly verifies the ownership of all the remotely expanded deep learning models without affecting the model accuracy for standard information data.

Deeksha, Kumar, A., Bansal, M..  2017.  A review on VANET security attacks and their countermeasure. 2017 4th International Conference on Signal Processing, Computing and Control (ISPCC). :580–585.

In the development of smart cities across the world VANET plays a vital role for optimized route between source and destination. The VANETs is based on infra-structure less network. It facilitates vehicles to give information about safety through vehicle to vehicle communication (V2V) or vehicle to infrastructure communication (V2I). In VANETs wireless communication between vehicles so attackers violate authenticity, confidentiality and privacy properties which further effect security. The VANET technology is encircled with security challenges these days. This paper presents overview on VANETs architecture, a related survey on VANET with major concern of the security issues. Further, prevention measures of those issues, and comparative analysis is done. From the survey, found out that encryption and authentication plays an important role in VANETS also some research direction defined for future work.

Deepali, Bhushan, K..  2017.  DDoS attack defense framework for cloud using fog computing. 2017 2nd IEEE International Conference on Recent Trends in Electronics, Information Communication Technology (RTEICT). :534–538.

Cloud is the requirement of today's competitive world that demand flexible, agile and adaptable technology to be at par with rapidly changing IT industry. Cloud offers scalable, on-demand, pay-as-you-go services to enterprise and has hence become a part of growing trend of organizations IT service model. With emerging trend of cloud the security concerns have further increased and one of the biggest concerns related to cloud is DDoS attack. DDoS attack tends to exhaust all the available resources and leads to unavailability of services in cloud to legitimate users. In this paper the concept of fog computing is used, it is nothing but an extension to cloud computing that performs analysis at the edge of the network, i.e. bring intelligence at the edge of the network for quick real time decision making and reducing the amount of data that is forwarded to cloud. We have proposed a framework in which DDoS attack traffic is generated using different tools which is made to pass through fog defender to cloud. Furthermore, rules are applied on fog defender to detect and filter DDoS attack traffic targeted to cloud.

Degenbaeva, C., Klusch, M..  2015.  Critical Node Detection Problem Solving on GPU and in the Cloud. 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded S. :52–57.

The Critical Node Detection Problem (CNDP) is a well-known NP-complete, graph-theoretical problem with many real-world applications in various fields such as social network analysis, supply-chain network analysis, transport engineering, network immunization, and military strategic planning. We present the first parallel algorithms for CNDP solving in general, and for fast, approximated CND on GPU and in the cloud in particular. Finally, we discuss results of our experimental performance analysis of these solutions.

Dehghanniri, H., Letier, E., Borrion, H..  2015.  Improving security decision under uncertainty: A multidisciplinary approach. 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). :1–7.

Security decision-making is a critical task in tackling security threats affecting a system or process. It often involves selecting a suitable resolution action to tackle an identified security risk. To support this selection process, decision-makers should be able to evaluate and compare available decision options. This article introduces a modelling language that can be used to represent the effects of resolution actions on the stakeholders' goals, the crime process, and the attacker. In order to reach this aim, we develop a multidisciplinary framework that combines existing knowledge from the fields of software engineering, crime science, risk assessment, and quantitative decision analysis. The framework is illustrated through an application to a case of identity theft.

Deka, Surajit, Sarma, Kandarpa Kumar.  2018.  Joint Source Channel Coding with Bandwidth Compression. 2018 5th International Conference on Signal Processing and Integrated Networks (SPIN). :286–290.
In this paper, we have considered the broadcasting of a memoryless bivariate Gaussian source over a Gaussian broadcast channel with respect to bandwidth compression. We have analysed the performance of a hybrid digital-analog (HDA) coding system in combination with joint source channel coding (JSCC) to measure the distortion regions. The transmission advantages due to the combination of both the analog and digital techniques, a class of HDA schemes that yields better performance in distortion is discussed. The performance of source and channel coding for the possible better outcome of the system is measured by employing Wyner-Ziv and Costa coding. In our model, we have considered the upper layer to be a combination of a hybrid layer in the sense of both the analog and digital processing is done. This is executed in presence of quantization error and performance of the system is measured with two conditions: 1) HDA scheme with quantization scaling factor α = 0, i.e. the input of the channel have only the analog information which is considered as the scaled quantization error βS 2) The analog information from the first layer S is suppressed by setting error scaling factor β = 0 and 3) Inclusion of recursive mode with JSCC in each of the three layers for the possible better outcome is considered here.
del Pino, Rafael, Lyubashevsky, Vadim, Seiler, Gregor.  2018.  Lattice-Based Group Signatures and Zero-Knowledge Proofs of Automorphism Stability. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :574–591.

We present a group signature scheme, based on the hardness of lattice problems, whose outputs are more than an order of magnitude smaller than the currently most efficient schemes in the literature. Since lattice-based schemes are also usually non-trivial to efficiently implement, we additionally provide the first experimental implementation of lattice-based group signatures demonstrating that our construction is indeed practical – all operations take less than half a second on a standard laptop. A key component of our construction is a new zero-knowledge proof system for proving that a committed value belongs to a particular set of small size. The sets for which our proofs are applicable are exactly those that contain elements that remain stable under Galois automorphisms of the underlying cyclotomic number field of our lattice-based protocol. We believe that these proofs will find applications in other settings as well. The motivation of the new zero-knowledge proof in our construction is to allow the efficient use of the selectively-secure signature scheme (i.e. a signature scheme in which the adversary declares the forgery message before seeing the public key) of Agrawal et al. (Eurocrypt 2010) in constructions of lattice-based group signatures and other privacy protocols. For selectively-secure schemes to be meaningfully converted to standard signature schemes, it is crucial that the size of the message space is not too large. Using our zero-knowledge proofs, we can strategically pick small sets for which we can provide efficient zero-knowledge proofs of membership.