It is essential that a multi-user cryptographic primitive be revocable since a legitimate user may

quit the organization, or may act on malicious intent, or the relevant key may be leaked. In the

group signature context, usually the group manager publishes the revocation list that contains

revocation tokens. Since signers/verifiers need to obtain the revocation list in each revocation epoch

to generate/verify a group signature, a small-size revocation list is really important in practice.

However, all previous revocable group signatures require at least an O(r)-size revocation list, where

r is the number of revoked users. In this paper, we propose the first revocable group signature

scheme with a constant-size revocation list using identity-based revocation (IBR) techniques. We

use an IBR scheme proposed by Attrapadung–Libert–Panafieu (PKC 2011) as a building block. As

in the Libert–Peters–Yung schemes (EUROCRYPT 2012/CRYPTO 2012), no signing key update

is required. In addition, the verification cost does not depend on the number of revoked users r.

Although the maximum number of revoked users needs to be fixed in the setup phase, the maximum

number of group members is potentially unbounded as in IBR. This property has not been achieved

in the recent scalable revocable group signature schemes and seems to be of independent interest.