Abstract— Group signatures are active cryptographic topics where group members are granted right to sign messages anonymously on behalf of their group. However, in practical applications, such rights are not permanent in most cases and are usually limited to some time periods. This means that the signing right of each group member needs to be associated with time periods such that it can be automatically changed with the latter. Among the known approaches, verifier local revocation (VLR) seems to be the feasible one to implement the above functionality, but it will cause an inefficient verification process when the group size is large. In this paper, we describe a group signature scheme with time-bound keys, based on the hardness of lattice assumption, which implements the limitation of the signing right to any time period by constructing a latticebased redactable signature scheme. Our scheme still adds VLR mechanism for some members who need to revoke prematurely, but the time-bound keys function ensures such members are only a small fraction that do not incur excessive cost for revocation check. We give implementation for our scheme under 93-bit and 207-bit security respectively to demonstrate the practicability–all costs are independent of the group size and achieve a relatively efficient level. Index Terms— Group signatures, time-bound keys, latticebased cryptography, anonymity. I. INTRODUCTION G ROUP signatures, introduced by Chaum and van Heyst [1], is an active research direction in public-key cryptography. In such a system, a member added to a group by Manuscript received 21 April 2022; revised 22 December 2022 and 26 February 2023; accepted 11 April 2023. Date of publication 19 April 2023; date of current version 30 April 2023. This work was supported in part by the National Natural Science Foundation of China under Grant 61802117, Grant U21A20466, and Grant 61972294; in part by the Support Plan of Scientific and Technological Innovation Team in Universities of Henan Province under Grant 20IRTSTHN013; in part by the Special Project on Science and Technology Program of Hubei Province under Grant 2020AEA013 and Grant 2021BAA025; in part by the Natural Science Foundation of Hubei Province under Grant 2020CFA052; in part by the Wuhan Municipal Science and Technology Project under Grant 2020010601012187; in part by the New 20 Project of Higher Education of Jinan under Grant 202228017; and in part by the Youth Backbone Teacher Support Program of Henan Polytechnic University under Grant 2018XQG-10. The associate editor coordinating the review of this manuscript and approving it for publication was Dr. Grigorios Loukides. (Corresponding author: Qing Ye.) Yongli Tang and Yuanhong Li are with the School of Computer Science and Technology, Henan Polytechnic University, Jiaozuo 454000, China (e-mail: yltang@hpu.edu.cn; yuanh.li@foxmail.com). Qing Ye is with the Faculty of Computer Science and Engineering, Xi’an University of Technology, Xi’an 710048, China . Debiao He is with the Shandong Provincial Key Laboratory of Computer Networks, Qilu University of Technology (Shandong Academy of Sciences), Jinan 250014, China, and also with the School of Cyber Science and Engineering, Wuhan University, Wuhan 430072, China . Digital Object Identifier 10.1109/TIFS.2023.3268574 a group manager is allowed to anonymously generate signatures on behalf of the whole group. However, such anonymity may lead to disputes when there are malicious members in the group. To avoid this, the group manager is allowed to link a given signature to the identity of the actual signer. The combination of these two paradoxical properties makes it an ideal solution in various real-li