Dynamic Fully Anonymous Short Group Signatures

International Journal on Cybernetics & Informatics, 2016

Group Signature, extension of digital signature, allows members of a group to sign messages on behalf of the group, such that the resulting signature does not reveal the identity of the signer. The controllable linkability of group signatures enables an entity who has a linking key to find whether or not two group signatures were generated by the same signer, while preserving the anonymity. This functionality is very useful in many applications that require the linkability but still need the anonymity, such as sybil attack detection in a vehicular ad hoc network and privacy preserving data mining. This paper presents a new signature scheme supporting controllable linkability.The major advantage of this scheme is that the signature length is very short, even shorter than this in the best-known group signature scheme without supporting the linkability. A valid signer is able to create signatures that hide his or her identity as normal group signatures but can be anonymously linked regardless of changes to the membership status of the signer and without exposure of the history of the joining and revocation. From signatures, only linkage information can be disclosed, with a special linking key. Using this controllable linkability and the controllable anonymity of a group signature, anonymity may be flexibly or elaborately controlled according to a desired level.

Lecture Notes in Computer Science, 2010

Group signatures allow group members to anonymously sign messages in the name of a group such that only a dedicated opening authority can reveal the exact signer behind a signature. In many of the target applications, for example in sensor networks or in vehicular communication networks, bandwidth and computation time are scarce resources and many of the existent constructions simply cannot be used. Moreover, some of the most efficient schemes only guarantee anonymity as long as no signatures are opened, rendering the opening functionality virtually useless. In this paper, we propose a group signature scheme with the shortest known signature size and favorably comparing computation time, whilst still offering a strong and practically relevant security level that guarantees secure opening of signatures, protection against a cheating authority, and support for dynamic groups. Our construction departs from the popular sign-and-encrypt-and-prove paradigm, which we identify as one source of inefficiency. In particular, our proposal does not use standard encryption and relies on re-randomizable signature schemes that hide the signed message so as to preserve the anonymity of signers. Security is proved in the random oracle model assuming the XDDH, LRSW and SDLP assumptions and the security of an underlying digital signature scheme. Finally, we demonstrate how our scheme yields a group signature scheme with verifier-local revocation.

2006

We present a short group signature scheme with an ecient (concurrent) join protocol. Signatures in our scheme are almost as short as Boneh, Boyen and Shacham's Short Group Signatures (BBS04) that has no join protocol, and the computational costs of our scheme are also almost as ecient as BBS04. The security of our group signature is based on the Decision Linear Die-Hellman assumption and the 2 Variable Strong Die-Hellman (2SDH) assumption, which is a slightly strong variant of the Strong Die-Hellman (SDH) assumption. We prove the security of our system, in the random oracle model, using a security definition for group signatures recently given by Bellare, Shi, and Zhang. tures (with or without random oracles) with (ecient concurrent) join protocols are much less ecient/longer than the BBS04 signatures. We propose a provably secure group signature scheme that is ecient and whose signature length is almost as short as BBS04. Moreover, it is secure even if users con- currently join...

2005

We provide a construction for a group signature scheme that is provably secure in a universally composable framework, within the standard model with trusted parameters. Our proposed scheme is fairly simple and its efficiency falls within small factors of the most efficient group signature schemes with provable security in any model (including random oracles). Security of our constructions require new cryptographic assumptions, namely the Strong LRSW, EDH, and Strong SXDH assumptions. Evidence for any assumption we introduce is provided by proving hardness in the generic group model.

Group blind signatures combine anonymity properties of both group signatures and blind signatures and offer privacy for both the message to be signed and the signer. Their applications include multi-authority e-voting and distributed e-cash systems. The primitive has been introduced with only informal definitions for its required security properties. We offer two main contributions: first, we provide foundations for the primitive where we present formal security definitions offering various flavors of anonymity relevant to this setting. In the process, we identify and address some subtle issues which were not considered by previous constructions and (informal) security definitions. Our second main contribution is a generic construction that yields practical schemes with round-optimal signing and constant-size signatures. Our constructions permit dynamic and concurrent enrollment of new members, satisfy strong security requirements, and do not rely on random oracles. In addition, we introduce some new building blocks which may be of independent interest.

Lecture Notes in Computer Science, 1997

. The concept of group signatures was introduced by Chaumet al. at Eurocrypt "91. It allows a member of a group to sign messagesanonymously on behalf of the group. In case of a later dispute adesignated group manager can revoke the anonymity and identify theoriginator of a signature. In this paper we propose a new efficient groupsignature scheme. Furthermore we

International Journal of Science and Engineering Applications, 2014

In group signature schemes, the members of the group are allowed to sign messages anonymously on the behalf of the group. In this case, other group members and the outsiders from the group cannot see which member signed the messages. The organizational structure which should support the safety of privacy may need to provide a degree of anonymity to the individuals conducting the transactions. Moreover, the current methods of revocation property of the group signature scheme do not revoke to allow valid signature under an old secret key of the group manager. And it is remaining as a challenge to be independent on the size of the group public key when the group size is increasing. For this above facts, this paper will be proposed to achieve anonymous revocation based on the concept of group signature more effectively.

Lecture Notes in Computer Science, 2004

A group signature scheme allows a group member of a given group to sign messages on behalf of the group in an anonymous and unlinkable way. In case of a dispute, however, a designated group manager can reveal the signer of a valid group signature. Based on Song's forward-secure group signature schemes, Zhang, Wu, and Wang proposed a new group signature scheme with forward security at ICICS 2003. Their scheme is very efficient in both communication and computation aspects. Unfortunately, their scheme is insecure. In this paper we present a security analysis to show that their scheme is linkable, untraceable, and forgeable.

Information and Communications Security, 2003

A group signature scheme allows a group member of a given group to sign messages on behalf of the group in an anonymous and unlinkable fashion. In case of a dispute, however, a designated group manager can reveal the signer of a valid group signature. Based on the Camenisch-Michels group signature scheme [7, 8], Kim, Lim and Lee proposed the first group signature scheme with a member deletion procedure at ICISC 2000 [15]. Their scheme is very efficient in both communication and computation aspects. Unfortunately, their scheme is insecure. In this paper, we first identify an effective way that allows any verifier to determine whether two valid group signatures are signed by the same group member. Secondly, we find that in their scheme a deleted group member can still update his signing key and then generate valid group signatures after he was deleted from the group. In other words, the Kim-Lim-Lee group signature scheme [15] is linkable and does not support secure group member deletion.

Lecture Notes in Computer Science, 2013

In a group signature scheme, group members are able to sign on behalf of the group. Since the introduction of this cryptographic authentication mechanism, several schemes have been proposed but only few of them enjoy a security in the standard model. Moreover, those provided in the standard model suffer the recourse to non standard-assumptions, or the expensive cost and bandwidth of the resulting signature. We provide three practical group signature schemes that are provably secure in the standard model under standard assumptions. The three schemes permit dynamic enrollment of new members while keeping a constant size for both keys and group signatures, and they improve the state-of-the art by several orders of magnitude.