Efficient Group Signatures in the Standard Model

Lecture Notes in Computer Science, 1997

. The concept of group signatures was introduced by Chaumet al. at Eurocrypt "91. It allows a member of a group to sign messagesanonymously on behalf of the group. In case of a later dispute adesignated group manager can revoke the anonymity and identify theoriginator of a signature. In this paper we propose a new efficient groupsignature scheme. Furthermore we

Lecture Notes in Computer Science, 2003

At Eurocrypt'91, Chaum and van Heyst introduced the concept of group signature. In such a scheme, each group member is allowed to sign messages on behalf of a group anonymously. However, in case of later disputes, a designated group manager can open a group signature and identify the signer. In recent years, researchers have proposed a number of new group signature schemes and improvements with different levels of security. In this paper, we present a security analysis of five group signature schemes proposed in [25, 27, 18, 30, 10]. By using the same method, we successfully identify several universally forging attacks on these schemes. In our attacks, anyone (not necessarily a group member) can forge valid group signatures on any messages such that the forged signatures cannot be opened by the group manager. We also discuss the linkability of these schemes, and further explain why and how we find the attacks.

Advances in Intelligent Systems and Computing, 2015

Group signature schemes allow a user to sign a message in an anonymous way on behalf of a group. In general, these schemes need the collaboration of a Key Generation Center or a Trusted Third Party, which can disclose the identity of the actual signer if necessary (for example, in order to settle a dispute). This paper presents the results obtained after implementing a group signature scheme using the Integer Factorization Problem and the Subgroup Discrete Logarithm Problem, which has allowed us to check the feasibility of the scheme when using big numbers.

2005

We provide a construction for a group signature scheme that is provably secure in a universally composable framework, within the standard model with trusted parameters. Our proposed scheme is fairly simple and its efficiency falls within small factors of the most efficient group signature schemes with provable security in any model (including random oracles). Security of our constructions require new cryptographic assumptions, namely the Strong LRSW, EDH, and Strong SXDH assumptions. Evidence for any assumption we introduce is provided by proving hardness in the generic group model.

International Journal of Science and Engineering Applications, 2014

In group signature schemes, the members of the group are allowed to sign messages anonymously on the behalf of the group. In this case, other group members and the outsiders from the group cannot see which member signed the messages. The organizational structure which should support the safety of privacy may need to provide a degree of anonymity to the individuals conducting the transactions. Moreover, the current methods of revocation property of the group signature scheme do not revoke to allow valid signature under an old secret key of the group manager. And it is remaining as a challenge to be independent on the size of the group public key when the group size is increasing. For this above facts, this paper will be proposed to achieve anonymous revocation based on the concept of group signature more effectively.

Proceedings of the 5th conference on Smart Card …, 2002

Group signature schemes allow a group member to sign messages on behalf of the group. Such signatures must be anonymous and unlinkable but, whenever needed, a designated group manager can reveal the identity of the signer. During the last decade group signatures have been playing an important role in cryptographic research; many solutions have been proposed and some of them are quite efficient, with constant size of signatures and keys ([1], [6], [7] and [15]). However, some problems still remain among which the large number of computations during the signature protocol and the difficulty to achieve coalition-resistance and to deal with member revocation. In this paper we investigate the use of a tamper-resistant device (typically a smart card) to efficiently solve those problems.

Lecture Notes in Computer Science, 2010

Group signatures allow group members to anonymously sign messages in the name of a group such that only a dedicated opening authority can reveal the exact signer behind a signature. In many of the target applications, for example in sensor networks or in vehicular communication networks, bandwidth and computation time are scarce resources and many of the existent constructions simply cannot be used. Moreover, some of the most efficient schemes only guarantee anonymity as long as no signatures are opened, rendering the opening functionality virtually useless. In this paper, we propose a group signature scheme with the shortest known signature size and favorably comparing computation time, whilst still offering a strong and practically relevant security level that guarantees secure opening of signatures, protection against a cheating authority, and support for dynamic groups. Our construction departs from the popular sign-and-encrypt-and-prove paradigm, which we identify as one source of inefficiency. In particular, our proposal does not use standard encryption and relies on re-randomizable signature schemes that hide the signed message so as to preserve the anonymity of signers. Security is proved in the random oracle model assuming the XDDH, LRSW and SDLP assumptions and the security of an underlying digital signature scheme. Finally, we demonstrate how our scheme yields a group signature scheme with verifier-local revocation.

Information and Communications Security, 2003

A group signature scheme allows a group member of a given group to sign messages on behalf of the group in an anonymous and unlinkable fashion. In case of a dispute, however, a designated group manager can reveal the signer of a valid group signature. Based on the Camenisch-Michels group signature scheme [7, 8], Kim, Lim and Lee proposed the first group signature scheme with a member deletion procedure at ICISC 2000 [15]. Their scheme is very efficient in both communication and computation aspects. Unfortunately, their scheme is insecure. In this paper, we first identify an effective way that allows any verifier to determine whether two valid group signatures are signed by the same group member. Secondly, we find that in their scheme a deleted group member can still update his signing key and then generate valid group signatures after he was deleted from the group. In other words, the Kim-Lim-Lee group signature scheme [15] is linkable and does not support secure group member deletion.

Mathematics

Group signatures are a leading competing signature technique with a substantial amount of research. With group settings, group signatures provide user anonymity. Any group member with access to the group can generate a signature while remaining anonymous. The group manager, however, has the authority to expose and identify the signer if required. Since the privacy of the sender should be preserved, this is a conflict between privacy and accountability. Concerning high performance on security, we propose a novel, well-balanced security and privacy group signature scheme based on a general linear group over group ring. To the best of our knowledge, our work represents the first comprehensive framework for a group signature scheme that utilizes generic linear groups over group rings. We demonstrate that the competing security goals of message trustworthiness, privacy, and accountability are effectively resolved by our protocol. The results of the performance evaluation and simulation d...

Lecture Notes in Computer Science, 2004

A group signature scheme allows a group member of a given group to sign messages on behalf of the group in an anonymous and unlinkable way. In case of a dispute, however, a designated group manager can reveal the signer of a valid group signature. Based on Song's forward-secure group signature schemes, Zhang, Wu, and Wang proposed a new group signature scheme with forward security at ICICS 2003. Their scheme is very efficient in both communication and computation aspects. Unfortunately, their scheme is insecure. In this paper we present a security analysis to show that their scheme is linkable, untraceable, and forgeable.