Group Signature

We propose a dynamic accumulator scheme from bilinear pairings, whose security is based on the Strong Diffie-Hellman assumption. We show applications of this accumulator in constructing an identitybased (ID-based) ring signature scheme with constant-size signatures and its interactive counterpart, and providing membership revocation to group signature, traceable signature and identity escrow schemes and anonymous credential systems. The ID-based ring signature scheme and the group signature scheme have extremely short signature sizes. The size of our group signatures with membership revocation is only half the size of the well-known ACJT00 scheme, which does not provide membership revocation. The schemes do not require trapdoor, so system parameters can be shared by multiple groups belonging to different organizations. All schemes proposed are provably secure in formal models. We generalize the definition of accumulators to model a wider range of practical accumulators. We provide formal models for ID-based ad-hoc anonymous identification schemes and identity escrow schemes with membership revocation, based on existing ones.

Ring signatures, first introduced by Rivest, Shamir, and Tauman, enable a user to sign a message so that a ring of possible signers (of which the user is a member) is identified, without revealing exactly which member of that ring actually generated the signature. In contrast to group signatures, ring signatures are completely "ad-hoc" and do not require any central authority or coordination among the various users (indeed, users do not even need to be aware of each other); furthermore, ring signature schemes grant users fine-grained control over the level of anonymity associated with any particular signature. This paper has two main areas of focus. First, we examine previous definitions of security for ring signature schemes and suggest that most of these prior definitions are too weak, in the sense that they do not take into account certain realistic attacks. We propose new definitions of anonymity and unforgeability which address these threats, and give separation results proving that our new notions are strictly stronger than previous ones. Second, we show the first constructions of ring signature schemes in the standard model. One scheme is based on generic assumptions and satisfies our strongest definitions of security. Two additional schemes are more efficient, but achieve weaker security guarantees and more limited functionality.

The existing authentication protocols to secure vehicular ad hoc networks (VANETs) raise challenges such as certificate distribution and revocation, avoidance of computation and communication bottlenecks, and reduction of the strong reliance on tamper-proof devices. This paper efficiently cope with these challenges with a decentralized group authentication protocol in the sense that the group is maintained by each RSU rather than by a centralized authority as in most existing protocols employing group signatures. In our proposal, we employ each roadside unit (RSU) to maintain and manage an on-the-fly group within its communication range. Vehicles entering the group can anonymously broadcast vehicle-to-vehicle (V2V) messages, which can be instantly verified by the vehicles in the same group (and neighbor groups). Later, if the message is found to be false, a third party can be invoked to disclose the identity of the message originator. Our protocol efficiently exploits the specific features of vehicular mobility, physical road limitations and properly distributed RSUs. Our design leads to a robust VANET since, if some RSUs occasionally collapse, only the vehicles driving in those collapsed areas will be affected. Due to the numerous RSUs sharing the load to maintain the system, performance does not significantly degrade when more vehicles join the VANET; hence, the system is scalable.

Vocal learning is well known among passerine and psittacine birds, but most data on mammals are equivocal. Speci¢c bene¢ts of vocal learning are poorly understood for most species. One case where vocal learning should be favoured by selection is where calls indicate group membership and group mates are unrelated. Female greater spear-nosed bats, Phyllostomus hastatus, live in stable groups of unrelated bats and use loud, broadband calls to coordinate foraging movements of social group mates. Bats bene¢t from group foraging. Calls di¡er between female social groups and cave colonies, and playback experiments demonstrate that bats perceive these acoustic di¡erences. Here I show that the group distinctive structure of calls arises through vocal learning. Females change call structure when group composition changes, resulting in increased similarity among new social group mates. Comparisons of transfers with agematched half-sibs indicate that call changes are not simply due to maturation, the physical environment or heredity. These results suggest that studies testing vocal learning in mammals could pro¢t by focusing on vocalizations that signify group membership.

In many applications, it is desirable to work with signatures that are both short, and yet where many messages from different signers be verified very quickly. RSA signatures satisfy the latter condition, but are generally thousands of bits in length. Recent developments in pairingbased cryptography produced a number of "short" signatures which provide equivalent security in a fraction of the space. Unfortunately, verifying these signatures is computationally intensive due to the expensive pairing operation. In an attempt to simultaneously achieve "short and fast" signatures, Camenisch, Hohenberger and Pedersen (Eurocrypt 2007) showed how to batch verify two pairing-based schemes so that the total number of pairings was independent of the number of signatures to verify.

Group signatures allow members to sign on behalf of a group. Recently, several schemes have been proposed, in order to provide more efficient and shorter group signatures. However, this should be performed achieving a strong security level. To this aim, a formal security model has been proposed by Bellare, Shi and Zang, including both dynamic groups and concurrent join. Unfortunately, very few schemes satisfy all the requirements, and namely the shortest ones needed to weaken the anonymity notion. We present an extremely short dynamic group signature scheme, with concurrent join, provably secure in this model. It achieves stronger security notions than BBS, and namely the full anonymity, while still shorter. The proofs hold under the q-SDH and the XDH assumptions, in the random oracle model.

We propose a group signature scheme with constant-size public key and signature length that does not require trapdoor. So system parameters can be shared by multiple groups belonging to different organizations. The scheme is provably secure in the formal model recently proposed by Bellare, Shi and Zhang (BSZ04), using random oracle model, Decisional Bilinear Diffie-Hellman and Strong Diffie-Hellman assumptions. We give a more efficient variant scheme and prove its security in a formal model which is a modification of BSZ04 model and has a weaker anonymity requirement. Both schemes are very efficient and the sizes of signatures are approximately one half and one third, respectively, of the sizes of the well-known ACJT00 scheme. We also use the schemes to construct a traceable signature scheme.

Song geographic variation and Neighbour-Stranger (N-S) discrimination have been intensively but separately studied in bird species, especially in those with small-to medium-sized repertoires. Here, we establish a link between the two phenomena by showing that dialect features are used for N-S recognition in a territorial species with a large repertoire, the skylark Alauda arvensis. In this species, during the breeding season, many pairs settle in stable and adjoining territories gathered in locations spaced by a few kilometres. In a first step, songs produced by males established in different locations were recorded, analyzed and compared to identify possible microgeographic variation at the syntax level. Particular common sequences of syllables (phrases) were found in the songs of all males established in the same location (neighbours), whereas males of different locations (strangers) shared only few syllables and no sequences. In a second step, playback experiments were conducted and provided evidence for N-S discrimination consistent with the dear-enemy effect, i.e. reduced aggression from territorial birds towards neighbours than towards strangers. In addition, a similar response was observed when a ʻchimericʼ signal (shared phrases of the location artificially inserted in the song of a stranger) and a neighbour song were broadcast, indicating that shared sequences were recognized and identified as markers of the group identity. We thus show experimentally that the shared phrases found in the songs of neighbouring birds constitute a group signature used by birds for N-S discrimination, and serve as a basis for the dear-enemy effect.

Constructing practical and provably secure group signature schemes has been a very active research topic in recent years. A group signature can be viewed as a digital signature with certain extra properties. Notably, anyone can verify that a signature is generated by a legitimate group member, while the actual signer can only be identified (and linked) by a designated entity called a group manager. Currently, the most efficient group signature scheme available is due to Camenisch and Lysyanskaya [CL02]. It is obtained by integrating a novel dynamic accumulator with the scheme by Ateniese, et al. . In this paper, we construct a dynamic accumulator that accumulates composites, as opposed to previous accumulators that accumulated primes. We also present an efficient method for proving knowledge of factorization of a committed value. Based on these (and other) techniques we design a novel provably secure group signature scheme. It operates in the common auxiliary string model and offers two important benefits: 1) the Join process is very efficient: a new member computes only a single exponentiation, and 2) the (unoptimized) cost of generating a group signature is 17 exponentiations which is appreciably less than the state-of-the-art.

This article is a position paper on the current security issues in Vehicular Ad hoc Networks (VANETs). VANETs face many interesting research challenges in multiple areas, from privacy and anonymity to the detection and eviction of misbehaving nodes and many others in between. Multiple solutions have been proposed to address those issues. This paper surveys the most relevant while discussing its benefits and drawbacks. The paper explores the newest trends in privacy, anonymity, misbehaving nodes, the dissemination of false information and secure data aggregation, giving a perspective on how we foresee the future of this research area.First, the paper discusses the use of Public Key Infrastructure (PKI) (and certificates revocation), location privacy, anonymity and group signatures for VANETs. Then, it compares several proposals to identify and evict misbehaving and faulty nodes. Finally, the paper explores the differences between syntactic and semantic aggregation techniques, cluster and non-cluster based with fixed and dynamic based areas, while presenting secure as well as probabilistic aggregation schemes.

A Zero-knowledge protocol provides provably secure entity authentication based on a hard computational problem. Among many schemes proposed since 1984, the most practical rely on factoring and discrete log, but still they are practical schemes based on NP-hard problems. Among them, the problem SD of decoding linear codes is in spite of some 30 years of research effort, still exponential. We study a more general problem called MinRank that generalizes SD and contains also other well known hard problems. MinRank is also used in cryptanalysis of several public key cryptosystems such as birational schemes (Crypto'93), HFE (Crypto'99), GPT cryptosystem (Eurocrypt'91), TTM (Asiacrypt'2000) and Chen's authentication scheme (1996). We propose a new Zero-knowledge scheme based on MinRank. We prove it to be Zero-knowledge by black-box simulation. An adversary able to fraud for a given MinRank instance is either able to solve it, or is able to compute a collision on a given hash function. MinRank is one of the most efficient schemes based on NP-complete problems. It can be used to prove in Zero-knowledge a solution to any problem described by multivariate equations. We also present a version with a public key shared by a few users, that allows anonymous group signatures (a.k.a. ring signatures).

SWI/SNF ATP-dependent chromatin remodeling complexes (remodelers) perform critical functions in eukaryotic gene expression control. BAP and PBAP are the fly representatives of the two evolutionarily conserved major subclasses of SWI/SNF remodelers. Both complexes share seven core subunits, including the Brahma ATPase, but differ in a few signature subunits; POLYBROMO and BAP170 specify PBAP, whereas OSA defines BAP. Here, we show that the transcriptional coactivator and PHD finger protein SAYP is a novel PBAP subunit. Biochemical analysis established that SAYP is tightly associated with PBAP but absent from BAP. SAYP, POLYBROMO, and BAP170 display an intimately overlapping distribution on larval salivary gland polytene chromosomes. Genome-wide expression analysis revealed that SAYP is critical for PBAP-dependent transcription. SAYP is required for normal development and interacts genetically with core-and PBAPselective subunits. Genetic analysis suggested that, like BAP, PBAP also counteracts Polycomb silencing. SAYP appears to be a key architectural component required for the integrity and association of the PBAP-specific module. We conclude that SAYP is a signature subunit that plays a major role in the functional specificity of the PBAP holoenzyme.

The Internet of Things (IoT) employs smart devices as its building blocks for developing a ubiquitous communication
framework. It thus supports a wide variety of application domains, including public safety, healthcare, education, and public transportation. While offering a novel communication paradigm, IoT finds its requirements closely connected to the security issues. The role of security following the fact that a new type of devices known as wearables constitute an emerging area. This paper delivers an applicability study of the state-of-the-art cryptographic primitives for wearable IoT devices, including the pairingbased cryptography. Pairing-based schemes are well-recognized as fundamental enablers for many advanced cryptographic applications, such as privacy protection and identity-based encryption. To deliver a comprehensive view on the computational power of modern wearable devices (smart phones, watches, and embedded devices), we perform an evaluation of a variety of them utilizing bilinear pairing for real-time communication. In order to deliver a complete picture, the obtained bilinear pairing results are complemented with performance figures for classical cryptography (such as block ciphers, digital signatures, and hash functions). Our findings show that wearable devices of today have
the needed potential to efficiently operate with cryptographic
primitives in real time. Therefore, we believe that the data
provided during this research would shed light on what devices
are more suitable for certain cryptographic operations.

A great deal of variation is known to underlie the vocalizations of animals. Calls can for example vary between individuals or between social and behavioural contexts. Calls also have the potential to vary between groups. Many group-living animals are known to produce stereotyped group-specific calls and such group signatures are thought to play a role in territory defence or indeed mate choice. Group signatures are generally found in long-distance call variants that work to maintain contact between group members, sometimes referred to as ‘contact calls’. Cooperatively breeding, territorial meerkats, Suricata suricatta, also use contact calls, potentially to maintain social organization during foraging. However, these contact calls are generally quieter than long-distance calls in other species, and better described as ‘close calls’. We investigated whether these similar call types also possess group-specific signatures and whether any such variation is used by receivers. We recorded close calls from 71 individuals belonging to 10 meerkat groups. We found that such close calls indeed possessed group signatures, but that this underlying variation did not appear to be used by receivers, possibly because meerkats use other sensory systems to identify nongroup members. We stress the importance of conducting playback experiments when investigating group-specific vocal signatures and use our results as a basis for predicting which animals may rely on group information encoded within close calls.

In species where conspecifics form discrete social groups, the production of signals advertising group membership may promote cohesion among group members. Female little brown bats (Myotis lucifugus) show high fidelity to maternity roost sites where they aggregate in large numbers every spring to rear young. While the presence of group-specific signatures has been demonstrated in the echolocation calls of this species, differential clutter at recording sites may account for the observed differences. Bats optimize their ability to maneuver and detect prey within a given environment by tailoring their echolocation calls to physical attributes of that environment. Therefore, if clutter is responsible for the apparent group specificity in the calls of little brown bats, groups of bats experiencing similar levels of clutter at roost entrances should emit similar calls. We examined the effect of differential clutter on the emergence calls of M. lucifugus by comparing recorded echolocation calls of bats emerging from three maternity roosts in Georgian Bay, Ontario. The roosts varied in distance from each other and in their proximity to surrounding clutter. The more distant group emerged in an environment with clutter deemed intermediate to the two more proximate roost entrances and yet was the most acoustically distinct. The finding that similarity among emergence calls correlated better with spatial proximity than with the level of clutter around roost entrances is consistent with the development of true group-specific signatures in the emergence calls of M. lucifugus.

A cryptographic primitive or a security mechanism can be specified in a variety of ways, such as a condition involving a game against an attacker, construction of an ideal functionality, or a list of properties that must hold in the face of attack. While game conditions are widely used, an ideal functionality is appealing because a mechanism that is indistinguishable from an ideal functionality is therefore guaranteed secure in any larger system that uses it. We relate ideal functionalities to games by defining the set of ideal functionalities associated with a game condition and show that under this definition, which reflects accepted use and known examples, bit commitment, a form of group signatures, and some other cryptographic concepts do not have any realizable ideal functionality.

In an Optimistic Fair Exchange (OFE) for digital signatures, two parties exchange their signatures fairly without requiring any online trusted third party. The third party is only involved when a dispute occurs. In all the previous work, OFE has been considered only in a setting where both of the communicating parties are individuals. There is little work discussing about the fair exchange between two groups of users, though we can see that this is actually a common scenario in actual OFE applications. In this paper, we introduce a new variant of OFE, called Group-Oriented Optimistic Fair Exchange (GOFE). A GOFE allows two users from two different groups to exchange signatures on behalf of their groups in a fair and anonymous manner. Although GOFE may be considered as a fair exchange for group signatures, it might be inefficient if it is constructed generically from a group signature scheme. Instead, we show that GOFE is backward compatible to the Ambiguous OFE (AOFE). Also, we propose an efficient and concrete construction of GOFE, and prove its security under the security models we propose in this model. The security of the scheme relies on the decision linear assumption and strong Diffie-Hellman assumption under the random oracle model.

Background: Discriminating threatening individuals from non-threatening ones allow territory owners to modulate their territorial responses according to the threat posed by each intruder. This ability reduces costs associated with territorial defence. Reduced aggression towards familiar adjacent neighbours, termed the dear-enemy effect, has been shown in numerous species. An important question that has never been investigated is whether territory owners perceive distant neighbours established in the same group as strangers because of their unfamiliarity, or as dear-enemies because of their group membership.

We propose a short traceable signature scheme based on bilinear pairings. Traceable signatures, introduced by Kiayias, Tsiounis and Yung (KTY), support an extended set of fairness mechanisms (mechanisms for anonymity management and revocation) when compared with the traditional group signatures. Designing short signatures based on the power of pairing has been a current activity of cryptographic research, and is especially needed for long constructions like that of traceable signatures. The size of a signature in our scheme is less than one third of the size in the KTY scheme and about 40% of the size of the pairing based traceable signature (which has been the shortest till today). The security of our scheme is based on the Strong Diffie-Hellman assumption and the Decision Linear Diffie-Hellman assumption. We prove the security of our system in random oracle model using the security model given by KTY.

We introduce a new way for generating strong keys from biometric data. Contrary to popular belief, this leads us to biometric keys which are easy to obtain and renew. Our solution is based on two-factor authentication: a low-cost card and a biometric trait are involved. Following the Boneh and Shacham group signature construction, we introduce a new biometric-based remote authentication scheme. Surprisingly, for ordinary uses no interactions with a biometric database are needed in this scheme. As a side effect of our proposal, privacy of users is easily obtained while it can possibly be removed, for instance under legal warrant.

In 1998, Wang et al. proposed two new (t, n)-threshold signature schemes with traceable signers that can withstand conspiracy attacks without attaching a secret number. However, this article will show that the proposed schemes are insecure by presenting a forgery attack on them. Any malicious attacker can generate a valid group signature for any message without knowing any secret keys of members in a group.

Ring signatures are an important primitive for protecting signers' privacy while ensuring that a signature in question is indeed issued by some qualified user. This notion can be seen as a generalization of the well-known notion of group signatures. A group signature is a signature such that a verifier can establish its validity but not the identity of the actual signer, who can nevertheless be identified by a designated entity called group manager. A ring signature is also a signature such that a verifier can establish its validity but not the identity of the actual signer, who indeed can never be identified by any party. An important advantage of ring signatures over group signatures is that there is no need to pre-specify rings or groups of users.

Robust threshold digital signature schemes are group signature schemes aiming to depart from the classical one person signer schemes. The term 'robust' means that such schemes can tolerate errors attempted by malicious adversary and the term 'threshold' means that given a total of n players, no coalition of players with cardinality less than or equal the threshold value can perform the signature while any coalition of players exceeding the threshold value can perform the signature correctly. The contributions in this paper are two fold. First, we propose a new verifiable secret sharing scheme (VSS) other than Feldman's (1987) and Pedersen's (1992) schemes suitable to protect elliptic curve secret keys. The proposed scheme utilizes a strong one way function provided by the elliptic curve cryptography based on a different type of group mathematics. Next, we employ the elliptic curve VSS to propose a robust threshold elliptic curve digital signature scheme that can withstand an n/2 eavesdropping, n/3 halting and an n/4 malicious adversary. The scheme is able to tolerate n/3 malicious adversary with the cost of higher complexity

Artin's braid groups have been recently suggested as a new source for public-key cryptography. In this paper we propose the first group signature schemes based on the conjugacy problem, decomposition problem and root problem in the braid groups which are believed to be hard problems.

Group signatures (GSs) is an elegant approach for providing privacy-preserving authentication. Unfortunately, modern GS schemes have limited practical value for use in large networks due to the high computational complexity of their revocation check procedures. We propose a novel GS scheme called the Group Signatures with Probabilistic Revocation (GSPR), which significantly improves scalability with regard to revocation. GSPR employs the novel notion of probabilis-tic revocation, which enables the verifier to check the revocation status of the private key of a given signature very efficiently. However, GSPR's revocation check procedure produces probabilistic results, which may include false positive results but no false negative results. GSPR includes a procedure that can be used to iteratively decrease the probability of false positives. GSPR makes an advantageous trade-off between computational complexity and communication overhead, resulting in a GS scheme that offers a number of practical advantages over the prior art. We provide a proof of security for GSPR in the random oracle model using the decisional linear assumption and the bilinear strong Diffie-Hellman assumption.

This paper tackles the following problem: how to decide whether data are trustworthy when their originator wants to remain anonymous? More and more documents are available digitally and it is necessary to have information about their author in order to evaluate the accuracy of those data. Digital signatures and identity certificates are generally used for this purpose. However, trust is not always about identity. In addition authors often want to remain anonymous in order to protect their privacy. This makes common signature schemes unsuitable. We suggest an extension of group signatures where some anonymous person can sign a document as a friend of Alice, as a French citizen, or as someone that was in Paris in December, without revealing any identity. We refer to such scheme as history-based signatures.

Traceable signatures schemes were introduced by Kiayias, Tsiounis and Yung in order to solve traceability issues in group signature schemes. They wanted to enable authorities to delegate some of their detection capabilities to tracing sub-authorities. Instead of opening every single signatures and then threatening privacy, tracing sub-authorities are able to know if a signature was emitted by specific users only. In 2008, Libert and Yung proposed the first traceable signature schemes proven secure in the standard model. We design another scheme in the standard model, with two instantiations based either on the SXDH or the DLin assumptions. Our construction is far more efficient, both in term of group elements for the signature, and pairing computation for the verification. Besides the "step-in" (confirmation) feature that allows a user to prove he was indeed the signer, our construction provides the "step-out" (disavowal) procedure that allows a user to prove he was not the signer. Since list signature schemes are closely related to this primitive, we consider them, and answer an open problem: list signature schemes are possible without random oracles.

Various techniques need to be combined to realize anonymously authenticated communication. Cryptographic tools enable anonymous user authentication while anonymous communication protocols hide users' IP addresses from service providers. One simple approach for realizing anonymously authenticated communication is their simple combination, but this gives rise to another issue; how to build a secure channel. The current public key infrastructure cannot be used since the user's public key identifies the user. To cope with this issue, we propose a protocol that uses identitybased encryption for packet encryption without sacrificing anonymity, and group signature for anonymous user authentication. Communications in the protocol take place through proxy entities that conceal users' IP addresses from service providers. The underlying group signature is customized to meet our objective and improve its efficiency. We also introduce a proof-of-concept implementation to demonstrate the protocol's feasibility. We compare its performance to SSL communication and demonstrate its practicality, and conclude that the protocol realizes secure, anonymous, and authenticated communication between users and service providers with practical performance.

A fair electronic cash system is a system that allows customers to make payments anonymously. Furthermore the trusted third party can revoke the anonymity when the customers did illegal transactions. In this paper, a new fair electronic cash system based on group signature scheme by using elliptic curve cryptography is proposed, which satisfies properties of secure group signature scheme (correctness, unforgeability, etc.). Moreover, our electronic cash contains group members (users, merchants and banks) and trusted third party which is acted by central bank as group manager.

Recently, democratic group signatures(DGSs) particularly catch our attention due to their great flexibilities, i.e., no group manager, anonymity, and individual traceability. In existing DGS schemes, individual traceability says that any member in the group can reveal the actual signer's identity from a given signature. In this paper, we formally describe the definition of DGS, revisit its security notions by strengthening the requirement for the property of traceability, and present a concrete DGS construction with (t, n)-threshold traceability which combines the concepts of group signatures and of threshold cryptography. The idea behind the (t, n)-threshold traceability is to distribute between n group members the capability of tracing the actual signer such that any subset of not less than t members can jointly reconstruct a secret and reveal the identity of the signer while preserving security even in the presence of an active adversary which can corrupt up to t − 1 group members.

David Chaum introduced Visual Voting scheme in which a voter obtains a paper receipt from a voting machine. This receipt can be used to verify that his vote was counted in the final tally, but cannot be used for vote selling. The Chaum's system requires sophisticated printers and application of randomized partial checking (RPC) method. We propose a complete design of a voting system that preserves advantages of the Chaum's scheme, but eliminates the use of special printers and RPC.

Cloud computing provides the secured data sharing among the groups. In which, dynamic group data sharing in a multi-owner environment in the untrusted clouds is the vital problem. While, the group manager updates the revocation list every day, even when no user currently moving away from the group it creates the storage overhead and high data encryption. To overcome this, the proposed technique is based on Revocation Time protocol for each user in the group. Here Revocation Time protocol defines when the user revoked from the group the access of the information should be restricted. Then, this particular user's identification will become invalid. Due to this, the revocation list cannot be updated each day. So the storage overhead can be reduced. Until the data owner provides the new identity for the novel user, the group data cannot be accessed by any member. Elliptic curve algorithm is used to maintain the integrity of information and makes the secure access to the requested user. Based on this,security is maintained to restrict the unauthorized access and data integrity is achieved.

We present a short group signature scheme with an efficient (concurrent) join protocol. Signatures in our scheme are almost as short as Boneh, Boyen and Shacham's Short Group Signatures (BBS04) that has no join protocol, and the computational costs of our scheme are also almost as efficient as BBS04. The security of our group signature is based on the Decision Linear Diffie-Hellman assumption and the 2 Variable Strong Diffie-Hellman (2SDH) assumption, which is a slightly strong variant of the Strong Diffie-Hellman (SDH) assumption. We prove the security of our system, in the random oracle model, using a security definition for group signatures recently given by Bellare, Shi, and Zhang.

Group signature schemes allow a user, belonging to a specific group of users, to sign a message in an anonymous way on behalf of the group. In general, these schemes need the collaboration of a Trusted Third Party which, in case of a dispute, can reveal the identity of the real signer. A new group signature scheme is presented whose security is based on the Integer Factorization Problem (IFP) and on the Subgroup Discrete Logarithm Problem (SDLP).

Group signature schemes allow a member of a group to sign messages anonymously on behalf of the group. In the case of later dispute, a designated group manager can revoke the anonymity and identify the originator of a signature. In Asiacrypt 2004, Nguyen and Safavi-Naini proposed a group signature scheme that has a constant-size public key and signature length, and more importantly, their group signature scheme does not require trapdoor. Their scheme is very efficient and the sizes of signatures are shorter compared to the existing schemes that were proposed earlier. In this paper, we point out that Nguyen and Safavi-Naini's scheme is insecure. In particular, we provide a cryptanalysis of the scheme that allows a non-member of the group to sign on behalf of the group. The resulting group signature can convince any third party that a member of the group has indeed generated such a signature, although none of the members has done it. Therefore, in the case of dispute, the group manager cannot identify who has signed the message. We also provide a new scheme that does not suffer against this problem.

Group signatures allow a group member to sign anonymously on behalf of a group. In the dynamic case, a group manager can add and revoke group members. An opening manager can revoke the anonymity of a signature and trace it back to the original group member. We introduce limited-linkable group signatures: two signatures on identical messages by the same group member can be efficiently linked. Furthermore, we show how to distribute the opening manager, so that no trusted third party is required to guarantee anonymity. Our system generates short and efficient signatures, and is provably secure in the random oracle model.

Group signatures are a useful cryptographic construct for privacy-preserving non-repudiable authentication, and there have been many group signature schemes. In this paper, we introduce a variant of group signatures that offers two new security properties called leak-freedom and immediate-revocation.

Group Inside Signature (GIS) is a signature scheme that allows the signer to designate his signature to be verified by a group of people, so that members other than the designated group cannot verify the signature generated by him. In Broadcast Group Oriented Signature (BGOS), an user from one group can designate his signature to be verified by members of other group. The GIS and BGOS schemes [5], [6] and [7] which we consider are certificateless schemes. An Adaptable Designated Group Signature (ADGS), is one in which an user can designate his signature to be verified by a selected set of members who are from different groups. The ADGS scheme [8] which we consider here is an identity based scheme. In this paper, we present the cryptanalysis of four schemes that appeared in [5], [6], [7] and [8]. We show that, both GIS schemes [5], [6] and BGOS scheme [7] suffers from Type-I and Type-II vulnerabilities and ADGS [8] is universally forgeable.

The complexity of voting procedures make it challenging to design a secure electronic voting system. In many proposals, the security of the system relies mainly on a black box voting machine. Meanwhile, the most advanced proposals base their security arguments on (complicated) cryptographic protocols, e.g. blind signatures or homomorphic schemes. Canard and Traoré proposed cryptographic primitives dedicated to provide anonymous services using smart cards. Among these primitives, list signatures are specially suitable for e-voting, as they provide specific properties such as multiple vote detection. Moreover, unlike blind signatures, they do not involve a signing authority during the ballot creation process. The purpose of this paper is to present an e-voting system, whose security relies on a tamper-resistant smart card embedding several cryptographic primitives, including list signatures.

Introduction Construction Digital signatures Step-out Signatures Digital Signatures Properties: 1 verification outcome is positive, if k Alice used for signature creation and p Alice for verification, Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures Klonowski, Krzywiecki, Kutyłowski, Lauks Step-out Ring Signatures So if test(s, M, p Alice) = true, then only the holder of k Alice (i.e. Alice) could produce s for message M.

Over the decade, the usage of data had increased exponentially, which led to the demand for its effective storage and retrieval. The cloud environment has developed to handle that demand with its huge storage space and easy accessibility. However, the open nature of the cloud resulted in the data integrity issues and multiuser cloud enriched it. The other issues like group signature and user revocation took the central part to ensure integrity of data in the cloud. The present study summarizes various techniques that were developed in recent times to address the security issues on data integrity, user revocation, and group signature. To reflect on the novelty of each approach, along with its performance in providing integrity for the cloud data stands as the primary objective of the study. From the extensive study, it was found that the overhead on the computational and communication overhead increase proportionally with an increase in the number of the user during the group signature generation and recurrent user revocation. There was a need for an effective cryptic mechanism with effective cloud storage and recovery of data. Finally, it was suggested to develop a robust framework that can provide enhanced security with reduced overhead and ensure data integrity.