Information Security Practice and Experience

Volume 3903 of the series Lecture Notes in Computer Science pp 187-201

Linkable Democratic Group Signatures

  • Mark ManulisAffiliated withHorst-Görtz Institute, Ruhr-University of Bochum
  • , Ahmad-Reza SadeghiAffiliated withHorst-Görtz Institute, Ruhr-University of Bochum
  • , Jörg SchwenkAffiliated withHorst-Görtz Institute, Ruhr-University of Bochum

* Final gross prices may vary according to local VAT.

Get Access


In a variety of group-oriented applications cryptographic primitives like group signatures or ring signatures are valuable methods to achieve anonymity of group members. However, in their classical form, these schemes cannot be deployed for applications that simultaneously require (i) to avoid centralized management authority like group manager and (ii) the signer to be anonymous only against non-members while group members have rights to trace and identify the signer.

The idea of recently introduced democratic group signatures is to provide these properties. Based on this idea we introduce a group-oriented signature scheme that allows the group members to trace the identity of any other group member who issued a signature while non-members are only able to link the signatures issued by the same signer without tracing. For this purpose the signature scheme assigns to every group member a unique pseudonym that can be used by any non-member verifier to communicate with the anonymous signer from the group. We present several group-oriented application scenarios where this kind of linkability is essential.

We propose a concrete linkable democratic group signature scheme for two-parties, prove its security in the random oracle model, and describe how to modularly extend it to the multi-party case.


democratic group signatures anonymity pseudonymity linkability group communication