Advances in Cryptology — EUROCRYPT ’91

Volume 547 of the series Lecture Notes in Computer Science pp 257-265


Group Signatures

  • David ChaumAffiliated withCWI Centre for Mathematics and Computer Science
  • , Eugène van HeystAffiliated withCWI Centre for Mathematics and Computer Science


In this paper we present a new type of signature for a group of persons, called a group signature, which has the following properties:
  • only members of the group can sign messages;

  • the receiver can verify that it is a valid group signature, but cannot discover which group member made it;

  • if necessary, the signature can be “opened”, so that the person who signed the message is revealed.

These group signatures are a “generalization” of the credential/membership authentication schemes, in which one person proves that he belongs to a certain group.

We present four schemes that satisfy the properties above. Not all these schemes are based on the same cryptographic assumption. In some of the schemes a trusted centre is only needed during the setup; and in other schemes, each person can create the group he belongs to.