Advertisement

Tracing-by-Linking Group Signatures

  • Victor K. Wei
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3650)

Abstract

In a group signature [19], any group member can sign on behalf of the group while remaining anonymous, but its identity can be traced in an future dispute investigation. Essentially all state-of-the-art group signatures implement the tracing mechnism by requiring the signer to escrow its identity to an Open Authority (OA) [2, 13, 4, 25, 5, 7, 24]. We call them Tracing-by-Escrowing (TbE) group signatures. One drawback is that the OA also has the unnecessary power to trace without proper cause. In this paper we introduce Tracing-by-Linking (TbL) group signatures. The signer’s anonymity is irrevocable by any authority if the group member signs only once (per event). But if a member signs twice, its identity can be traced by a public algorithm without needing any trapdoor. We initiate the formal study of TbL group signatures by introducing its security model, constructing the first examples, and give several applications. Our core construction technique is the successful transplant of the TbL technique from single-term offline e-cash from the blind signature framework [9, 22, 21] to the group signature framework. Our signatures have size O(1).

This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abe, M., Ohkubo, M., Suzuki, K.: 1-out-of-n signatures from a variety of keys. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 415–432. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A practical and provably secure coalition-resistant group signature scheme. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 255–270. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Goldwasser, S.: Verifiable partial key escrow. In: ACM-CCS 1997, pp. 78–91 (1997)Google Scholar
  4. 4.
    Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, Springer, Heidelberg (2003)Google Scholar
  5. 5.
    Bellare, M., Shi, H., Zhang, C.: Foundations of group signatures: The case of dynamic groups. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 136–153. Springer, Heidelberg (2005); Also ePrint 2004/077CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)Google Scholar
  8. 8.
    Brands, S.: An efficient off-line electronic cash system based on the representation problem. Technical Report CS-R9323, CWI, CWI (April 1993)Google Scholar
  9. 9.
    Brands, S.: Untraceable off-line cash in wallet with observers. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 302–318. Springer, Heidelberg (1994)Google Scholar
  10. 10.
    Brands, S.: Untraceable off-line cash in wallets with observers. manuscript, CWI (1993)Google Scholar
  11. 11.
    Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. Cryptology ePrint Archive, Report 2004/205 (2004), http://eprint.iacr.org/
  12. 12.
    Brickell, E.F., Camenisch, J., Chen, L.: Direct anonymous attestation. In: ACM-CCS 2004, pp. 132–145 (2004); Also ePrint 2004/205Google Scholar
  13. 13.
    Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Camenisch, J., Stadler, M.: Proof systems for general systems of discrete logarithms. ETH Technical Report No. 260 (1997), ftp://ftp.inf.ethz.ch/pub/publications/tech-reports/
  16. 16.
    Canetti, R.: Universal composable security: a new paradigm for cryptographic protocols. In: FOCS 2001, pp. 136–145. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  17. 17.
    Canetti, R., Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Adaptive security for threshold cryptosystems. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 98–115. Springer, Heidelberg (1999)Google Scholar
  18. 18.
    Canetti, R., Goldreich, O., Goldwasser, S., Micali, S.: Aresettable zero-knowledge. In: STOC 2000, pp. 235–244. ACM Press, New York (2000)Google Scholar
  19. 19.
    Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)Google Scholar
  20. 20.
    Cramer, R., Damgard, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
  21. 21.
    Ferguson, N.: Extensions of single-term coins. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 292–301. Springer, Heidelberg (1994)Google Scholar
  22. 22.
    Ferguson, N.: Single term off-line coins. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 318–328. Springer, Heidelberg (1994)Google Scholar
  23. 23.
    Fischlin, M.: The Cramer-Shoup strong-RSA signature scheme revisited. In: PKC, pp. 116–129 (2003)Google Scholar
  24. 24.
    Kiayias, A., Tsiounis, Y., Yung, M.: Traceable signatures. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 571–589. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  25. 25.
    Kiayias, A., Yung, M.: Group signatures: provable security, efficient constructions, and anonymity from trapdoor-holders. Cryptology ePrint Archive, Report 2004/076 (2004), http://eprint.iacr.org/
  26. 26.
    Liu, J.K., Wei, V.K., Wong, D.S.: Linkable spontaneous anonymous group signature for ad hoc groups (extended abstract). In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 325–335. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  27. 27.
    Lysyanskaya, A., Ramzan, Z.: Group blind digital signatures: A scalable solution to electronic cash. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 184–197. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  28. 28.
    Maitland, G., Boyd, C.: Fair electronic cash based on a group signature scheme. In: Qing, S., Okamoto, T., Zhou, J. (eds.) ICICS 2001. LNCS, vol. 2229, p. 461. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  29. 29.
    Maitland, G., Reid, J., Foo, E., Boyd, C., Dawson, E.: Linkability in practical electronic cash design. In: Okamoto, E., Pieprzyk, J.P., Seberry, J. (eds.) ISW 2000. LNCS, vol. 1975, pp. 149–163. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  30. 30.
    Micali, S.: Gauranteed partial key escrow. memo 537, MIT (1995)Google Scholar
  31. 31.
    Mitsunari, S., Sakai, R., Kasahara, M.: A new traitor tracing. IEICE Trans. Fundamentals E85-A(2), 481–484 (2002)Google Scholar
  32. 32.
    Nakanishi, T., Fujiwara, T., Watanabe, H.: A linkable group signature and its application to secret voting. In: 4th Int’l Symp. on Communicatin Theory and Appl. (1997)Google Scholar
  33. 33.
    Nakanishi, T., Fujiwara, T., Watanabe, H.: A linkable group signature and its application to secret voting. Trans. of Information Processing Society of Japan 40(7), 3085–3096 (1999)MathSciNetGoogle Scholar
  34. 34.
    Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  35. 35.
    Shamir, A.: Partial key escrow: a new approach to software key escrow. presentation at NIST key escrow standards meeting (September 15, 1995)Google Scholar
  36. 36.
    Traoré, J.: Group signatures and their relevance to privacy-protecting off-line electronic cash systems. In: Pieprzyk, J.P., Safavi-Naini, R., Seberry, J. (eds.) ACISP 1999. LNCS, vol. 1587, pp. 228–243. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  37. 37.
    Tsang, P.P., Wei, V.K.: Short linkable ring signatures for e-voting, e-cash and attestation. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds.) ISPEC 2005. LNCS, vol. 3439, pp. 48–60. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  38. 38.
    Tsang, P.P., Wei, V.K., Au, M.H., Chan, T.K., Liu, J.K., Wong, D.S.: Separable linkable threshold ring signatures. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 298–384. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  39. 39.
    Wei, V.K.: Tracing-by-linking group signatures. Cryptology ePrint Archive, Report 2004/370 (2004), http://eprint.iacr.org/
  40. 40.
    Zhang, F., Safavi-Naini, R., Susilo, W.: An efficient signature scheme from bilinear pairings and its applications. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 277–290. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Victor K. Wei
    • 1
  1. 1.Dept. of Information EngrgChinese Univ. of Hong KongHong Kong

Personalised recommendations

Cite paper

Buy options