Linkable Democratic Group Signatures
In a variety of group-oriented applications cryptographic primitives like group signatures or ring signatures are valuable methods to achieve anonymity of group members. However, in their classical form, these schemes cannot be deployed for applications that simultaneously require (i) to avoid centralized management authority like group manager and (ii) the signer to be anonymous only against non-members while group members have rights to trace and identify the signer.
The idea of recently introduced democratic group signatures is to provide these properties. Based on this idea we introduce a group-oriented signature scheme that allows the group members to trace the identity of any other group member who issued a signature while non-members are only able to link the signatures issued by the same signer without tracing. For this purpose the signature scheme assigns to every group member a unique pseudonym that can be used by any non-member verifier to communicate with the anonymous signer from the group. We present several group-oriented application scenarios where this kind of linkability is essential.
We propose a concrete linkable democratic group signature scheme for two-parties, prove its security in the random oracle model, and describe how to modularly extend it to the multi-party case.
Keywordsdemocratic group signatures anonymity pseudonymity linkability group communication
- 5.Bender, A., Katz, J., Morselli, R.: Ring signatures: Stronger definitions, and constructions without random oracles. In: Theory of Cryptography Conference 2006. LNCS. Springer, Heidelberg (2006) (to appear)Google Scholar
- 6.Boneh, D.: The Decision Diffie-Hellman problem. In: ANTS-III: Proceedings of the Third International Symposium on Algorithmic Number Theory, pp. 48–63. Springer, Heidelberg (1998)Google Scholar
- 7.Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)Google Scholar
- 9.Camenisch, J., Michels, M.: A group signature scheme with improved efficiency. In: Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security, pp. 160–174. Springer, Heidelberg (1998)Google Scholar
- 10.Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997)Google Scholar
- 11.Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)Google Scholar
- 22.Sahai, A.: Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security. In: FOCS 1999: Proceedings of the 40th Annual Symposium on Foundations of Computer Science, p. 543. IEEE Computer Society Press, Los Alamitos (1999)Google Scholar