A Practical and Provably Secure Coalition-Resistant Group Signature Scheme

  • Giuseppe Ateniese
  • Jan Camenisch
  • Marc Joye
  • Gene Tsudik
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1880)


A group signature scheme allows a group member to sign messages anonymously on behalf of the group. However, in the case of a dispute, the identity of a signature’s originator can be revealed (only) by a designated entity. The interactive counterparts of group signatures are identity escrow schemes or group identification scheme with revocable anonymity. This work introduces a new provably secure group signature and a companion identity escrow scheme that are significantly more efficient than the state of the art. In its interactive, identity escrow form, our scheme is proven secure and coalition-resistant under the strong RSA and the decisional Diffie-Hellman assumptions. The security of the non-interactive variant, i.e., the group signature scheme, relies additionally on the Fiat-Shamir heuristic (also known as the random oracle model).


Group signature schemes revocable anonymity coalition-resistance strong RSA assumption identity escrow provable security 

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Giuseppe Ateniese
    • 1
  • Jan Camenisch
    • 2
  • Marc Joye
    • 3
  • Gene Tsudik
    • 4
  1. 1.Department of Computer ScienceThe Johns Hopkins UniversityBaltimoreUSA
  2. 2.IBM Research, Zurich Research LaboratoryRüschlikonSwitzerland
  3. 3.Card Security GroupGemplus Card InternationalGémenosFrance
  4. 4.Department of Information and Computer ScienceUniversity of CaliforniaIrvine, IrvineUSA

Personalised recommendations