Group Signatures

  • David Chaum
  • Eugène van Heyst
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 547)

Abstract

In this paper we present a new type of signature for a group of persons, called a group signature, which has the following properties:
  • only members of the group can sign messages;

  • the receiver can verify that it is a valid group signature, but cannot discover which group member made it;

  • if necessary, the signature can be “opened”, so that the person who signed the message is revealed.

These group signatures are a “generalization” of the credential/membership authentication schemes, in which one person proves that he belongs to a certain group.

We present four schemes that satisfy the properties above. Not all these schemes are based on the same cryptographic assumption. In some of the schemes a trusted centre is only needed during the setup; and in other schemes, each person can create the group he belongs to.

References

  1. [BCDvdG87]
    Ernest Brickell, David Chaum, Ivan Damgard and Jeroen van de Graaf, Gradual and verifiable release of a secret, Advances in Cryptology-CRYPTO 87, C. Pomerance ed., Lecture Notes in Computer Science 293, Springer-Verlag, pp. 156–166.Google Scholar
  2. [Ch85]
    David Chaum, Showing credentials without identification, Advances in Cryptology-EUROCRYPT 85, F. Pichler ed., Lecture Notes in Computer Science 219, Springer-Verlag, pp. 241–244.CrossRefGoogle Scholar
  3. [Ch87]
    David Chaum, Blinding for unanticipated signatures, Advances in Cryptology-EUROCRYPT 87, D. Chaum, W. Price eds., Lecture Notes in Computer Science 304, Springer-Verlag, pp. 227–233.Google Scholar
  4. [Ch90]
    David Chaum, Zero-knowledge undeniable signatures, Advances in Cryptology-EUROCRYPT 90, I. Damgård ed., Lecture Notes in Computer Science 473, Springer-Verlag, pp. 458–464.Google Scholar
  5. [CvA89]
    David Chaum and Hans van Antwerpen, Undeniable signatures, Advances in Cryptology-CRYPTO 89, G. Brassard ed., Lecture Notes in Computer Science 435, Springer-Verlag, pp. 212–216.CrossRefGoogle Scholar
  6. [CEvdG87]
    David Chaum, Jan-Hendrik Evertse and Jeroen van de Graaf, An improved protocol for demonstrating possession of discrete logarithms and some generalizations, Advances in Cryptology-EUROCRYPT 87, D. Chaum, W. Price eds., Lecture Notes in Computer Science 304, Springer-Verlag, pp. 127–141.Google Scholar
  7. [ElG85]
    Taher ElGamal, A public key cryptosystem and a signature scheme based on discrete logarithm, IEEE IT 31 (1985), pp. 469–472.MATHCrossRefMathSciNetGoogle Scholar
  8. [FS86]
    Amos Fiat and Adi Shamir, How to prove yourself: practical solution to identification and signature problems, Advances in Cryptology-CRYPTO 86, A.M. Odlyzko ed., Lecture Notes in Computer Science 263, Springer-Verlag, pp. 186–194.CrossRefGoogle Scholar
  9. [OOK90]
    Kazuo Ohta, Tatsuaki Okamoto and Kenji Koyama, Membership authentication for hierarchical multigroup using the extended Fiat-Shamir scheme, Advances in Cryptology-EUROCRYPT 90, I. Damgård ed., Lecture Notes in Computer Science 473, Springer-Verlag, pp. 446–457.Google Scholar
  10. [Per85]
    René Peralta, Simultaneous security of bits in the discrete log, Advances in Cryptology-EUROCRYPT 85, F. Pichler ed., Lecture Notes in Computer Science 219, Springer-Verlag, pp. 62–72.CrossRefGoogle Scholar
  11. [SKI90]
    Hiroki Shizuya, Kenji Koyama and Toshiya Itoh, Demonstrating possession without revealing factors and its applications, Advances in Cryptology AUSCRYPT 90, J. Seberry and J. Pieprzyk eds., Lecture Notes in Computer Science 453, Springer-Verlag, pp. 273–293.CrossRefGoogle Scholar
  12. [SS90]
    Schrift and Shamir, The discrete log is very discreet, Proc. 22 nd STOC 1990, pp. 405–415.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1991

Authors and Affiliations

  • David Chaum
    • 1
  • Eugène van Heyst
    • 1
  1. 1.CWI Centre for Mathematics and Computer ScienceAmsterdamThe Netherlands

Personalised recommendations