Advertisement

Separability and Efficiency for Generic Group Signature Schemes

Extended Abstract
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1666)

Abstract

A cryptographic protocol possesses separability if the participants can choose their keys independently of each other. This is advantageous from a key-management as well as from a security point of view. This paper focuses on separability in group signature schemes. Such schemes allow a group member to sign messages anonymously on the group’s behalf. However, in case of this anonymity’s misuse, a trustee can reveal the originator of a signature. We provide a generic fully separable group signature scheme and present an efficient instantiation thereof. The scheme is suited for large groups; the size of the group’s public key and the length of signatures do not depend on the number of group member. Its efficiency is comparable to the most efficient schemes that do not offer separability and is an order of magnitude more efficient than a previous scheme that provides partial separability. As a side result, we provide efficient proofs of the equality of two discrete logarithms from different groups and, more general, of the validity of polynomial relations in ℤ among discrete logarithms from different groups.

Keywords

Signature Scheme Discrete Logarithm Security Parameter Cryptographic Protocol Commitment Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    G. Ateniese and G. Tsudik. Group signatures à la carte. In ACM Symposium on Discrete Algorithms, 1999.Google Scholar
  2. 2.
    G. Ateniese and G. Tsudik. Some open issues and new directions in group signatures. In Proc. of Financial Cryptography’ 99, 1999.Google Scholar
  3. 3.
    N. Barić and B. Pfitzmann. Collision-free accumulators and fail-stop signature schemes without trees. In Advances in Cryptology — EUROCRYPT’ 97, vol. 1233 of LNCS, pp. 480–494.Google Scholar
  4. 4.
    M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In First ACM CCS, pp. 62–73. ACM, 1993.Google Scholar
  5. 5.
    J. Benaloh and M. de Mare. One-Way Accumulators: A Decentralized Alternative to Digital Sinatures. In Advances in Cryptology — EUROCRYPT’ 93, vol. 765 of LNCS, pp. 274–285.Google Scholar
  6. 6.
    D. Boneh and M. Franklin. Efficient generation of shared RSA keys. In Advances in Cryptology — CRYPTO’ 97, vol. 1296 of LNCS, pp. 425–439.CrossRefGoogle Scholar
  7. 7.
    J. Boyar, K. Friedl, and C. Lund. Practical zero-knowledge proofs: Giving hints and using deficiencies. Journal of Cryptology, 4(3):185–206, 1991.zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    J. Camenisch. Efficient and generalized group signatures. In Advances in Cryptology — EUROCRYPT’ 97, vol. 1233 of LNCS, pp. 465–479.Google Scholar
  9. 9.
    J. Camenisch and M. Michels. A group signature scheme based on an RSA-variant. Tech. Rep. RS-98-27, BRICS, Dept. of Comp. Sci., University of Aarhus, preliminary version in Advances in Cryptology — ASIACRYPT’ 98, vol. 1514 of LNCS.CrossRefGoogle Scholar
  10. 10.
    J. Camenisch and M. Michels. Proving in zero-knowledge that a number is the product of two safe primes. In Advances in Cryptology — EUROCRYPT’ 99, vol. 1592 of LNCS, pp. 107–122.Google Scholar
  11. 11.
    J. Camenisch and M. Stadler. Efficient group signature schemes for large groups. In Advances in Cryptology — CRYPTO’ 97, vol. 1296 of LNCS, pp. 410–424.CrossRefGoogle Scholar
  12. 12.
    J. L. Camenisch. Group Signature Schemes and Payment Systems Based on the Discrete Logarithm Problem. PhD thesis, ETH Zurich, 1998.Google Scholar
  13. 13.
    A. Chan, Y. Frankel, and Y. Tsiounis. Easy come-easy go divisible cash. GTE Technical Report, preliminary version appeared in Advances in Cryptology — EUROCRYPT’ 98, vol. 1403 of LNCS, pp. 561–575.CrossRefGoogle Scholar
  14. 14.
    D. Chaum. Zero-knowledge undeniable signatures. In Advances in Cryptology — EUROCRYPT’ 90, vol. 473 of LNCS, pp. 458–464.Google Scholar
  15. 15.
    D. Chaum, J.-H. Evertse, and J. van de Graaf. An improved protocol for demonstrating possession of discrete logarithms and some generalizations. In Advances in Cryptology — EUROCRYPT’ 87, vol. 304 of LNCS, pp. 127–141.Google Scholar
  16. 16.
    D. Chaum and T. P. Pedersen. Wallet databases with observers. In Advances in Cryptology — CRYPTO’ 92, vol. 740 of LNCS, pp. 89–105.Google Scholar
  17. 17.
    D. Chaum and E. van Heyst. Group signatures. In Advances in Cryptology — EUROCRYPT’ 91, vol. 547 of LNCS, pp. 257–265.Google Scholar
  18. 18.
    L. Chen and T. P. Pedersen. New group signature schemes. In Advances in Cryptology — EUROCRYPT’ 94, vol. 950 of LNCS, pp. 171–181.CrossRefGoogle Scholar
  19. 19.
    R. Cramer. Personal communication.Google Scholar
  20. 20.
    R. Cramer, I. Damgård, and B. Schoenmakers. Proofs of partial knowledge and simplified design of witness hiding protocols. In Advances in Cryptology — CRYPTO’ 94, volume 839 of LNCS, pp. 174–187. Springer Verlag, 1994.Google Scholar
  21. 21.
    I. B. Damgård. Practical and provable secure release of a secret and exchange of signatures. In Advances in Cryptology — EUROCRYPT’ 93, vol. 765 of LNCS, pp. 200–217.Google Scholar
  22. 22.
    T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. In Advances in Cryptology — CRYPTO’ 84, vol. 196 of LNCS, pp. 10–18.Google Scholar
  23. 23.
    A. Fiat and A. Shamir. How to prove yourself: Practical solution to identification and signature problems. In Advances in Cryptology — CRYPTO’ 86, vol. 263 of LNCS, pp. 186–194.Google Scholar
  24. 24.
    Y. Frankel, P. D. MacKenzie, and M. Yung. Robust efficient distributed RSA-key generation. In STOC’98, pp. 663–672, 1998.Google Scholar
  25. 25.
    E. Fujisaki and T. Okamoto. Statistical zero knowledge protocols to prove modular polynomial relations. In Advances in Cryptology CRYPTO’ 97, vol. 1294 of LNCS, pp. 16–30.CrossRefGoogle Scholar
  26. 26.
    R. Gennaro, H. Krawczyk, and T. Rabin. RSA-based undeniable signatures. In Advances in Cryptology — CRYPTO’ 97, vol. 1296 of LNCS, pp. 132–149.CrossRefGoogle Scholar
  27. 27.
    M. Girault and J.-F. Misarsky. Selective forgery of RSA using redundancy In Advances in Cryptology — EUROCRYPT’ 97, vol. 1233 of LNCS, pp. 495–507.Google Scholar
  28. 28.
    S. Goldwasser and M. Bellare. Lecture notes on cryptography, June 1997.Google Scholar
  29. 29.
    S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28(2):270–299, Apr. 1984.zbMATHCrossRefMathSciNetGoogle Scholar
  30. 30.
    J. Kilian and E. Petrank. Identity escrow. In Advances in Cryptology — CRYPTO’ 98, vol. 1642 of LNCS, pp. 169–185.Google Scholar
  31. 31.
    S. J. Kim, S. J. Park, and D. H. Won. Convertible group signatures. In Advances in Cryptology — ASIACRYPT’ 96, vol. 1163 of LNCS, pp. 311–321.CrossRefGoogle Scholar
  32. 32.
    W.-B. Lee and C.-C. Chang. Efficient group signature scheme based on the discrete logarithm. IEE Proc. Comput. Digit. Tech., 145(1):15–18, 1998.CrossRefGoogle Scholar
  33. 33.
    C. H. Limand P. J. Lee. On the security of convertible group signatures. Electronics Letters, 1996.Google Scholar
  34. 34.
    M. Michels. Comments on some group signature schemes. Technical Report TR-96-3-D, Dept. of Comp. Sci., Univ. of Technology, Chemnitz-Zwickau, Nov. 1996.Google Scholar
  35. 35.
    M. Michels and M. Stadler. Generic constructions for secure and efficient confirmer signature schemes. In Advances in Cryptology — EUROCRYPT’ 98, vol. 1403 of LNCS, pp. 406–421.CrossRefGoogle Scholar
  36. 36.
    J.-F. Misarsky. A multiplicative attack using LLL Algorithm on RSA signatures with redundancy. In Advances in Cryptology — CRYPTO’ 97, vol. 1294 of LNCS, pp. 221–234.CrossRefGoogle Scholar
  37. 37.
    S. Micali, C. Rackoff, and B. Sloan. The notion of security for probabilistic cryptosystems. SIAM Journal on Computing, 17(2):412–426, April 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  38. 38.
    S. J. Park, I. S. Lee, and D. H. Won. A practical group signature. In Proc. of the 1995 Japan-Korea Workshop on Information Security and Cryptography, 1995.Google Scholar
  39. 39.
    T. P. Pedersen. Non-interactive and information-theoretic secure verifiable secret sharing. In Advances in Cryptology-CRYPTO’ 91, vol. 576 of LNCS, pp. 129–140.CrossRefGoogle Scholar
  40. 40.
    H. Petersen. How to convert any digital signature scheme into a group signature scheme. In Security Protocols Workshop, vol. 1361 of LNCS, pp. 177–190, 1997.CrossRefGoogle Scholar
  41. 41.
    D. Pointcheval. Les Preuves de Connaissance et leurs Preuves de Sécurité. PhD thesis, Université de Caen, 1996.Google Scholar
  42. 42.
    G. Poupard and J. Stern. Generation of shared RSA keys by two parties. In Advances in Cryptology — ASIACRYPT’ 98, vol. 1514 of LNCS, pp. 11–24.CrossRefGoogle Scholar
  43. 43.
    R. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Comm. of the ACM, 21(2):120–126, 1978.zbMATHCrossRefMathSciNetGoogle Scholar
  44. 44.
    A. de Santis, G. di Crescenzo, G. Persiano, and M. Yung. On Monotone Formula Closure of SZK. 35th FOCS, IEEE, pp. 454–465, 1994.Google Scholar
  45. 45.
    C. P. Schnorr. Efficient signature generation for smart cards. Journal of Cryptology, 4(3):239–252, 1991.CrossRefMathSciNetGoogle Scholar
  46. 46.
    Y. Tsiounis and M. Yung. On the security of ElGamal-based encryption. In InternationalWorkshop on Practice and Theory in Public Key Cryptography, 1998.Google Scholar
  47. 47.
    J. van de Graaf and R. Peralta. A simple and secure way to show the validity of your public key. In Advances in Cryptology — CRYPTO’ 87, vol. 293 of LNCS, pp. 128–134.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of AarhusNy MunkegadeDenmark
  2. 2.Entrust Technologies Europer3 security engineering ag, Glatt TowerGlattzentrumSwitzerland

Personalised recommendations