A Group Signature Scheme with Improved Efficiency (Extended Abstract)

  • Jan Camenisch
  • Markus Michels
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1514)

Abstract

The concept of group signatures allows a group member to sign messages anonymously on behalf of the group. However, in the case of a dispute, the identity of a signature’s originator can be revealed by a designated entity. In this paper we propose a new group signature scheme that is well suited for large groups, i.e., the length of the group’s public key and of signatures do not depend on the size of the group. Our solution based on a variation of the RSA problem is more efficient than previous ones satisfying these requirements.

Keywords

Group signature scheme for large groups digital signature schemes revocable anonymity 

References

  1. 1.
    N. Barić and B. Pfitzmann. Collision-free accumulators and fail-stop signature schemes without trees. In W. Fumy, ed., Advances in Cryptology — EUROCRYPT’ 97, volume 1233 of LNCS, pages 480–494. Springer Verlag, 1997.Google Scholar
  2. 2.
    M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In First ACM Conference on Computer and Communication Security, pages 62–73. Association for Computing Machinery, 1993.Google Scholar
  3. 3.
    D. Boneh and M. Franklin. Efficient generation of shared RSA keys. In B. Kaliski, ed., Advances in Cryptology — CRYPTO’ 97, volume 1296 of LNCS, pages 425–439. Springer Verlag, 1997.CrossRefGoogle Scholar
  4. 4.
    J. Boyar, K. Friedl, and C. Lund. Practical zero-knowledge proofs: Giving hints and using deficiencies. Journal of Cryptology, 4(3):185–206, 1991.MATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    J. Boyar and R. Peralta. Short discreet proofs. In U. Maurer, ed., Advances in Cryptology — EUROCRYPT’ 96, volume 1070 of LNCS, pages 131–142. Springer Verlag, 1996.Google Scholar
  6. 6.
    G. Brassard, D. Chaum, and C. Crépeau. Minimum disclosure proofs of knowledge. Journal of Computer and System Sciences, 37(2):156–189, Oct. 1988.Google Scholar
  7. 7.
    J. Camenisch. Efficient and generalized group signatures. In W. Fumy, ed., Advances in Cryptology — EUROCRYPT’ 97, volume 1233 of LNCS, pages 465–479. Springer Verlag, 1997.Google Scholar
  8. 8.
    J. Camenisch, U. Maurer, and M. Stadler. Digital payment systems with passive anonymity-revoking trustees. In Computer Security — ESORICS 96, volume 1146 of LNCS, pages 33–43. Springer Verlag, 1996.Google Scholar
  9. 9.
    J. Camenisch and M. Stadler. Efficient group signature schemes for large groups. In B. Kaliski, ed., Advances in Cryptology — CRYPTO’ 97, volume 1296 of LNCS, pages 410–424. Springer Verlag, 1997.CrossRefGoogle Scholar
  10. 10.
    J. L. Camenisch. Group Signature Schemes and Payment Systems Based on the Discrete Logarithm Problem. PhD thesis, ETH Zürich, 1998. Diss. ETH No. 12520, ISBN 3-89649-286-1, Hartung Gorre Verlag, Konstanz.Google Scholar
  11. 11.
    R. Canetti, O. Goldreich, and S. Halevi. The random oracle methodology, revisited. In Proc. 30th Annual ACM Symposium on Theory of Computing (STOC), 1998.Google Scholar
  12. 12.
    D. Catalano and R. Gennaro. New efficient and secure protocols for verifiable signature sharing and other applications. In Advances in Cryptology — CRYPTO’ 98, LNCS. Springer Verlag, 1998.Google Scholar
  13. 13.
    A. Chan, Y. Frankel, and Y. Tsiounis. Easy come-easy go divisible cash. In Advances in Cryptology — EUROCRYPT’ 98, volume 1403 of LNCS.CrossRefGoogle Scholar
  14. 14.
    D. Chaum, J.-H. Evertse, and J. van de Graaf. An improved protocol for demonstrating possession of discrete logarithms and some generalizations. In Advances in Cryptology — EUROCRYPT’ 87, pages 127–141.Google Scholar
  15. 15.
    D. Chaum and T. P. Pedersen. Transferred cash grows in size. In R. A. Rueppel, ed., Advances in Cryptology — EUROCRYPT’ 92, volume 658 of LNCS, pages 390–407. Springer-Verlag, 1993CrossRefGoogle Scholar
  16. 16.
    D. Chaum and E. van Heyst. Group signatures. In D. W. Davies, ed., Advances in Cryptology — EUROCRYPT’ 91, volume 547 of LNCS, pages 257–265.Google Scholar
  17. 17.
    L. Chen and T. P. Pedersen. New group signature schemes. In Advances in Cryptology — EUROCRYPT’ 94, volume 950 of LNCS, pages 171–181.CrossRefGoogle Scholar
  18. 18.
    D. Coppersmith. Finding a Small Root of a Bivariatre Interger Equation; Factoring with High Bits Known In U. Maurer, ed., Advances in Cryptology — EUROCRYPT’ 96, volume 1070 of LNCS, pages 178–189. Springer Verlag, 1996.Google Scholar
  19. 19.
    R. Cramer and I. Damgård. Linear zero-knowledge: A note on efficient zero-knowledge proofs and arguments. In Proc. 29th Annual ACM Symposium on Theory of Computing (STOC), pages 436–445. ACM press, 1997.Google Scholar
  20. 20.
    R. Cramer, I. Damgård, and B. Schoenmakers. Proofs of partial knowledge and simplified design of witness hiding protocols. In Y. G. Desmedt, ed., Advances in Cryptology — CRYPTO’ 94, volume 839 of LNCS, pages 174–187.Google Scholar
  21. 21.
    T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. In G. R. Blakley and D. Chaum, eds., Advances in Cryptology — CRYPTO’ 84, volume 196 of LNCS, pages 10–18. Springer Verlag, 1985.Google Scholar
  22. 22.
    J.-H. Evertse and E. van Heyst. Which new RSA signatures can be computed from certain given RSA signatures? Journal of Cryptology, 5:41–52, 1992.MATHCrossRefGoogle Scholar
  23. 23.
    U. Feige, A. Fiat, and A. Shamir. Zero-knowledge proofs of identity. Journal of Cryptology, 1:77–94, 1988.MATHCrossRefMathSciNetGoogle Scholar
  24. 24.
    A. Fiat and A. Shamir. How to prove yourself: Practical solution to identification and signature problems. In A. M. Odlyzko, ed., Advances in Cryptology — CRYPTO’ 86, volume 263 of LNCS, pages 186–194. Springer Verlag, 1987.Google Scholar
  25. 25.
    E. Fujisaki and T. Okamoto. Statistical zero knowledge protocols to prove modular polynomial relations. In B. S. Kaliski, ed., Advances in Cryptology — CRYPTO’ 97, volume 1294 of LNCS, pages 16–30. Springer Verlag, 1997.CrossRefGoogle Scholar
  26. 26.
    M. Girault. An identity-based identification scheme based on discrete logarihtms modulo a composite number. In I. B. Damgård, ed., Advances in Cryptology — EUROCRYPT’ 90, volume 473 of LNCS, pages 481–486. Springer-Verlag, 1991.Google Scholar
  27. 27.
    M. Girault. Self-certified public keys. In Advances in Cryptology — EUROCRYPT’ 91, volume 547 of LNCS, pages 490–497. Springer-Verlag, 1992.Google Scholar
  28. 28.
    J. Kilian and E. Petrank. Identity escrow. In Advances in Cryptology — CRYPTO’ 98, LNCS. Springer Verlag, 1998.Google Scholar
  29. 29.
    S. J. Kim, S. J. Park, and D. H. Won. Convertible group signatures. In Advances in Cryptology — ASIACRYPT’ 96, volume 1163 of LNCS, pages 311–321.CrossRefGoogle Scholar
  30. 30.
    K. Koyama, U. Maurer, T. Okamoto, and S. Vanstone New Public-key Schemes Based on Elliptic Curves over the Ring Z n. In Advances in Cryptology — CRYPTO’ 91, volume 576 of LNCS, pages 252–266.CrossRefGoogle Scholar
  31. 31.
    C. H. Lim and P. J. Lee. On the security of convertible group signatures. Electronics Letters, 1996.Google Scholar
  32. 32.
    A. Lysyanskaya and Z. Ramzan. Group blind digital signatures: A scalable solution to electronic cash. In Proc. Second Int. Conf. on Financial Cryptography, 1998.Google Scholar
  33. 33.
    M. Michels. Comments on some group signature schemes. TR-96-3-D, Departement of Computer Science, University of Technology, Chemnitz-Zwickau, Nov. 1996.Google Scholar
  34. 34.
    T. Okamoto. Provable secure and practical identification schemes and corresponding signature schemes. In E. F. Brickell, ed., Advances in Cryptology — CRYPTO’ 92, volume 740 of LNCS, pages 31–53. Springer-Verlag, 1993.Google Scholar
  35. 35.
    S. J. Park, I. S. Lee, and D. H. Won. A practical group signature. In Proc. of the 1995 Japan-Korea Workshop on Information Security and Cryptography.Google Scholar
  36. 36.
    H. Petersen. How to convert any digital signature scheme into a group signature scheme. In Security Protocols Workshop, Paris, 1997.Google Scholar
  37. 37.
    D. Pointcheval and J. Stern. Security proofs for signature schemes. In U. Maurer, ed., Advances in Cryptology — EUROCRYPT’ 96, volume 1070 of LNCS, pages 387–398. Springer Verlag, 1996.Google Scholar
  38. 38.
    G. Poupard and J. Stern. Security analysis of a practical “on the fly„ authentication and signature generation. In K. Nyberg, ed., Advances in Cryptology — EUROCRYPT’ 98, volume 1403 of LNCS, pages 422–436. Springer Verlag, 1998.CrossRefGoogle Scholar
  39. 39.
    R. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Comm. of the ACM, 21(2):120–126, Feb. 1978.Google Scholar
  40. 40.
    C. P. Schnorr. Efficient signature generation for smart cards. Journal of Cryptology, 4(3):239–252, 1991.CrossRefMathSciNetGoogle Scholar
  41. 41.
    A. Shamir. On the generation of cryptographically strong pseudorandom sequences. In ACM Trans. on Computer Systems, volume 1, pages 38–44, 1983.CrossRefGoogle Scholar
  42. 42.
    M. Stadler. Cryptographic Protocols for Revocable Privacy. PhD thesis, ETH Zürich, 1996. Diss. ETH No. 11651.Google Scholar
  43. 43.
    J. van de Graaf and R. Peralta. A simple and secure way to show the validity of your public key. In C. Pomerance, ed., Advances in Cryptology — CRYPTO’ 87, volume 293 of LNCS, pages 128–134. Springer-Verlag, 1988.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Jan Camenisch
    • 1
  • Markus Michels
    • 2
  1. 1.BRICS Department of Computer ScienceUniversity of Aarhusårhus CDenmark
  2. 2.r3 security engineering agEntrust TechnologyGlattzentrum/ZurichSwitzerland

Personalised recommendations