Advertisement

Efficient group signature schemes for large groups

Extended abstract
  • Jan Camenisch
  • Markus Stadler
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1294)

Abstract

A group signature scheme allows members of a group to sign messages on the group's behalf such that the resulting signature does not reveal their identity. Only a designated group manager is able to identify the group member who issued a given signature. Previously proposed realizations of group signature schemes have the undesirable property that the length of the public key is linear in the size of the group. In this paper we propose the first group signature scheme whose public key and signatures have length independent of the number of group members and which can therefore also be used for large groups. Furthermore, the scheme allows the group manager to add new members to the group without modifying the public key. The realization is based on methods for proving the knowledge of signatures.

Keywords

Signature Scheme Group Manager Random Oracle Discrete Logarithm Digital Signature Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    L. M. Adleman, D. R. Estes, and K. S. McCurley. Solving bivaxiate quadratic congruences in random polynomial time. Mathematics of Computation, 43(177):17–28, Jan. 1987.CrossRefMathSciNetGoogle Scholar
  2. 2.
    M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In First ACM Conference on Computer and Communication Security, pages 62–73. Association for Computing Machinery, 1993.Google Scholar
  3. 3.
    J. Boyar and R. Peralta. Short discreet proofs. In Advances in Cryptology — EUROCRYPT '96, volume 1070 of Lecture Notes in Computer Science, pages 131–142. Springer Verlag, 1996.Google Scholar
  4. 4.
    S. Brands. An efficient off-line electronic cash system based on the representation problem. Technical Report CS-R9323, CWI, Apr. 1993.Google Scholar
  5. 5.
    S. Brands. Rapid demonstration of linear relations connected by boolean operators. In In Advances in Cryptology — EUROCRYPT '97, volume 1233 of Lecture Notes in Computer Science, pages 318–333. Springer Verlag, 1997.Google Scholar
  6. 6.
    G. Brassard, D. Chaum, and C. Crépeau. Minimum disclosure proofs of knowledge. Journal of Computer and System Sciences, 37(2):156–189, Oct. 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    J. Camenisch. Efficient and generalized group signatures. In In Advances in Cryptology — EUROCRYPT '97, volume 1233 of Lecture Notes in Computer Science, pages 465–479. Springer Verlag, 1997.Google Scholar
  8. 8.
    J. Camenisch and M. Stadler. Proof systems for general statements about discrete logarithms. Technical Report TR 260, Institute for Theoretical Computer Science, ETH Zürich, Mar. 1997.Google Scholar
  9. 9.
    D. Chaum. Blind signature systems. In Advances in Cryptology — CRYPTO '83, page 153. Plenum Press, 1984.Google Scholar
  10. 10.
    D. Chaum and H. van Antwerpen. Undeniable signatures. In Advances in Cryptology — CRYPTO '89, volume 435 of Lecture Notes in Computer Science, pages 212–216. Springer Verlag, 1990.Google Scholar
  11. 11.
    D. Chaum and E. van Heyst. Group signatures. In Advances in Cryptology — EUROCRYPT '91, volume 547 of Lecture Notes in Computer Science, pages 257–265. Springer-Verlag, 1991.Google Scholar
  12. 12.
    L. Chen and T. P. Pedersen. New group signature schemes. In Advances in Cryptology — EUROCRYPT '94, volume 950 of Lecture Notes in Computer Science, pages 171–181. Springer-Verlag, 1995.Google Scholar
  13. 13.
    I. B. Damgård. Practical and provable secure release of a secret and exchange of signature. In Advances in Cryptology — EUROCRYPT '93, volume 765 of Lecture Notes in Computer Science, pages 200–217. Springer-Verlag, 1994.Google Scholar
  14. 14.
    T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. In Advances in Cryptology — CRYPTO '84, volume 196 of Lecture Notes in Computer Science, pages 10–18. Springer Verlag, 1985.Google Scholar
  15. 15.
    U. Feige, A. Fiat, and A. Shamir. Zero-knowledge proofs of identity. Journal of Cryptology, 1:77–94, 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    E. Fujisaki and T. Okamoto. Witness hiding protocols to confirm modular polynomial relations. In The 1997 Symposium on Cryptograpy and Information Security, Fukuoka, Japan, Jan. 1997. The Institute of Electronics, Information and Communcation Engineers. SCSI97-33D.Google Scholar
  17. 17.
    S. J. Kim, S. J. Park, and D. H. Won. Convertible group signatures. In Advances in Cryptology — ASIACRYPT '96, volume 1163 of Lecture Notes in Computer Science, pages 311–321. Springer Verlag, 1996.Google Scholar
  18. 18.
    K. McCurley. Odds and ends from cryptology and computational number theory. In Cryptology and computational number theory, volume 42 of Proceedings of Symposia in Applied Mathematics, pages 145–166. American Mathematical Society, 1990.Google Scholar
  19. 19.
    T. Okamoto. Threshold key-recovery systems for RSA. In Security Protocols Workshop, Paris, 1997.Google Scholar
  20. 20.
    H. Ong, C. P. Schnorr, and A. Shamir. Efficient signature schemes based on polymonial equations. In Advances in Cryptology — CRYPTO '84, volume 196 of Lecture Notes in Computer Science, pages 37–46. Springer Verlag, 1984.Google Scholar
  21. 21.
    S. J. Park, I. S. Lee, and D. H. Won. A practical group signature. In Proceedings of the 1995 Japan-Korea Workshop on Information Security and Cryptography, pages 127–133, Jan. 1995.Google Scholar
  22. 22.
    H. Petersen. How to convert any digital signature scheme into a group signature scheme. In Security Protocols Workshop, Paris, 1997.Google Scholar
  23. 23.
    J. M. Pollard and C. P. Schnorr. An efficient solution of the congruence x 2 + ky 2 = m (modn). IEEE Transactions on Information Theory, 33(5):702–709, September 1987.zbMATHCrossRefMathSciNetGoogle Scholar
  24. 24.
    R. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, Feb. 1978.zbMATHCrossRefMathSciNetGoogle Scholar
  25. 25.
    C. P. Schnorr. Efficient signature generation for smart cards. Journal of Cryptology, 4(3):239–252, 1991.CrossRefMathSciNetGoogle Scholar
  26. 26.
    M. Stadler. Publicly verifiable secret sharing. In Advances in Cryptology — EUROCRYPT '96, volume 1070 of Lecture Notes in Computer Science, pages 191–199. Springer Verlag, 1996.Google Scholar

Copyright information

© Springer-Verlag 1997

Authors and Affiliations

  • Jan Camenisch
    • 1
  • Markus Stadler
    • 2
  1. 1.Department of Computer ScienceETH ZurichZurichSwitzerland
  2. 2.Ubilab Union Bank of SwitzerlandZurichSwitzerland

Personalised recommendations