Group blind digital signatures: A scalable solution to electronic cash

  • Anna Lysyanskaya
  • Zulfikar Ramzan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1465)


In this paper we construct a practical group blind signature scheme. Our scheme combines the already existing notions of blind signatures and group signatures. It is an extension of Camenisch and Stadler's Group Signature Scheme [5] that adds the blindness property. We show how to use our group blind signatures to construct an electronic cash system in which multiple banks can securely distribute anonymous and untraceable e-cash. Moreover, the identity of the e-cash issuing bank is concealed, which is conceptually novel. The space, time, and communication complexities of the relevant parameters and operations are independent of the group size.


Signature Scheme Discrete Logarithm Blind Signature Discrete Logarithm Problem Random Oracle Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Mihir Bellare and Phillip Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In First ACM Conference on Computer and Communications Security, pages 62–73, Fairfax, 1993. ACM.Google Scholar
  2. 2.
    Stefan Brands. An efficient off-line electronic cash system based on the representation problem. Technical Report CS-R9323, CWI, April 1993.Google Scholar
  3. 3.
    Jan Camenisch. Efficient and generalized group signatures. In Proc. EUROCRYPT 97, pages 465–479. Springer-Verlag, 1997. Lecture Notes in Computer Science No. 1233.Google Scholar
  4. 4.
    Jan Camenisch, Ueli Maurer, and Markus Stadler. Digital payment systems with passive anonymity-revoking trustees. Journal of Computer Security, 5(1), 1997.Google Scholar
  5. 5.
    Jan Camenisch and Markus Stadler. Efficient group signatures for large groups. In Proc. CRYPTO 97, pages 410–424. Springer-Verlag, 1997. Lecture Notes in Computer Science No. 1294.Google Scholar
  6. 6.
    D. Chaum, A. Fiat, and M. Naor. Untraceable electronic cash. In S. Goldwasser, editor, Proc. CRYPTO 88, pages 319–327. Springer-Verlag, 1988. Lecture Notes in Computer Science No. 403.Google Scholar
  7. 7.
    David Chaum. Blind signatures for untraceable payments. In R. L. Rivest, A. Sherman, and D. Chaum, editors, Proc. CRYPTO 82, pages 199–203, New York, 1983. Plenum Press.Google Scholar
  8. 8.
    David Chaum. Blind signature system. In D. Chaum, editor, Proc. CRYPTO 83, pages 153–153, New York, 1984. Plenum Press.Google Scholar
  9. 9.
    David Chaum and Eugène van Heyst. Group signatures. In Proc. EUROCRYPT 91, pages 257–265. Springer-Verlag, 1991. Lecture Notes in Computer Science No. 547.Google Scholar
  10. 10.
    L. Chen and T. P. Pedersen. New group signature schemes (extended abstract). In Proc. EUROCRYPT 94, pages 171–181. Springer-Verlag, 1994. Lecture Notes in Computer Science No. 547.Google Scholar
  11. 11.
    Amos Fiat and Adi Shamir. How to prove yourself: Practical solutions to identification and signature problems. In A.M. Odlyzko, editor, Proc. CRYPTO 86, pages 186–194. Springer-Verlag, 1987. Lecture Notes in Computer Science No. 263.Google Scholar
  12. 12.
    S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof-systems. SIAM. J. Computing, 18(1):186–208, February 1989.zbMATHMathSciNetCrossRefGoogle Scholar
  13. 13.
    Shafi Goldwasser, Silvio Micali, and Ronald L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Computing, 17(2):281–308, April 1988.zbMATHMathSciNetCrossRefGoogle Scholar
  14. 14.
    A. Juels, M. Luby, and R. Ostrovsky. Security of blind digital signatures. In Proc. CRYPTO 97, Lecture Notes in Computer Science, pages 150–164. Springer-Verlag, 1997. Lecture Notes in Computer Science No. 1294.Google Scholar
  15. 15.
    Laurie Law, Susan Sabett, and Jerry Solinas. How to make a mint: the cryptography of anonymous electronic cash. National Security Agency, Office of Information Security Research and Technology, Cryptology Division, June 1996.Google Scholar
  16. 16.
    David Pointcheval and Jacques Stern. Provably secure blind signature schemes. In M.Y. Rhee and K. Kim, editors, Advances in Cryptology-ASIACRYPT '96, pages 252–265. Springer-Verlag, 1996. Lecture Notes in Computer Science No. 1163.Google Scholar
  17. 17.
    Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, 1978.zbMATHMathSciNetCrossRefGoogle Scholar
  18. 18.
    B. Schneier. Applied Cryptography: Protocols, Algorithms, and Source Code in C. John Wiley & Sons, New York, 1993.Google Scholar
  19. 19.
    C. P. Schnorr. Efficient identification and signatures for smart cards. In G. Brassard, editor, Proc. CRYPTO 89, pages 239–252. Springer-Verlag, 1990. Lecture Notes in Computer Science No. 435.Google Scholar
  20. 20.
    Daniel R. Simon. Anonymous communication and anonymous cash. In Neal Koblitz, editor, Proc. CRYPTO 96, pages 61–73. Springer-Verlag, 1996. Lecture Notes in Computer Science No. 1109.Google Scholar
  21. 21.
    Peter Wayner. Digital Cash: Commerce on the Net. Academic Press, 1996.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Anna Lysyanskaya
    • 1
  • Zulfikar Ramzan
    • 1
  1. 1.Laboratory for Computer ScienceMassachusetts Institute of TechnologyCambridge

Personalised recommendations