Compact Group Signatures Without Random Oracles

  • Xavier Boyen
  • Brent Waters
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4004)


We present the first efficient group signature scheme that is provably secure without random oracles. We achieve this result by combining provably secure hierarchical signatures in bilinear groups with a novel adaptation of the recent Non-Interactive Zero Knowledge proofs of Groth, Ostrovsky, and Sahai. The size of signatures in our scheme is logarithmic in the number of signers; we prove it secure under the Computational Diffie-Hellman and the Subgroup Decision assumptions in the model of Bellare, Micciancio, and Warinshi, as relaxed by Boneh, Boyen, and Shacham.


Signature Scheme Random Oracle Cryptology ePrint Archive Group Signature Scheme Bilinear Group 


  1. [ACHdM05]
    Ateniese, G., Camenisch, J., Hohenberger, S., de Medeiros, B.: Practical group signatures without random oracles. Cryptology ePrint Archive, Report 2005/385 (2005),
  2. [ACJT00]
    Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A practical and provably secure coalition-resistant group signature scheme. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 255–270. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. [AST02]
    Ateniese, G., Song, D., Tsudik, G.: Quasi-efficient revocation of group signatures. In: Proceedings of Financial Cryptography 2002 (2002)Google Scholar
  4. [AT99]
    Ateniese, G., Tsudik, G.: Some open issues and directions in group signatures. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 196–211. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. [BBS04]
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. [BGN05]
    Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. [BMW03]
    Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: Formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614–629. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. [BP97]
    Baric, N., Pfitzman, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 480–494. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  9. [BS04]
    Boneh, D., Shacham, H.: Group signatures with verifier-local revocation. In: Proceedings of ACM CCS 2004, pp. 168–177. ACM Press, New York (2004)Google Scholar
  10. [BSZ05]
    Bellare, M., Shi, H., Zhang, C.: Foundations of group signatures: The case of dynamic groups. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 136–153. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. [BW05]
    Boyen, X., Waters, B.: Compact group signatures without random oracles. Cryptology ePrint Archive, Report 2005/381 (2005),
  12. [Cam97]
    Camenisch, J.: Efficient and generalized group signatures. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 465–479. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  13. [CG04]
    Camenisch, J., Groth, J.: Group signatures: Better efficiency and new theoretical aspects. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 120–133. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. [CL02]
    Camenisch, J., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. [CL04]
    Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. [CvH91]
    Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  17. [GOS06a]
    Groth, J., Ostrovsky, R., Sahai, A.: Non-interactive zaps and new techniques for NIZK (manuscript, 2006)Google Scholar
  18. [GOS06b]
    Groth, J., Ostrovsky, R., Sahai, A.: Perfect non-interactive zero knowledge for NP. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 339–358. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. [GS02]
    Gentry, C., Silverberg, A.: Hierarchical ID-based cryptography. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 548–566. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  20. [KY03]
    Kiayias, A., Yung, M.: Extracting group signatures from traitor tracing schemes. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 630–648. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. [KY04]
    Kiayias, A., Yung, M.: Group signatures: Provable security, efficient constructions and anonymity from trapdoor-holders. Cryptology ePrint Archive, Report, 2004/076 (2004),
  22. [KY05]
    Kiayias, A., Yung, M.: Group signatures with efficient concurrent join. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 198–214. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. [LRSW99]
    Lysyanskaya, A., Rivest, R., Sahai, A., Wolf, S.: Pseudonym systems. In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184–199. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  24. [Mil04]
    Miller, V.: The Weil pairing, and its efficient calculation. Journal of Cryptology 17(4) (2004)Google Scholar
  25. [Nao03]
    Naor, M.: On cryptographic assumptions and challenges. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 96–109. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  26. [Son01]
    Song, D.X.: Practical forward secure group signature schemes. In: ACM Conference on Computer and Communications Security—CCS 2001, pp. 225–234 (2001)Google Scholar
  27. [Wat05]
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Xavier Boyen
    • 1
  • Brent Waters
    • 2
  1. 1.Voltage Inc.USA
  2. 2.SRI InternationalUSA

Personalised recommendations