Abstract
A cryptographic protocol possesses separability if the participants can choose their keys independently of each other. This is advantageous from a key-management as well as from a security point of view. This paper focuses on separability in group signature schemes. Such schemes allow a group member to sign messages anonymously on the group’s behalf. However, in case of this anonymity’s misuse, a trustee can reveal the originator of a signature. We provide a generic fully separable group signature scheme and present an efficient instantiation thereof. The scheme is suited for large groups; the size of the group’s public key and the length of signatures do not depend on the number of group member. Its efficiency is comparable to the most efficient schemes that do not offer separability and is an order of magnitude more efficient than a previous scheme that provides partial separability. As a side result, we provide efficient proofs of the equality of two discrete logarithms from different groups and, more general, of the validity of polynomial relations in ℤ among discrete logarithms from different groups.
Current address: IBM Zurich, Säumerstrasse 4, CH-8803 Rüschlikon.
Basic Research in Computer Science, Center of the Danish National Research Foundation.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
G. Ateniese and G. Tsudik. Group signatures à la carte. In ACM Symposium on Discrete Algorithms, 1999.
G. Ateniese and G. Tsudik. Some open issues and new directions in group signatures. In Proc. of Financial Cryptography’ 99, 1999.
N. Barić and B. Pfitzmann. Collision-free accumulators and fail-stop signature schemes without trees. In Advances in Cryptology — EUROCRYPT’ 97, vol. 1233 of LNCS, pp. 480–494.
M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In First ACM CCS, pp. 62–73. ACM, 1993.
J. Benaloh and M. de Mare. One-Way Accumulators: A Decentralized Alternative to Digital Sinatures. In Advances in Cryptology — EUROCRYPT’ 93, vol. 765 of LNCS, pp. 274–285.
D. Boneh and M. Franklin. Efficient generation of shared RSA keys. In Advances in Cryptology — CRYPTO’ 97, vol. 1296 of LNCS, pp. 425–439.
J. Boyar, K. Friedl, and C. Lund. Practical zero-knowledge proofs: Giving hints and using deficiencies. Journal of Cryptology, 4(3):185–206, 1991.
J. Camenisch. Efficient and generalized group signatures. In Advances in Cryptology — EUROCRYPT’ 97, vol. 1233 of LNCS, pp. 465–479.
J. Camenisch and M. Michels. A group signature scheme based on an RSA-variant. Tech. Rep. RS-98-27, BRICS, Dept. of Comp. Sci., University of Aarhus, preliminary version in Advances in Cryptology — ASIACRYPT’ 98, vol. 1514 of LNCS.
J. Camenisch and M. Michels. Proving in zero-knowledge that a number is the product of two safe primes. In Advances in Cryptology — EUROCRYPT’ 99, vol. 1592 of LNCS, pp. 107–122.
J. Camenisch and M. Stadler. Efficient group signature schemes for large groups. In Advances in Cryptology — CRYPTO’ 97, vol. 1296 of LNCS, pp. 410–424.
J. L. Camenisch. Group Signature Schemes and Payment Systems Based on the Discrete Logarithm Problem. PhD thesis, ETH Zurich, 1998.
A. Chan, Y. Frankel, and Y. Tsiounis. Easy come-easy go divisible cash. GTE Technical Report, preliminary version appeared in Advances in Cryptology — EUROCRYPT’ 98, vol. 1403 of LNCS, pp. 561–575.
D. Chaum. Zero-knowledge undeniable signatures. In Advances in Cryptology — EUROCRYPT’ 90, vol. 473 of LNCS, pp. 458–464.
D. Chaum, J.-H. Evertse, and J. van de Graaf. An improved protocol for demonstrating possession of discrete logarithms and some generalizations. In Advances in Cryptology — EUROCRYPT’ 87, vol. 304 of LNCS, pp. 127–141.
D. Chaum and T. P. Pedersen. Wallet databases with observers. In Advances in Cryptology — CRYPTO’ 92, vol. 740 of LNCS, pp. 89–105.
D. Chaum and E. van Heyst. Group signatures. In Advances in Cryptology — EUROCRYPT’ 91, vol. 547 of LNCS, pp. 257–265.
L. Chen and T. P. Pedersen. New group signature schemes. In Advances in Cryptology — EUROCRYPT’ 94, vol. 950 of LNCS, pp. 171–181.
R. Cramer. Personal communication.
R. Cramer, I. Damgård, and B. Schoenmakers. Proofs of partial knowledge and simplified design of witness hiding protocols. In Advances in Cryptology — CRYPTO’ 94, volume 839 of LNCS, pp. 174–187. Springer Verlag, 1994.
I. B. Damgård. Practical and provable secure release of a secret and exchange of signatures. In Advances in Cryptology — EUROCRYPT’ 93, vol. 765 of LNCS, pp. 200–217.
T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. In Advances in Cryptology — CRYPTO’ 84, vol. 196 of LNCS, pp. 10–18.
A. Fiat and A. Shamir. How to prove yourself: Practical solution to identification and signature problems. In Advances in Cryptology — CRYPTO’ 86, vol. 263 of LNCS, pp. 186–194.
Y. Frankel, P. D. MacKenzie, and M. Yung. Robust efficient distributed RSA-key generation. In STOC’98, pp. 663–672, 1998.
E. Fujisaki and T. Okamoto. Statistical zero knowledge protocols to prove modular polynomial relations. In Advances in Cryptology CRYPTO’ 97, vol. 1294 of LNCS, pp. 16–30.
R. Gennaro, H. Krawczyk, and T. Rabin. RSA-based undeniable signatures. In Advances in Cryptology — CRYPTO’ 97, vol. 1296 of LNCS, pp. 132–149.
M. Girault and J.-F. Misarsky. Selective forgery of RSA using redundancy In Advances in Cryptology — EUROCRYPT’ 97, vol. 1233 of LNCS, pp. 495–507.
S. Goldwasser and M. Bellare. Lecture notes on cryptography, June 1997.
S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28(2):270–299, Apr. 1984.
J. Kilian and E. Petrank. Identity escrow. In Advances in Cryptology — CRYPTO’ 98, vol. 1642 of LNCS, pp. 169–185.
S. J. Kim, S. J. Park, and D. H. Won. Convertible group signatures. In Advances in Cryptology — ASIACRYPT’ 96, vol. 1163 of LNCS, pp. 311–321.
W.-B. Lee and C.-C. Chang. Efficient group signature scheme based on the discrete logarithm. IEE Proc. Comput. Digit. Tech., 145(1):15–18, 1998.
C. H. Limand P. J. Lee. On the security of convertible group signatures. Electronics Letters, 1996.
M. Michels. Comments on some group signature schemes. Technical Report TR-96-3-D, Dept. of Comp. Sci., Univ. of Technology, Chemnitz-Zwickau, Nov. 1996.
M. Michels and M. Stadler. Generic constructions for secure and efficient confirmer signature schemes. In Advances in Cryptology — EUROCRYPT’ 98, vol. 1403 of LNCS, pp. 406–421.
J.-F. Misarsky. A multiplicative attack using LLL Algorithm on RSA signatures with redundancy. In Advances in Cryptology — CRYPTO’ 97, vol. 1294 of LNCS, pp. 221–234.
S. Micali, C. Rackoff, and B. Sloan. The notion of security for probabilistic cryptosystems. SIAM Journal on Computing, 17(2):412–426, April 1988.
S. J. Park, I. S. Lee, and D. H. Won. A practical group signature. In Proc. of the 1995 Japan-Korea Workshop on Information Security and Cryptography, 1995.
T. P. Pedersen. Non-interactive and information-theoretic secure verifiable secret sharing. In Advances in Cryptology-CRYPTO’ 91, vol. 576 of LNCS, pp. 129–140.
H. Petersen. How to convert any digital signature scheme into a group signature scheme. In Security Protocols Workshop, vol. 1361 of LNCS, pp. 177–190, 1997.
D. Pointcheval. Les Preuves de Connaissance et leurs Preuves de Sécurité. PhD thesis, Université de Caen, 1996.
G. Poupard and J. Stern. Generation of shared RSA keys by two parties. In Advances in Cryptology — ASIACRYPT’ 98, vol. 1514 of LNCS, pp. 11–24.
R. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Comm. of the ACM, 21(2):120–126, 1978.
A. de Santis, G. di Crescenzo, G. Persiano, and M. Yung. On Monotone Formula Closure of SZK. 35th FOCS, IEEE, pp. 454–465, 1994.
C. P. Schnorr. Efficient signature generation for smart cards. Journal of Cryptology, 4(3):239–252, 1991.
Y. Tsiounis and M. Yung. On the security of ElGamal-based encryption. In InternationalWorkshop on Practice and Theory in Public Key Cryptography, 1998.
J. van de Graaf and R. Peralta. A simple and secure way to show the validity of your public key. In Advances in Cryptology — CRYPTO’ 87, vol. 293 of LNCS, pp. 128–134.
Author information
Authors and Affiliations
Consortia
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Camenisch, J., BRICS., Michels, M. (1999). Separability and Efficiency for Generic Group Signature Schemes. In: Wiener, M. (eds) Advances in Cryptology — CRYPTO’ 99. CRYPTO 1999. Lecture Notes in Computer Science, vol 1666. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48405-1_27
Download citation
DOI: https://doi.org/10.1007/3-540-48405-1_27
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66347-8
Online ISBN: 978-3-540-48405-9
eBook Packages: Springer Book Archive