Group Signature with Deniability: How to Disavow a Signature

  • Ai Ishida
  • Keita Emura
  • Goichiro Hanaoka
  • Yusuke Sakai
  • Keisuke Tanaka
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10052)


Group signatures are a class of digital signatures with enhanced privacy. By using this type of signature, a user can sign a message on behalf of a specific group without revealing his identity, but in the case of a dispute, an authority can expose the identity of the signer. However, it is not always the case that we need to know the specific identity of the signature. In this paper, we propose the notion of deniable group signature, where the authority can issue a proof showing that the specified user is NOT the signer of the signature, without revealing the actual signer. We point out that existing efficient non-interactive zero-knowledge proof systems cannot be straightforwardly applied to prove such a statement. We circumvent this problem by giving a fairly practical construction through extending the Groth group signature scheme (ASIACRYPT 2007). In particular, a denial proof in our scheme consists of 96 group elements, which is about twice the size of a signature in the Groth scheme. The proposed scheme is provably secure under the same assumptions as those of the Groth scheme.


Group signature Deniability Non-interactive zero-knowledge proof Bilinear map 


  1. 1.
    Abe, M., Chow, S.S.M., Haralambiev, K., Ohkubo, M.: Double-trapdoor anonymous tags for traceable signatures. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 183–200. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-21554-4_11 CrossRefGoogle Scholar
  2. 2.
    Attrapadung, N., Emura, K., Hanaoka, G., Sakai, Y.: A Revocable Group Signature Scheme from Identity-Based Revocation Techniques: Achieving Constant-Size Revocation List. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 419–437. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-07536-5_25 Google Scholar
  3. 3.
    Bellare, M., Shi, H., Zhang, C.: Foundations of Group Signatures: The Case of Dynamic Groups. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 136–153. Springer, Heidelberg (2005). doi: 10.1007/978-3-540-30574-3_11 CrossRefGoogle Scholar
  4. 4.
    Blazy, O., Chevalier, C., Vergnaud, D.: Non-interactive zero-knowledge proofs of non-membership. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 145–164. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-16715-2_8 Google Scholar
  5. 5.
    Blazy, O., Derler, D., Slamanig, D., Spreitzer, R.: Non-interactive plaintext (In-)Equality proofs and group signatures with verifiable controllable linkability. In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 127–143. Springer, Heidelberg (2016). doi: 10.1007/978-3-319-29485-8_8 CrossRefGoogle Scholar
  6. 6.
    Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications. In: STOC, pp. 103–112 (1988)Google Scholar
  7. 7.
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-28628-8_3 CrossRefGoogle Scholar
  8. 8.
    Brickell, E.F., Camenisch, J., Chen, L.: Direct anonymous attestation. In: ACM-CCS, pp. 132–145 (2004)Google Scholar
  9. 9.
    Damgård, I., Triandopoulos, N.: Supporting non-membership proofs with bilinear-map accumulators. IACR Cryptology ePrint Archive 2008, 538 (2008)Google Scholar
  10. 10.
    Desmoulins, N., Lescuyer, R., Sanders, O., Traoré, J.: Direct anonymous attestations with dependent basename opening. In: Gritzalis, D., Kiayias, A., Askoxylakis, I. (eds.) CANS 2014. LNCS, vol. 8813, pp. 206–221. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-12280-9_14 Google Scholar
  11. 11.
    Galbraith, S.D., Hess, F., Vercauteren, F.: Aspects of pairing inversion. IEEE Trans. Inf. Theor. 54(12), 5719–5728 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Groth, J.: Fully anonymous group signatures without random oracles. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 164–180. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-76900-2_10 CrossRefGoogle Scholar
  14. 14.
    Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-78967-3_24 CrossRefGoogle Scholar
  15. 15.
    Ishida, A., Emura, K., Hanaoka, G., Sakai, Y., Tanaka, K.: Group signature with deniability: how to disavow a signature. IACR Cryptology ePrint Archive 2015, 43 (2015)Google Scholar
  16. 16.
    Kiayias, A., Tsiounis, Y., Yung, M.: Traceable signatures. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 571–589. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24676-3_34 CrossRefGoogle Scholar
  17. 17.
    Kiayias, A., Yung, M.: Secure scalable group signature with dynamic joins and separable authorities. IJSN 1(1/2), 24–45 (2006)CrossRefGoogle Scholar
  18. 18.
    Kiltz, E.: Chosen-ciphertext security from tag-based encryption. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 581–600. Springer, Heidelberg (2006). doi: 10.1007/11681878_30 CrossRefGoogle Scholar
  19. 19.
    Komano, Y., Ohta, K., Shimbo, A., Kawamura, S.: Toward the Fair Anonymous Signatures: Deniable Ring Signatures. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 174–191. Springer, Heidelberg (2006). doi: 10.1007/11605805_12 CrossRefGoogle Scholar
  20. 20.
    Li, J., Li, N., Xue, R.: Universal accumulators with efficient nonmembership proofs. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 253–269. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-72738-5_17 CrossRefGoogle Scholar
  21. 21.
    Libert, B., Peters, T., Yung, M.: Group signatures with almost-for-free revocation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 571–589. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32009-5_34 CrossRefGoogle Scholar
  22. 22.
    Libert, B., Peters, T., Yung, M.: Scalable group signatures with revocation. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 609–627. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-29011-4_36 CrossRefGoogle Scholar
  23. 23.
    Libert, B., Peters, T., Yung, M.: Short group signatures via structure-preserving signatures: standard model security from simple assumptions. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 296–316. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48000-7_15 CrossRefGoogle Scholar
  24. 24.
    Lyuu, Y.-D., Wu, M.-L.: Convertible group undeniable signatures. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 48–61. Springer, Heidelberg (2003). doi: 10.1007/3-540-36552-4_4 CrossRefGoogle Scholar
  25. 25.
    Nakanishi, T., Funabiki, N.: Revocable group signatures with compact revocation list using accumulators. In: Lee, H.-S., Han, D.-G. (eds.) ICISC 2013. LNCS, vol. 8565, pp. 435–451. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-12160-4_26 Google Scholar
  26. 26.
    Nguyen, L.: Accumulators from bilinear pairings and applications. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 275–292. Springer, Heidelberg (2005). doi: 10.1007/978-3-540-30574-3_19 CrossRefGoogle Scholar
  27. 27.
    Sakai, Y., Emura, K., Hanaoka, G., Kawai, Y., Matsuda, T., Omote, K.: Group signatures with message-dependent opening. In: Abdalla, M., Lange, T. (eds.) Pairing 2012. LNCS, vol. 7708, pp. 270–294. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-36334-4_18 CrossRefGoogle Scholar
  28. 28.
    Sakai, Y., Schuldt, J.C.N., Emura, K., Hanaoka, G., Ohta, K.: On the Security of Dynamic Group Signatures: Preventing Signature Hijacking. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 715–732. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-30057-8_42 CrossRefGoogle Scholar
  29. 29.
    Schuldt, J.C.N., Matsuura, K.: Efficient convertible undeniable signatures with delegatable verification. IEICE Trans. 94(A(1)), 71–83 (2011)CrossRefGoogle Scholar
  30. 30.
    Zeng, S., Jiang, S.: A new framework for conditionally anonymous ring signature. Comput. J. 57(4), 567–578 (2014)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Ai Ishida
    • 1
    • 2
  • Keita Emura
    • 3
  • Goichiro Hanaoka
    • 2
  • Yusuke Sakai
    • 2
  • Keisuke Tanaka
    • 1
    • 4
  1. 1.Tokyo Institute of TechnologyTokyoJapan
  2. 2.AISTTokyoJapan
  3. 3.NICTTokyoJapan
  4. 4.JST CRESTTokyoJapan

Personalised recommendations