Accumulating Composites and Improved Group Signing

  • Gene Tsudik
  • Shouhuai Xu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2894)


Constructing practical and provably secure group signature schemes has been a very active research topic in recent years. A group signature can be viewed as a digital signature with certain extra properties. Notably, anyone can verify that a signature is generated by a legitimate group member, while the actual signer can only be identified (and linked) by a designated entity called a group manager. Currently, the most efficient group signature scheme available is due to Camenisch and Lysyanskaya [CL02]. It is obtained by integrating a novel dynamic accumulator with the scheme by Ateniese, et al. [ACJT00].

In this paper, we construct a dynamic accumulator that accumulates composites, as opposed to previous accumulators that accumulated primes. We also present an efficient method for proving knowledge of factorization of a committed value. Based on these (and other) techniques we design a novel provably secure group signature scheme. It operates in the common auxiliary string model and offers two important benefits: 1) the Join process is very efficient: a new member computes only a single exponentiation, and 2) the (unoptimized) cost of generating a group signature is 17 exponentiations which is appreciably less than the state-of-the-art.


  1. ACS02.
    Algesheimer, J., Camenisch, J., Shoup, V.: Efficient Computation Modulo a Shared Secret with Application to the Generation of Shared Safe-Prime Products. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 417. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. ACJT00.
    Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A Practical and Provably Secure Coalition-Resistant Group Signature Scheme. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, p. 255. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. AST02.
    Ateniese, G., Song, D., Tsudik, G.: Quasi-Efficient Revocation of Group Signatures. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. AT99.
    Ateniese, G., Tsudik, G.: Some Open Issues and New Directions in Group Signatures. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, p. 196. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. BP97.
    Baric, N., Pfitzmann, B.: Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 480–494. Springer, Heidelberg (1997)Google Scholar
  6. BDJR97.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A Concrete Security Treatment of Symmetric Encryption: Analysis of the DES Modes of Operation. In: FOCS 1997 (1997)Google Scholar
  7. BMW03.
    Bellare, M., Micciancio, D., Warinschi, B.: Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction based on General Assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656. Springer, Heidelberg (2003)Google Scholar
  8. BR93.
    Bellare, M., Rogaway, P.: Random Oracles Are Practical: A Paradigm for Designing Efficient Protocols. In: ACM CCS 1993 (1993)Google Scholar
  9. B00.
    Boudot, F.: Efficient proofs that a committed number lies in an interval. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, p. 431. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. BS01.
    Bresson, E., Stern, J.: Group Signatures with Efficient Revocation. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. C98.
    Camenisch, J.: Group Signature Schemes and Payment Systems Based on the Discrete Logarithm Problem. PhD Thesis. ETH Zurich (1998)Google Scholar
  12. CL02.
    Camenisch, J., Lysyanskaya, A.: Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 61. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. CM98.
    Camenisch, J., Michels, M.: A Group Signature Scheme based on an RSAvariant. Tech. Report RS-98-27, BRICS. Preliminary version appeared at Asiacrypt 1998Google Scholar
  14. CM99a.
    Camenisch, J., Michels, M.: Separability and Efficiency for Generic Group Signature Schemes (Extended Abstract). In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 413. Springer, Heidelberg (1999)Google Scholar
  15. CS97.
    Camenisch, J.L., Stadler, M.A.: Efficient Group Signature Schemes for Large Groups (Extended Abstract). In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997)Google Scholar
  16. CGHN01.
    Catalano, D., Gennaro, R., Howgrave-Graham, N., Nguyen, P.: Paillier’s Cryptosystem Revisited. In: ACM CCS 2001 (2001)Google Scholar
  17. CFT98.
    Chan, A., Frankel, Y., Tsiounis, Y.: Easy come - easy go divisible cash. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 561–575. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  18. CP94.
    Chen, L., Pedersen, T.: New Group Signature Schemes. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 171–181. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  19. CvH91.
    Chaum, S., van Heyst, E.: Group Signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)Google Scholar
  20. CP92.
    Chaum, D., Pedersen, T.P.: Wallet Databases with Observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)Google Scholar
  21. C96.
    Coppersmith, D.: Finding a Small Root of a Bivariate Integer Equation; Factoring with high bits known. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 178–189. Springer, Heidelberg (1996)Google Scholar
  22. C03.
    Coppersmith, D.: Personal Communication (January 2003)Google Scholar
  23. D00.
    Damgård, I.B.: Efficient Concurrent Zero-Knowledge in the Auxiliary String Model. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, p. 418. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  24. DF02.
    Damgard, I., Fujisaki, E.: An Integer Commitment Scheme Based on Groups with Hidden Order. In: Asiacrypt 2002 (2002)Google Scholar
  25. E85.
    ElGamal, T.: A Public-Key Cryptosystem and a Signature Scheme Based on the Discrete Logarithm. IEEE Transactions of Information Theory 31(4), 469–472 (1985)zbMATHCrossRefMathSciNetGoogle Scholar
  26. FS86 .
    Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  27. FO97.
    Fujisaki, E., Okamoto, T.: Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 16–30. Springer, Heidelberg (1997)Google Scholar
  28. G00.
    Gennaro, R.: An Improved Pseudo-Random Generator Based on the Discrete Logarithm Problem. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, p. 469. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  29. GKR00.
    Gennaro, R., Krawczyk, H., Rabin, T.: RSA-Based Undeniable Signatures. J. Cryptology 4(13), 397–416 (2000)CrossRefMathSciNetGoogle Scholar
  30. KP98.
    Kilian, J., Petrank, E.: Identity Escrow. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, p. 169. Springer, Heidelberg (1998)Google Scholar
  31. MR01.
    MacKenzie, P., Reiter, M.: Two-Party Generation of DSA Signatures. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 137. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  32. P99 .
    Paillier, P.: Public Key Cryptosystems Based on Composite Degree Residuosity Classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, p. 223. Springer, Heidelberg (1999)Google Scholar
  33. S91.
    Schnorr, C.: Efficient Signature Generation by Smart Cards. Journal of Cryptology 4(3), 161–174 (1991)zbMATHCrossRefMathSciNetGoogle Scholar
  34. S01 .
    Song, D.: Practical Forward Secure Group Signature Schemes. In: ACM CCS 2001 (2001)Google Scholar
  35. TY98.
    Tsiounis, Y., Yung, M.: On the Security of ElGamal Based Encryption. In: Imai, H., Zheng, Y. (eds.) PKC 1998. LNCS, vol. 1431, p. 117. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  36. TX03.
    Tsudik, G., Xu, S.: Accumulating Composites and Improved Group Signing. Extended version of this paper available at,

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Gene Tsudik
    • 1
  • Shouhuai Xu
    • 2
  1. 1.Dept. of Information and Computer ScienceUniversity of California at Irvine 
  2. 2.Department of Computer ScienceUniversity of Texas at San Antonio 

Personalised recommendations