A Practical and Provably Secure Coalition-Resistant Group Signature Scheme

A group signature scheme allows a group member to sign messages anonymously on behalf of the group. However, in the case of a dispute, the identity of a signature's originator can be revealed (only) by a designated entity. The interactive counterparts of group signatures are identity escrow schemes or group identification scheme with revocable anonymity. This work introduces a new provably secure group signature and a companion identity escrow scheme that are significantly more efficient than the state of the art. In its interactive, identity escrow form, our scheme is proven secure and coalition-resistant under the strong RSA and the decisional Diffie-Hellman assumptions. The security of the noninteractive variant, i.e., the group signature scheme, relies additionally on the Fiat-Shamir heuristic (also known as the random oracle model).

[1]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[2]  Tatsuaki Okamoto,et al.  A Practical and Provably Secure Scheme for Publicly Verifiable Secret Sharing and Its Applications , 1998, EUROCRYPT.

[3]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[4]  Joe Kilian,et al.  Identity Escrow , 1998, CRYPTO.

[5]  J. Camenisch,et al.  A Group Signature Scheme Based on an RSA-Variant , 1998 .

[6]  Shai Halevi,et al.  Secure Hash-and-Sign Signatures Without the Random Oracle , 1999, EUROCRYPT.

[7]  J. Camenisch Eecient Group Signature Schemes for Large Groups , 1997 .

[8]  D. Boneh The Decision Diie-hellman Problem , 1998 .

[9]  Birgit Pfitzmann,et al.  Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees , 1997, EUROCRYPT.

[10]  Giuseppe Ateniese,et al.  Efficient verifiable encryption (and fair exchange) of digital signatures , 1999, CCS '99.

[11]  Stefan A. Brands,et al.  An Efficient Off-line Electronic Cash System Based On The Representation Problem. , 1993 .

[12]  Jan Camenisch,et al.  A Group Signature Scheme with Improved Efficiency , 1998, ASIACRYPT.

[13]  Jan Camenisch,et al.  Efficient group signature schemes for large groups , 1997 .

[14]  Dan Boneh,et al.  The Decision Diffie-Hellman Problem , 1998, ANTS.

[15]  Jan Camenisch,et al.  Separability and Efficiency for Generic Group Signature Schemes , 1999, CRYPTO.

[16]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[17]  Ivan Damgård,et al.  Verifiable Encryption and Applications to Group Signatures and Signature Sharing , 1998, IACR Cryptol. ePrint Arch..

[18]  N. Asokan,et al.  Optimistic Fair Exchange of Digital Signatures (Extended Abstract) , 1998, EUROCRYPT.

[19]  Jan Camenisch,et al.  Proving in Zero-Knowledge that a Number Is the Product of Two Safe Primes , 1998, EUROCRYPT.

[20]  Jacques Stern,et al.  Security Analysis of a Practical "on the fly" Authentication and Signature Generation , 1998, EUROCRYPT.

[21]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 2000, TSEC.

[22]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[23]  Zulfikar Ramzan,et al.  Group Blind Digital Signatures: A Scalable Solution to Electronic Cash , 1998, Financial Cryptography.

[24]  Donald W. Davies,et al.  Advances in Cryptology — EUROCRYPT ’91 , 2001, Lecture Notes in Computer Science.

[25]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[26]  Jan Camenisch,et al.  Group signature schemes and payment systems based on the discrete logarithm problem , 1998 .

[27]  Don Coppersmith,et al.  Finding a Small Root of a Bivariate Integer Equation; Factoring with High Bits Known , 1996, EUROCRYPT.

[28]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[29]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[30]  S. Brands An Efficient Off-line Electronic Cash System Based On The Representation Problem. , 1993 .

[31]  Tatsuaki Okamoto,et al.  Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations , 1997, CRYPTO.