On the security of a constant-size group signature scheme

As a special digital signature, a group signature scheme allows a group member to sign message on behalf of the group in an anonymous and unlinkability way. In case of a dispute, the group manager can reveal the actual identity of signer. Anonymity and unlinkability are basic properties of group signature, which is distinguished from other signature schemes. Recently, based on identity cryptology, Zhang et.al propose an efficient group signature scheme with constant size at AINA 2008. Unfortunately, in this work we show that the scheme has linkability, namely, any one can distinguish whether two different group signatures are produced by the same signer, and existential forgery, namely, given a group signature, any one can forge a new group signature. Finally, we give the corresponding attack on the scheme.

[1]  Dong Hoon Lee,et al.  Efficient Member Revocation in Group Signature Schemes , 2005, TrustBus.

[2]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[3]  Tatsuaki Okamoto,et al.  Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations , 1997, CRYPTO.

[4]  Giuseppe Ateniese,et al.  Efficient Group Signatures without Trapdoors , 2003, ASIACRYPT.

[5]  Sébastien Canard,et al.  On Fair E-cash Systems Based on Group Signature Schemes , 2003, ACISP.

[6]  Aggelos Kiayias,et al.  Extracting Group Signatures from Traitor Tracing Schemes , 2003, EUROCRYPT.

[7]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[8]  Jianhong Zhang,et al.  On the Security of A Group Signature Scheme , 2008, 2008 IEEE International Conference on Networking, Sensing and Control.

[9]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[10]  Jacques Stern,et al.  Efficient Revocation in Group Signatures , 2001, Public Key Cryptography.

[11]  Dong Hoon Lee,et al.  Efficient and Secure Member Deletion in Group Signature Schemes , 2000, ICISC.

[12]  Jan Camenisch,et al.  A Group Signature Scheme with Improved Efficiency , 1998, ASIACRYPT.

[13]  Gene Tsudik,et al.  Some Open Issues and New Directions in Group Signatures , 1999, Financial Cryptography.

[14]  Jan Camenisch,et al.  Efficient group signature schemes for large groups , 1997 .

[15]  Dawn Xiaodong Song,et al.  Quasi-Efficient Revocation in Group Signatures , 2002, Financial Cryptography.

[16]  Shaohui Wang,et al.  A Certificateless Signature and Group Signature Schemes against Malicious PKG , 2008, 22nd International Conference on Advanced Information Networking and Applications (aina 2008).

[17]  Mihir Bellare,et al.  A Forward-Secure Digital Signature Scheme , 1999, CRYPTO.

[18]  Lidong Chen,et al.  New Group Signature Schemes (Extended Abstract) , 1994, EUROCRYPT.

[19]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[20]  J. Camenisch,et al.  A Group Signature Scheme Based on an RSA-Variant , 1998 .