Group Signatures and Their Relevance to Privacy-Protecting Off-Line Electronic Cash Systems

A group signature scheme allows members of a possibly large group to sign messages anonymously on behalf of the group. Only a designated entity can determine the identity of the group member who issued a given signature. Group signatures, and particularly group blind signatures [28, 35] (which incorporate the properties of both blind signatures and group signatures), have many applications such as e-commerce. In this paper, we first propose a new group signature scheme, suitable for large groups (i.e., the group's public key and the signatures are fixed-size regardless of the number of memberships). Furthermore, we show how to use our group signature scheme to construct a practical privacy-protecting off-line electronic cash system. Our group signature scheme is more efficient than previous ones and the resulting electronic cash system is characterized by a high computational efficiency in the withdrawal protocol. Then, we show some weaknesses in the design of an electronic cash system based on a group signature scheme [28, 35]2. Finally, we describe some weaknesses of recently proposed group signature schemes.

[1]  Tatsuaki Okamoto,et al.  Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes , 1992, CRYPTO.

[2]  Jean-Jacques Quisquater,et al.  Precautions Taken Against Various Potential Attacks in ISO/IEC DIS 9796 "Digital Signature Scheme Giving Message Recovery" , 1990, EUROCRYPT.

[3]  Tatsuski Okamoto,et al.  A Fast Signature Scheme Based on Quadratic Inequalities , 1985, 1985 IEEE Symposium on Security and Privacy.

[4]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[5]  Jean-François Misarsky,et al.  A Multiplicative Attack Using LLL Algorithm on RSA Signatures with Redundancy , 1997, CRYPTO.

[6]  Jean-François Misarsky,et al.  How (not) to Design RSA Signature Schemes , 1998, Public Key Cryptography.

[7]  Tatsuaki Okamoto,et al.  Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations , 1997, CRYPTO.

[8]  Kazuo Ohta,et al.  Disposable Zero-Knowledge Authentications and Their Applications to Untraceable Electronic Cash , 1989, CRYPTO.

[9]  Tal Rabin,et al.  An efficient non-interactive statistical zero-knowledge proof system for quasi-safe prime products , 1998, CCS '98.

[10]  Jan Camenisch,et al.  Efficient and Generalized Group Signatures , 1997, EUROCRYPT.

[11]  Yiannis Tsiounis,et al.  Easy Come - Easy Go Divisible Cash , 1998, EUROCRYPT.

[12]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[13]  Lidong Chen,et al.  New Group Signature Schemes (Extended Abstract) , 1994, EUROCRYPT.

[14]  Ernest F. Brickell,et al.  An Attack on a Signature Scheme Proposed by Okamoto and Shiraishi , 1985, CRYPTO.

[15]  Stefan A. Brands,et al.  An Efficient Off-line Electronic Cash System Based On The Representation Problem. , 1993 .

[16]  Zulfikar Ramzan,et al.  Group Blind Digital Signatures: A Scalable Solution to Electronic Cash , 1998, Financial Cryptography.

[17]  S. Wagstaff Greatest of the least primes in arithmetic progressions having a given modulus , 1979 .

[18]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[19]  Brigitte Vallée,et al.  How to Guess l-th Roots Modulo n by Reducing Lattice Bases , 1988, AAECC.

[20]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[21]  Jan Camenisch,et al.  A Group Signature Scheme with Improved Efficiency , 1998, ASIACRYPT.

[22]  Dan Boneh,et al.  The Decision Diffie-Hellman Problem , 1998, ANTS.

[23]  Amos Fiat,et al.  Untraceable Electronic Cash , 1990, CRYPTO.

[24]  Markus Stadler,et al.  Cryptographic protocols for revocable privacy , 1996 .

[25]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[26]  Hugo Krawczyk,et al.  RSA-Based Undeniable Signatures , 1997, Journal of Cryptology.

[27]  Gene Tsudik,et al.  Group signatures á la carte , 1999, SODA '99.

[28]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[29]  Stefan A. Brands,et al.  Untraceable Off-line Cash in Wallet with Observers , 2002 .

[30]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[31]  Holger Petersen,et al.  How to Convert any Digital Signature Scheme into a Group Signature Scheme , 1997, Security Protocols Workshop.

[32]  Marc Girault,et al.  Selective Forgery of RSA Signatures Using Redundancy , 1997, EUROCRYPT.

[33]  Brigitte Vallée,et al.  Computation of Approximate L-th Roots Modulo n and Application to Cryptography , 1988, CRYPTO.