Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions

This paper provides theoretical foundations for the group signature primitive. We introduce strong, formal definitions for the core requirements of anonymity and traceability. We then show that these imply the large set of sometimes ambiguous existing informal requirements in the literature, thereby unifying and simplifying the requirements for this primitive. Finally we prove the existence of a construct meeting our definitions based only on the sole assumption that trapdoor permutations exist.

[1]  Adi Shamir,et al.  Multiple NonInteractive Zero Knowledge Proofs Under General Assumptions , 1999, SIAM J. Comput..

[2]  Silvio Micali,et al.  Non-Interactive Zero-Knowledge Proof Systems , 1987, CRYPTO.

[3]  Amit Sahai,et al.  Non-malleable non-interactive zero knowledge and adaptive chosen-ciphertext security , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[4]  Silvio Micali,et al.  How to sign given any trapdoor permutation , 1992, JACM.

[5]  Gene Tsudik,et al.  Group signatures á la carte , 1999, SODA '99.

[6]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[7]  Jan Camenisch,et al.  A Group Signature Scheme with Improved Efficiency , 1998, ASIACRYPT.

[8]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[9]  Gene Tsudik,et al.  Some Open Issues and New Directions in Group Signatures , 1999, Financial Cryptography.

[10]  Jan Camenisch,et al.  Efficient group signature schemes for large groups , 1997 .

[11]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[12]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[13]  Mihir Bellare,et al.  Foundations of Group Signatures: The Case of Dynamic Groups , 2005, CT-RSA.

[14]  Mihir Bellare,et al.  A Forward-Secure Digital Signature Scheme , 1999, CRYPTO.

[15]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[16]  Silvio Micali,et al.  The Notion of Security for Probabilistic Cryptosystems , 1986, CRYPTO.

[17]  Jacques Stern,et al.  Efficient Revocation in Group Signatures , 2001, Public Key Cryptography.

[18]  Moti Yung,et al.  Crptograpic Applications of the Non-Interactive Metaproof and Many-Prover Systems , 1990, CRYPTO.

[19]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[20]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[21]  Jan Camenisch,et al.  Efficient and Generalized Group Signatures , 1997, EUROCRYPT.

[22]  Dawn Xiaodong Song,et al.  Practical forward secure group signature schemes , 2001, CCS '01.

[23]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[24]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[25]  Dawn Xiaodong Song,et al.  Quasi-Efficient Revocation in Group Signatures , 2002, Financial Cryptography.

[26]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[27]  Holger Petersen,et al.  How to Convert any Digital Signature Scheme into a Group Signature Scheme , 1997, Security Protocols Workshop.