Group signatures with verifier-local revocation
Proceedings of the 11th ACM conference on Computer and communications security
Enhanced privacy id: a direct anonymous attestation scheme with enhanced revocation capabilities
Proceedings of the 2007 ACM workshop on Privacy in electronic society
Blacklistable anonymous credentials: blocking misbehaving users without ttps
Proceedings of the 14th ACM conference on Computer and communications security
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
An efficient group signature scheme from bilinear maps
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Hi-index | 0.00 |
In group signature schemes, a signature is anonymous for a verifier, while only a designated Privacy Manager (PM) can identify the signer. This identification is used for tracing a dishonest anonymous signer in case of an illegal act using the signature. However, PM can violate signers' anonymity. Recently, Brickell and Li propose a novel countermeasure for the anonymous dishonest signer without PM in the setting of the direct anonymous attestation. Here, we call the generalized group signature version anonymously revocable group signature scheme. In this scheme, after an illegal act using a group signature was found, the membership of the dishonest signer can be anonymously revoked for excluding the signer without the help of any PM. However, since the Brickell-Li scheme is based on the RSA assumption and the DDH assumption, the signature is long. In this paper, we propose a short anonymously revocable group signature scheme from supersingular curves, where we adopt the decision linear (DLIN) assumption. Compared to the simple adoption of the Brickell-Li DDH-based revoking approach to supersingular curves, the length of our signature is reduced to about from 30% to 60%.