Efficient Group Signature Schemes for Large Groups (Extended Abstract)
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Efficient and generalized group signatures
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Efficient proofs that a committed number lies in an interval
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Anonymous Fingerprinting for Predelivery of Contents
Information Security and Cryptology --- ICISC 2008
Hi-index | 0.00 |
Group signature schemes allow a member of a group to sign messages anonymously on behalf of the group. In case of later dispute, a designated group manager can revoke the anonymity and identify the originator of a signature. In Asiacrypt2004, Nguyen and Safavi-Naini proposed a group signature scheme that has a constant-sized public key and signature length, and more importantly, their group signature scheme does not require trapdoor. Their scheme is very efficient and the sizes of signatures are smaller than those of the other existing schemes. In this paper, we point out that Nguyen and Safavi-Naini's scheme is insecure. In particular, it is shown in our cryptanalysis of the scheme that it allows a non-member of the group to sign on behalf of the group. And the resulting signature convinces any third party that a member of the group has indeed generated such a signature, although none of the members has done so. Therefore is in case of dispute, even the group manager cannot identify who has signed the message. In the paper a new scheme that does not suffer from this problem is provided.