Efficient Group Signature Schemes for Large Groups (Extended Abstract)
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
On Concrete Security Treatment of Signatures Derived from Identification
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
A Group Signature Scheme with Improved Efficiency
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
1-out-of-n Signatures from a Variety of Keys
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A Practical and Provably Secure Coalition-Resistant Group Signature Scheme
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
On the (In)security of the Fiat-Shamir Paradigm
FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
Magic Functions: In Memoriam: Bernard M. Dwork 1923--1998
Journal of the ACM (JACM)
Group signatures with verifier-local revocation
Proceedings of the 11th ACM conference on Computer and communications security
Efficient and generalized group signatures
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Foundations of group signatures: the case of dynamic groups
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
| Hi-index | 0.00 |
The Fiat-Shamir (FS) transform is a popular tool to produce particularly efficient digital signature schemes out of identification protocols. It is known that the resulting signature scheme is secure (in the random oracle model) if and only if the identification protocol is secure against passive impersonators. A similar results holds for constructing ID-based signature schemes out of ID-based identification protocols. The transformation had also been applied to identification protocols with additional privacy properties. So, via the FS transform, ad-hoc group identification schemes yield ring signatures and identity escrow schemes yield group signature schemes. Unfortunately, results akin to those above are not known to hold for these latter settings and the security of the resulting schemes needs to be proved from scratch, or worse, it is often simply assumed. In this paper we provide the missing foundations for the use of the FS transform in these more complex settings. We start with defining a formal security model for identity escrow schemes (a concept proposed earlier but never rigorously formalized). Our main result constists of necessary and sufficient conditions for an identity escrow scheme to yield (via the FS transform) a secure group signature schemes. In addition, using the similarity between group and ring signature schemes we give analogous results for the latter primitive.