A public key cryptosystem and a signature scheme based on discrete logarithms
Proceedings of CRYPTO 84 on Advances in cryptology
Public-key cryptosystems provably secure against chosen ciphertext attacks
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
A Practical and Provably Secure Coalition-Resistant Group Signature Scheme
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Foundations of group signatures: the case of dynamic groups
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Group signatures with efficient concurrent join
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
| Hi-index | 0.00 |
A secure group signature is required to be anonymous, that is, given two group signatures generated by two different members on the same message or two group signatures generated by the same member on two different messages, they are indistinguishable except for the group manager. In this paper we prove the equivalence of a group signature’s anonymity and its indistinguishability against chosen ciphertext attacks if we view a group signature as an encryption of member identity. Particularly, we prove ACJT’s group signature is IND-CCA2 secure, so ACJT’s scheme is anonymous in the strong sense. The result is an answer to an open question in literature.