Identity-based cryptosystems and signature schemes
Proceedings of CRYPTO 84 on Advances in cryptology
Proceedings of the tenth annual ACM-SIAM symposium on Discrete algorithms
Hi-index | 0.89 |
A group signature scheme allows any group member to sign messages on behalf of the group in an anonymous and unlinkable fashion. In the event of a dispute, a designated group manager can reveal the identity of the signer. In 1999, Tseng and Jan proposed a group signature scheme using self-certified public keys. By attacking their signature verification equation, we demonstrate that their scheme is universally forgeable, i.e., anybody can forge a valid group signature on any message such that the group manager is unable to determine the identity of the signer.