World Library  
Flag as Inappropriate
Email this Article

Group signature

Article Id: WHEBN0003347478
Reproduction Date:

Title: Group signature  
Author: World Heritage Encyclopedia
Language: English
Subject: Proof of knowledge, Public-key cryptography, Index of cryptography articles
Publisher: World Heritage Encyclopedia

Group signature

A Group signature scheme is a method for allowing a member of a group to anonymously sign a message on behalf of the group. The concept was first introduced by David Chaum and Eugene van Heyst in 1991. For example, a group signature scheme could be used by an employee of a large company where it is sufficient for a verifier to know a message was signed by an employee, but not which particular employee signed it. Another application is for keycard access to restricted areas where it is inappropriate to track individual employee's movements, but necessary to secure areas to only employees in the group.

Essential to a group signature scheme is a group manager, who is in charge of adding group members and has the ability to reveal the original signer in the event of disputes. In some systems the responsibilities of adding members and revoking signature anonymity are separated and given to a membership manager and revocation manager respectively. Many schemes have been proposed, however all should follow these basic requirements:

Soundness and Completeness
Valid signatures by group members always verify correctly, and invalid signatures always fail verification.
Only members of the group can create valid group signatures.
Given a message and its signature, the identity of the individual signer cannot be determined without the group manager's secret key.
Given any valid signature, the group manager should be able to trace which user issued the signature. (This and the previous requirement imply that only the group manager can break users' anonymity.)
Given two messages and their signatures, we cannot tell if the signatures were from the same signer or not.
No Framing
Even if all other group members (and the managers) collude, they cannot forge a signature for a non-participating group member.
Unforgeable tracing verification
The revocation manager cannot falsely accuse a signer of creating a signature he did not create.
Coalition resistance
A colluding subset of group members cannot generate a valid signature that the group manager cannot link to one of the colluding group members.[1]

The ACJT 2000,[2] BBS04,[3] and BS04 (in CCS) group signature schemes are some of the state of the art. (Note: this might be an incomplete list.)

Boneh, Boyen and Shacham published in 2004 (BBS04, Crypto04) is a novel group signature scheme based on bilinear maps.[3] Signatures in this scheme are approximately the size of a standard RSA signature (around 200 bytes). The security of the scheme is proven in the random oracle model and relies on the Strong Diffie Hellman assumption (SDH) and a new assumption in bilinear groups called the Decision linear assumption (DLin).

A more formal definition that is geared towards provable security was given by Bellare, Micciancio and Warinschi.[4]

See also

  • Ring signature: A similar system that excludes the requirement of a group manager and provides true anonymity for signers (several algorithms nevertheless maintain some "resticting" properties, like traceability or linkability)
  • Threshold signature: A threshold signature involves a fixed-size quorum (threshold) of signers. Each signer must be a genuine group member with a share of a group secret signing key. A (t,n) threshold signature scheme supports n potential signers, any t of which can on behalf of the group. Threshold signatures reveal nothing about the t signers; no one can trace the identity of the signers (not even a trusted center who have set up the system).
  • Multisignature: A multisignature represents a certain number of signers signing a given message. Number of signers is not fixed and signers identities are evident from a given multi-signature. A multisignature is much shorter (sometimes constant) than the simple collection of individual signatures.
  • Proxy signature: A proxy signature allows a delegator to give partial signing rights to other parties called proxy signers. Proxy signatures do not offer Anonymity
  • Identity Escrow Schemes: Interactive dual of group signatures. Instead of off-line generation, a signature is directly generated by a signer based on a challenge provided by the verifier.


  1. ^ Ateniese, Giuseppe; Camenisch, Jan; Joye, Marc;  
  2. ^ Ateniese, Giuseppe; Camenisch, Jan; Joye, Marc; Tsudik, Gene (2000). "A Practical and Provably Secure Coalition-Resistant Group Signature Scheme" (PDF). Advances in Cryptology - CRYPTO 2000. Lecture Notes in Computer Science 1880: 225–270. Retrieved 24 June 2012. 
  3. ^ a b Boneh, Dan; Boyen, Xavier; Shacham, Hovav (2004). "Short Group Signatures" (PDF). Advances in Cryptology - CRYPTO 2004 (Springer): 227–242.  
  4. ^ Bellare, Mihir; Micciancio, Daniele; Warinschi, Bogdan (May 2003). "Foundations of Group Signatures: Formal Definition, Simplified Requirements and a Construction Based on General Assumptions". Advances in Cryptology - Eurocrypt 2003. Lecture Notes in Computer Science (Warsaw, Poland: Springer) 2656: 614–629. 

External links

  • Chaum, David; van Heyst, Eugene (1991). "Group signatures" (PDF). Advances in Cryptology — EUROCRYPT ’91.  
  • Camenisch, Jan; Michels, Markus (1998). "A Group Signature Scheme Based on an RSA-Variant" (PDF). Basic Research in Computer Science.  
  • M. Bellare; H. Shi; C. Zhang (2005). A. Menezes, ed. "Foundations of Group Signatures: The Case of Dynamic Groups". Topics in Cryptology - CT-RSA 2005 Proceedings. Lecture Notes in Computer Science (Springer-Verlag) 3376. 
  • Bellare, Mihir; Micciancio, Daniele; Warinschi, Bogdan (May 2003). "Foundations of Group Signatures: Formal Definition, Simplified Requirements and a Construction Based on General Assumptions". Advances in Cryptology - Eurocrypt 2003. Lecture Notes in Computer Science (Warsaw, Poland: Springer) 2656: 614–629. 
  • Kilian, Joe;  
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.