Paper 2005/122
Breaking and Repairing Trapdoor-free Group Signature Schemes from Asiacrypt 2004
Xinyi Huang, Willy Susilo, and Yi Mu
Abstract
Group signature schemes allow a member of a group to sign messages anonymously on behalf of the group. In the case of later dispute, a designated group manager can revoke the anonymity and identify the originator of a signature. In Asiacrypt 2004, Nguyen and Safavi-Naini proposed a group signature scheme that has a constant-size public key and signature length, and more importantly, their group signature scheme does not require trapdoor. Their scheme is very efficient and the sizes of signatures are shorter compared to the existing schemes that were proposed earlier. In this paper, we point out that Nguyen and Safavi-Naini's scheme is insecure. In particular, we provide a cryptanalysis of the scheme that allows a non-member of the group to sign on behalf of the group. The resulting group signature can convince any third party that a member of the group has indeed generated such a signature, although none of the members has done it. Therefore, in the case of dispute, the group manager cannot identify who has signed the message. We also provide a new scheme that does not suffer against this problem.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- group signaturesprivacy and anonymitycryptographic protocolsbilinear pairings
- Contact author(s)
- wsusilo @ uow edu au
- History
- 2005-04-26: received
- Short URL
- https://ia.cr/2005/122
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2005/122,
author = {Xinyi Huang and Willy Susilo and Yi Mu},
title = {Breaking and Repairing Trapdoor-free Group Signature Schemes from Asiacrypt 2004},
howpublished = {Cryptology ePrint Archive, Paper 2005/122},
year = {2005},
note = {\url{https://eprint.iacr.org/2005/122}},
url = {https://eprint.iacr.org/2005/122}
}
