Cryptology ePrint Archive: Report 2003/112

Accumulating Composites and Improved Group Signing

Gene Tsudik and Shouhuai Xu

Abstract: Constructing practical and provably secure group signature schemes has been a very active research topic in recent years. A group signature can be viewed as a digital signature with certain extra properties. Notably, anyone can verify that a signature is generated by a legitimate group member, while the actual signer can only be identified (and linked) by a designated entity called a group manager. Currently, the most efficient group signature scheme available is due to Camenisch and Lysyanskaya \cite{CL02}. It is obtained by integrating a novel dynamic accumulator with the scheme by Ateniese, et al. \cite{ACJT00}.

In this paper, we construct a dynamic accumulator that accumulates \emph{composites}, as opposed to previous accumulators that accumulated \emph{primes}. We also present an efficient method for proving knowledge of factorization of a committed value. Based on these (and other) techniques we design a novel provably secure group signature scheme. It operates in the \emph{common auxiliary string} model and offers two important benefits: 1) the {\sf Join} process is very efficient: a new member computes only a single exponentiation, and 2) the (unoptimized) cost of generating a group signature is 17 exponentiations which is appreciably less than the state-of-the-art.

Category / Keywords: applications / Accumulator, group signature, identity escrow

Date: received 30 May 2003

Contact author: shxu at ics uci edu

Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation

Version: 20030603:065937 (All versions of this report)

Discussion forum: Show discussion | Start new discussion