This work presents the first efficient group signature scheme with a simple Joining protocol that is based on a ``single message and signature response'' interaction between the prospective user and the GM. This single-message and signature-response registration paradigm where no other actions are taken, is the most efficient possible join interaction and was originally alluded to in 1997 by Camenisch and Stadler, but its efficient instantiation remained open till now.
The fact that joining has two short communication flows and does not require secure channels is highly advantageous: for example, it allows users to easily join by a proxy (i.e., a security officer of a company can send a file with all registration requests in his company and get back their certificates for distribution back to members of the company). It further allows an easy and non-interactive global system re-keying operation as well as straightforward treatment of multi-group signatures. We present a strong security model for group signatures (the first explicitly taking into account concurrent join attacks) and an efficient scheme with a single-message and signature-response join protocol.
The present manuscript is a full version containing proofs, minor corrections as well as a more flexible and efficient protocol construction compared to the proceedings version.Category / Keywords: cryptographic protocols / group signatures Publication Info: Eurocrypt 2005 Date: received 25 Sep 2005 Contact author: aggelos at cse uconn edu Available formats: PDF | BibTeX Citation Version: 20050927:150839 (All versions of this report) Discussion forum: Show discussion | Start new discussion