Cryptology ePrint Archive: Report 2005/353

On the Security of A Group Signature Scheme

Jianhong Zhang, Wei Zou,

Abstract: As a special digital signature, a group signature scheme al- lows a group member to sign message on behalf of the group in an anony-mous and unlinkability way, In case of a dispute, the group manager can reveal the actual identity of signer. Anonymity and unlinkability are basic properties of group signature, which distinguish other signature scheme. Recently, based on the work of Camenisch and Lysyanskaya, which is known to be the most e±cient scheme so far, E.Y.Choi et.al propose an e±cient group signature scheme with member revocation at TrustBus 2005. Unfortunately, in this work we show that the scheme has linkability, Namely, any one can distinguish whether two di®erent group signatures are produced by the same signer, and that the revo- cation manager cannot trace the actual identity of a signer by a group signature. Finally, we give the corresponding attack to the scheme.

Category / Keywords:

Date: received 28 Sep 2005

Contact author: jhzhang at ncut edu cn

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20051009:092055 (All versions of this report)

Short URL: ia.cr/2005/353

Discussion forum: Show discussion | Start new discussion