Cryptology ePrint Archive: Report 2009/188

Breaking and Building of Group Inside Signature

S. Sree Vivek and S. Sharmila Deva Selvi and S.Gopinath and C. Pandu Rangan

Abstract: Group Inside Signature (GIS) is a signature scheme that allows the signer to designate his signature to be verified by a group of people, so that members other than the designated group cannot verify the signature generated by him. In Broadcast Group Oriented Signature (BGOS), an user from one group can designate his signature to be verified by members of other group. The GIS and BGOS schemes \cite{MaAoHe05}, \cite{CJ09} and \cite{MaHeAo05} which we consider are certificateless schemes. An Adaptable Designated Group Signature (ADGS), is one in which an user can designate his signature to be verified by a selected set of members who are from different groups. The ADGS scheme \cite{MaL06} which we consider here is an identity based scheme. In this paper, we present the cryptanalysis of four schemes that appeared in \cite{MaAoHe05}, \cite{CJ09}, \cite{MaHeAo05} and \cite{MaL06}. We show that, both GIS schemes \cite{MaAoHe05}, \cite{CJ09} and BGOS scheme \cite{MaHeAo05} suffers from Type-I and Type-II vulnerabilities and ADGS \cite{MaL06} is universally forgeable. We also present a new scheme for ADGS (N-ADGS) and proved its security in the random oracle model. The existing model for ADGS did not consider unlinkability which is one of the key properties required for ADGS. We provide security model for unlinkability and also prove our scheme is unlinkable.

Category / Keywords: public-key cryptography / Group Inside Signature, Broadcast Group Oriented Signature, Adaptable Designated Group Signature, Identity Based, Certificateless, Cryptanalysis

Date: received 3 May 2009, last revised 4 May 2009

Contact author: ssreevivek at gmail com,sharmioshin@gmail com,gopisikha@gmail com

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20090505:055455 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]