Cryptology ePrint Archive: Report 2010/587

Group Message Authentication

Bartosz Przydatek and Douglas Wikstr{\"o}m

Abstract: Group signatures is a powerful primitive with many practical applications, allowing a group of parties to share a signature functionality, while protecting the anonymity of the signer. However, despite intensive research in the past years, there is still no fully satisfactory implementation of group signatures in the plain model. The schemes proposed so far are either too inefficient to be used in practice, or their security is based on rather strong, non-standard assumptions.

We observe that for some applications the full power of group signatures is not necessary. For example, a group signature can be verified by any third party, while in many applications such a universal verifiability is not needed or even not desired. Motivated by this observation, we propose a notion of \emph{group message authentication}, which can be viewed as a relaxation of group signatures. Group message authentication enjoys the group-oriented features of group signatures, while dropping some of the features which are not needed in many real-life scenarios. An example application of group message authentication is an implementation of an \emph{anonymous} credit card.

We present a generic implementation of group message authentication, and also propose an efficient concrete implementation based on standard assumptions, namely strong RSA and DDH.

Category / Keywords: public-key cryptography /

Publication Info: Conference version appeared at Conference on Security and Cryptography for Networks 2010 (SCN 2010)

Date: received 18 Nov 2010

Contact author: dog at csc kth se

Available format(s): PDF | BibTeX Citation

Version: 20101120:200114 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]