The primitive has been introduced with only informal definitions for its required security properties.
We offer two main contributions: first, we provide foundations for the primitive where we present formal security definitions offering various flavors of anonymity relevant to this setting. In the process, we identify and address some subtle issues which were not considered by previous constructions and (informal) security definitions.
Our second main contribution is a generic construction that yields practical schemes with round-optimal signing and constant-size signatures. Our constructions permit dynamic and concurrent enrollment of new members, satisfy strong security requirements, and do not rely on random oracles.
In addition, we introduce some new building blocks which may be of independent interest.Category / Keywords: Group Signatures, Blind Signatures, Group Blind Signatures, Standard Model. Original Publication (with major differences): ACISP 2013