Cryptology ePrint Archive: Report 2005/122

Breaking and Repairing Trapdoor-free Group Signature Schemes from Asiacrypt 2004

Xinyi Huang and Willy Susilo and Yi Mu

Abstract: Group signature schemes allow a member of a group to sign messages anonymously on behalf of the group. In the case of later dispute, a designated group manager can revoke the anonymity and identify the originator of a signature. In Asiacrypt 2004, Nguyen and Safavi-Naini proposed a group signature scheme that has a constant-size public key and signature length, and more importantly, their group signature scheme does not require trapdoor. Their scheme is very efficient and the sizes of signatures are shorter compared to the existing schemes that were proposed earlier. In this paper, we point out that Nguyen and Safavi-Naini's scheme is insecure. In particular, we provide a cryptanalysis of the scheme that allows a non-member of the group to sign on behalf of the group. The resulting group signature can convince any third party that a member of the group has indeed generated such a signature, although none of the members has done it. Therefore, in the case of dispute, the group manager cannot identify who has signed the message. We also provide a new scheme that does not suffer against this problem.

Category / Keywords: cryptographic protocols / group signatures, privacy and anonymity, cryptographic protocols, bilinear pairings

Date: received 16 Apr 2005, last revised 18 Apr 2005

Contact author: wsusilo at uow edu au

Available format(s): PDF | BibTeX Citation

Version: 20050426:162630 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]