Paper 2005/353

On the Security of A Group Signature Scheme

Jianhong Zhang and Wei Zou


As a special digital signature, a group signature scheme al- lows a group member to sign message on behalf of the group in an anony-mous and unlinkability way, In case of a dispute, the group manager can reveal the actual identity of signer. Anonymity and unlinkability are basic properties of group signature, which distinguish other signature scheme. Recently, based on the work of Camenisch and Lysyanskaya, which is known to be the most e±cient scheme so far, E.Y.Choi propose an e±cient group signature scheme with member revocation at TrustBus 2005. Unfortunately, in this work we show that the scheme has linkability, Namely, any one can distinguish whether two di®erent group signatures are produced by the same signer, and that the revo- cation manager cannot trace the actual identity of a signer by a group signature. Finally, we give the corresponding attack to the scheme.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
jhzhang @ ncut edu cn
2005-10-09: received
Short URL
Creative Commons Attribution


      author = {Jianhong Zhang and Wei Zou},
      title = {On the Security of A Group Signature Scheme},
      howpublished = {Cryptology ePrint Archive, Paper 2005/353},
      year = {2005},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.