Paper 2010/587

Group Message Authentication

Bartosz Przydatek and Douglas Wikström


Group signatures is a powerful primitive with many practical applications, allowing a group of parties to share a signature functionality, while protecting the anonymity of the signer. However, despite intensive research in the past years, there is still no fully satisfactory implementation of group signatures in the plain model. The schemes proposed so far are either too inefficient to be used in practice, or their security is based on rather strong, non-standard assumptions. We observe that for some applications the full power of group signatures is not necessary. For example, a group signature can be verified by any third party, while in many applications such a universal verifiability is not needed or even not desired. Motivated by this observation, we propose a notion of \emph{group message authentication}, which can be viewed as a relaxation of group signatures. Group message authentication enjoys the group-oriented features of group signatures, while dropping some of the features which are not needed in many real-life scenarios. An example application of group message authentication is an implementation of an \emph{anonymous} credit card. We present a generic implementation of group message authentication, and also propose an efficient concrete implementation based on standard assumptions, namely strong RSA and DDH.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Conference version appeared at Conference on Security and Cryptography for Networks 2010 (SCN 2010)
Contact author(s)
dog @ csc kth se
2010-11-20: received
Short URL
Creative Commons Attribution


      author = {Bartosz Przydatek and Douglas Wikström},
      title = {Group Message Authentication},
      howpublished = {Cryptology ePrint Archive, Paper 2010/587},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.