Paper 2014/607

Adding Controllable Linkability to Pairing-Based Group Signatures For Free

Daniel Slamanig, Raphael Spreitzer, and Thomas Unterluggauer


Group signatures, which allow users of a group to anonymously produce signatures on behalf of the group, are an important cryptographic primitive for privacy-enhancing applications. Over the years, various approaches to enhanced anonymity management mechanisms, which extend the standard feature of opening of group signatures, have been proposed. In this paper we show how pairing-based group signature schemes (PB-GSSs) following the sign-and-encrypt-and-prove (SEP) paradigm that are secure in the BSZ model can be generically transformed in order to support one particular enhanced anonymity management mechanism, i.e., we propose a transformation that turns every such PB-GSS into a PB-GSS with controllable linkability. Basically, this transformation replaces the public key encryption scheme used for identity escrow within a group signature scheme with a modified all-or-nothing public key encryption with equality tests scheme (denoted AoN-PKEET$^*$) instantiated from the respective public key encryption scheme. Thereby, the respective trapdoor is given to the linking authority as a linking key. The appealing benefit of this approach in contrast to other anonymity management mechanisms (such as those provided by traceable signatures) is that controllable linkability can be added to PB-GSSs based on the SEP paradigm for free, i.e., it neither influences the signature size nor the computational costs for signers and verifiers in comparison to the scheme without this feature.

Note: An extended abstract of this paper appears in the proceedings of ISC 2014, this is the full version.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Major revision.ISC 2014
Controllable linkabilitygeneric transformationpairing-based group signature schemes
Contact author(s)
raphael spreitzer @ iaik tugraz at
2016-11-17: revised
2014-08-13: received
See all versions
Short URL
Creative Commons Attribution


      author = {Daniel Slamanig and Raphael Spreitzer and Thomas Unterluggauer},
      title = {Adding Controllable Linkability to Pairing-Based Group Signatures For Free},
      howpublished = {Cryptology ePrint Archive, Paper 2014/607},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.