Paper 2015/043

Group Signature with Deniability: How to Disavow a Signature

Ai Ishida, Keita Emura, Goichiro Hanaoka, Yusuke Sakai, and Keisuke Tanaka


Group signatures are a class of digital signatures with enhanced privacy. By using this type of signature, a user can sign a message on behalf of a specific group without revealing his identity, but in the case of a dispute, an authority can expose the identity of the signer. However, in some situations it is only required to know whether a specific user is the signer of a given signature. In this case, the use of a standard group signature may be problematic since the specified user might not be the signer of the given signature, and hence, the identity of the actual signer will be exposed. Inspired by this problem, we propose the notion of a deniable group signature, where, with respect to a signature and a user, the authority can issue a proof showing that the specified user is NOT the signer of the signature, without revealing the actual signer. We also describe a fairly practical construction by extending the Groth group signature scheme (ASIACRYPT 2007). In particular, a denial proof in our scheme consists of 96 group elements, which is about twice the size of a signature in the Groth scheme. The proposed scheme is provably secure under the same assumptions as those of the Groth scheme.

Available format(s)
Public-key cryptography
Publication info
group signaturedeniabilitynon-interactive zero-knowledge proofbilinear map
Contact author(s)
ishida0 @ is titech ac jp
2015-02-23: last of 2 revisions
2015-01-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {Ai Ishida and Keita Emura and Goichiro Hanaoka and Yusuke Sakai and Keisuke Tanaka},
      title = {Group Signature with Deniability: How to Disavow a Signature},
      howpublished = {Cryptology ePrint Archive, Paper 2015/043},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.