Paper 2016/368

Foundations of Fully Dynamic Group Signatures

Jonathan Bootle, Andrea Cerulli, Pyrros Chaidos, Essam Ghadafi, and Jens Groth


Group signatures allow members of a group to anonymously sign on behalf of the group. Membership is administered by a designated group manager. The group manager can also reveal the identity of a signer if and when needed to enforce accountability and deter abuse. For group signatures to be applicable in practice, they need to support fully dynamic groups, i.e., users may join and leave at any time. Existing security definitions for fully dynamic group signatures are informal, have shortcomings, and are mutually incompatible. We fill the gap by providing a formal rigorous security model for fully dynamic group signatures. Our model is general and is not tailored towards a specific design paradigm and can therefore, as we show, be used to argue about the security of different existing constructions following different design paradigms. Our definitions are stringent and when possible incorporate protection against maliciously chosen keys. We consider both the case where the group management and tracing signatures are administered by the same authority, i.e.~a single group manager, and also the case where those roles are administered by two separate authorities, i.e. a group manager and an opening authority. We also show that a specialization of our model captures existing models for static and partially dynamic schemes. In the process, we identify a subtle gap in the security achieved by group signatures using revocation lists. We show that in such schemes new members achieve a slightly weaker notion of traceability. The flexibility of our security model allows to capture such relaxation of traceability.

Note: Minor edits

Available format(s)
Publication info
Published elsewhere. Major revision.International Conference on Applied Cryptography and Network Security 2016 (ACNS 2016)
Group SignaturesSecurity definitions
Contact author(s)
essam ghadafi @ gmail com
pchaidos @ di uoa gr
jbt @ zurich ibm com
andrea @ dfinity org
jens @ dfinity org
2020-02-13: last of 2 revisions
2016-04-12: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jonathan Bootle and Andrea Cerulli and Pyrros Chaidos and Essam Ghadafi and Jens Groth},
      title = {Foundations of Fully Dynamic Group Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2016/368},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.