Cryptology ePrint Archive: Report 2016/368

Foundations of Fully Dynamic Group Signatures

Jonathan Bootle and Andrea Cerulli and Pyrros Chaidos and Essam Ghadafi and Jens Groth

Abstract: Group signatures allow members of a group to anonymously sign on behalf of the group. Membership is administered by a designated group manager. The group manager can also reveal the identity of a signer if and when needed to enforce accountability and deter abuse. For group signatures to be applicable in practice, they need to support fully dynamic groups, i.e., users may join and leave at any time.

Existing security definitions for fully dynamic group signatures are informal, have shortcomings, and are mutually incompatible. We fill the gap by providing a formal rigorous security model for fully dynamic group signatures. Our model is general and is not tailored towards a specific design paradigm and can therefore, as we show, be used to argue about the security of different existing constructions following different design paradigms. Our definitions are stringent and when possible incorporate protection against maliciously chosen keys. We consider both the case where the group management and tracing signatures are administered by the same authority, i.e.~a single group manager, and also the case where those roles are administered by two separate authorities, i.e. a group manager and an opening authority. We also show that a specialization of our model captures existing models for static and partially dynamic schemes.

In the process, we identify a subtle gap in the security achieved by group signatures using revocation lists. We show that in such schemes new members achieve a slightly weaker notion of traceability. The flexibility of our security model allows to capture such relaxation of traceability.

Category / Keywords: foundations / Group Signatures, Security definitions

Original Publication (with major differences): International Conference on Applied Cryptography and Network Security 2016 (ACNS 2016)

Date: received 11 Apr 2016, last revised 13 Feb 2020

Contact author: essam ghadafi at gmail com,pchaidos@di uoa gr,jbt@zurich ibm com,andrea@dfinity org,jens@dfinity org

Available format(s): PDF | BibTeX Citation

Note: Minor edits

Version: 20200213:192629 (All versions of this report)

Short URL: ia.cr/2016/368


[ Cryptology ePrint archive ]