Paper 2020/016

Short Threshold Dynamic Group Signatures

Jan Camenisch, Manu Drijvers, Anja Lehmann, Gregory Neven, and Patrick Towa


Traditional group signatures feature a single issuer who can add users to the group of signers and a single opening authority who can reveal the identity of the group member who computed a signature. Interestingly, despite being designed for privacy-preserving applications, they require strong trust in these central authorities who constitute single points of failure for critical security properties. To reduce the trust placed on authorities, we introduce dynamic group signatures which distribute the role of issuer and opener over several entities, and support t_I-out-of-n_I issuance and t_O-out-of-n_O opening. We first define threshold dynamic group signatures and formalize their security. We then give an efficient construction relying on the pairing-based Pointcheval–Sanders (PS) signature scheme (CT-RSA 2018), which yields very short group signatures of two first-group elements and three exponents. We also give a simpler variant of our scheme in which issuance requires the participation of all n_I issuers, but still supports t_O-out-of-n_O opening. It is based on a new multi-signature variant of the PS scheme which allows for efficient proofs of knowledge and is a result of independent inter- est. We prove our schemes secure in the random-oracle model under a non-interactive q-type of assumption.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Minor revision.SCN 2020 : 12th Conference on Security and Cryptography for Networks
Group SignaturesThreshold Cryptography
Contact author(s)
jan @ dfinity org
manu @ dfinity org
anja lehmann @ hpi de
gregory @ dfinity org
tow @ zurich ibm com
2020-08-25: revised
2020-01-07: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jan Camenisch and Manu Drijvers and Anja Lehmann and Gregory Neven and Patrick Towa},
      title = {Short Threshold Dynamic Group Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2020/016},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.