Group signature

From Wikipedia, the free encyclopedia

A Group signature scheme is a method for allowing a member of a group to anonymously sign a message on behalf of the group. The concept was first introduced by David Chaum and Eugene van Heyst in 1991. For example, a group signature scheme could be used by an employee of a large company where it is sufficient for a verifier to know a message was signed by an employee, but not the particular employee who signed it. Another application is for keycard access to restricted areas where it is inappropriate to track individual employee's movements, but necessary to secure areas to only employees in the group.

Essential to a group signature scheme is a group manager, who is in charge of adding group members and has the ability to reveal the original signer in the event of disputes. In some systems the responsibilities of adding members and revoking signature anonymity are separated and given to a membership manager and revocation manager respectively. Many schemes have been proposed, however all should follow these basic requirements:

  • Soundness and Completeness: Valid signatures by group members always verfiy correctly, and invalid signatures always fail verification.
  • Unforgeable: Only members of the group can create valid group signatures.
  • Signer ambiguous: Given a message and its signature, the identity of the individual signer cannot be determined without the revocation manager's secret key.
  • Unlinkability: Given two messages and their signatures, we cannot tell if the signatures were from the same signer or not.
  • No Framing: Even if all other group members (and the managers) collude, they cannot forge a signature for a non-participating group member.
  • Unforgeable tracing verification: The revocation manager cannot falsely accuse a signer of creating a signature he did not create.

[edit] See also

  • Ring signature: A similar system that excludes the requirement of a group manager and provides true anonymity for signers.

[edit] References

  • D. Chaum and E. van Heyst (1991). "Group signatures". Advances in Cryptology — EUROCRYPT ’91, volume 547 of Lecture Notes in Computer Science, 257-265.
  • J. Camenisch, M. Michels. A Group Signature Scheme Based on an RSA-Variant. 1998 (http://www.brics.dk/RS/98/27/BRICS-RS-98-27.pdf)
Retrieved from "http://en.wikipedia.org../../../g/r/o/Group_signature.html"