HOME

TheInfoList



Click Here for Items Related To - group signature
OR:
group signature on:   [Wikipedia]   [Google]   [Amazon]

A group signature scheme is a method for allowing a member of a group to anonymously
sign A sign is an object, quality, event, or entity whose presence or occurrence indicates the probable presence or occurrence of something else. A natural sign bears a causal relation to its object—for instance, thunder is a sign of storm, or me ...
a message on behalf of the group. The concept was first introduced by
David Chaum David Lee Chaum (born 1955) is an American computer scientist, cryptographer, and inventor. He is known as a pioneer in cryptography and privacy-preserving technologies, and widely recognized as the inventor of digital cash. His 1982 dissertatio ...
and Eugene van Heyst in 1991. For example, a group signature scheme could be used by an employee of a large company where it is sufficient for a verifier to know a message was signed by an employee, but not which particular employee signed it. Another application is for
keycard A keycard lock is a lock operated by a keycard, a flat, rectangular plastic card. The card typically, but not always, has identical dimensions to that of a credit card or American and EU driver's license. The card stores a physical or digital ...
access to restricted areas where it is inappropriate to track individual employee's movements, but necessary to secure areas to only employees in the group. Essential to a group signature scheme is a ''group manager'', who is in charge of adding group members and has the ability to reveal the original signer in the event of disputes. In some systems the responsibilities of adding members and revoking signature anonymity are separated and given to a membership manager and revocation manager respectively. Many schemes have been proposed, however all should follow these basic requirements: ;Soundness and completeness: Valid signatures by group members always verify correctly, and invalid signatures always fail verification. ;Unforgeable: Only members of the group can create valid group signatures. ;Anonymity: Given a message and its signature, the identity of the individual signer cannot be determined without the group manager's
secret key A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key c ...
. ;Traceability: Given any valid signature, the group manager should be able to trace which user issued the signature. (This and the previous requirement imply that only the group manager can break users' anonymity.) ;Unlinkability: Given two messages and their signatures, we cannot tell if the signatures were from the same signer or not. ;No framing: Even if all other group members (and the managers)
collude Collusion is a deceitful agreement or secret cooperation between two or more parties to limit open competition by deceiving, misleading or defrauding others of their legal right. Collusion is not always considered illegal. It can be used to att ...
, they cannot forge a signature for a non-participating group member. ;Unforgeable tracing verification: The revocation manager cannot falsely accuse a signer of creating a signature he did not create. ;Coalition resistance: A colluding subset of group members cannot generate a valid signature that the group manager cannot link to one of the colluding group members. The ''ACJT 2000'', ''BBS04'', and ''BS04'' (in CCS) group signature schemes are some of the state of the art. (Note: this might be an incomplete list.) Boneh, Boyen and Shacham published in 2004 (''BBS04'', Crypto04) is a novel group signature scheme based on bilinear maps. Signatures in this scheme are approximately the size of a standard RSA signature (around 200 bytes). The security of the scheme is proven in the random oracle model and relies on the
Strong Diffie Hellman assumption Strong may refer to: Education * The Strong, an educational institution in Rochester, New York, United States * Strong Hall (Lawrence, Kansas), an administrative hall of the University of Kansas * Strong School, New Haven, Connecticut, United St ...
(SDH) and a new assumption in bilinear groups called the
Decision linear assumption The Decision Linear (DLIN) assumption is a computational hardness assumption used in elliptic curve cryptography. In particular, the DLIN assumption is useful in settings where the decisional Diffie–Hellman assumption does not hold (as is oft ...
(DLin). A more formal definition that is geared towards
provable security Provable security refers to any type or level of computer security that can be proved. It is used in different ways by different fields. Usually, this refers to mathematical proofs, which are common in cryptography. In such a proof, the capabiliti ...
was given by Bellare, Micciancio and Warinschi.


See also

*
Ring signature In cryptography, a ring signature is a type of digital signature that can be performed by any member of a set of users that each have keys. Therefore, a message signed with a ring signature is endorsed by someone in a particular set of people. On ...
: A similar system that excludes the requirement of a group manager and provides true anonymity for signers (several algorithms nevertheless maintain some "restricting" properties, like traceability or linkability) * Threshold signature: A threshold signature involves a fixed-size quorum (threshold) of signers. Each signer must be a genuine group member with a share of a group secret signing key. A (t,n) threshold signature scheme supports n potential signers, any t of which can on behalf of the group. Threshold signatures reveal nothing about the t signers; no one can trace the identity of the signers (not even a trusted center who have set up the system). *
Multisignature A cryptocurrency wallet is a device, physical medium, program or a service which stores the public and/or private keys for cryptocurrency transactions. In addition to this basic function of storing the keys, a cryptocurrency wallet more often al ...
: A multisignature represents a certain number of signers signing a given message. Number of signers is not fixed and signers identities are evident from a given multi-signature. A multisignature is much shorter (sometimes constant) than the simple collection of individual signatures. *
Proxy signature Proxy may refer to: * Proxy or agent (law), a substitute authorized to act for another entity or a document which authorizes the agent so to act * Proxy (climate), a measured variable used to infer the value of a variable of interest in climate re ...
: A proxy signature allows a delegator to give partial signing rights to other parties called proxy signers. Proxy signatures do not offer Anonymity * Identity Escrow Schemes: Interactive dual of group signatures. Instead of off-line generation, a signature is directly generated by a signer based on a challenge provided by the verifier.


References


External links

* * * * * {{Authority control Public-key cryptography Digital signature schemes Cryptographic primitives