Up to now, how to construct an efficient secure group signature scheme, which needs not to reset the system when some group members' signing keys are exposed, is still a difficult problem. A construction concernin...Up to now, how to construct an efficient secure group signature scheme, which needs not to reset the system when some group members' signing keys are exposed, is still a difficult problem. A construction concerning revocation of group members is an ideal one if it satisfies forward security which makes it more attractive for not sacrificing the security of past signatures of deleted members. This paper analyses the problem and gives a construction in which the group manager can be un-trustworthy. The scheme is efficient even when the number of revoked members is large.展开更多
How to find efficient and secure member- ship revocation algorithms is one of the most important issues standing in the way of real-world applications of group signatures. In this paper, the proof of knowledge of divi...How to find efficient and secure member- ship revocation algorithms is one of the most important issues standing in the way of real-world applications of group signatures. In this paper, the proof of knowledge of divisibility is given and a novel membership revocation method in ACJT group signature scheme is proposed: the group manager issues the product E of the public keys of current members in the group, when a group member wants to sign, he should not only proves that he has a membership certificate, but also proves that the public key in his certificate divides exactly the public key product E with zero knowledge. The proposed method is efficient since the group manager only needs one division and one exponentiation when a group member is deleted, while the signing and verifying procedure are independent of the number of current group members and excluded members, as well as the original group public key and membership certificates needn't be changed.展开更多
In this paper, a new dynamic group signature scheme is proposed. It allows the group manager to increase or delete group members flexibly. Furthermore, the length of group signatures, as well as the computational effo...In this paper, a new dynamic group signature scheme is proposed. It allows the group manager to increase or delete group members flexibly. Furthermore, the length of group signatures, as well as the computational effort for signing, verifying and opening are very small and independent of the number of group members and deleted group members. So it is efficient.展开更多
Abe et al. proposed the methodology of ring signature (RS) design in 2002 andshowed how to construct RS with a mixture of public keys based on factorization and/or discretelogarithms. Their methodology cannot be appli...Abe et al. proposed the methodology of ring signature (RS) design in 2002 andshowed how to construct RS with a mixture of public keys based on factorization and/or discretelogarithms. Their methodology cannot be applied to knowledge signatures (KS) using the Fiat-Shamirheuristic and cut-and-choose techniques, for instance, the Goldreich KS. This paper presents a moregeneral construction of RS from various public keys if there exists a secure signature using such apublic key and an efficient algorithm to forge the relation to be checked if the challenges in sucha signature are known in advance. The paper shows how to construct RS based on the graph isomorphismproblem (GIP). Although it is unknown whether or not GIP is NP-Complete, there are no knownarguments that it can be solved even in the quantum computation model. Hence, the scheme has abetter security basis and it is plausibly secure against quantum adversaries.展开更多
基金the National Natural Science Foundation of China (No.60673081)the National Grand Foundation Research 863 Program of China (No.2006 AA01Z417).
文摘Up to now, how to construct an efficient secure group signature scheme, which needs not to reset the system when some group members' signing keys are exposed, is still a difficult problem. A construction concerning revocation of group members is an ideal one if it satisfies forward security which makes it more attractive for not sacrificing the security of past signatures of deleted members. This paper analyses the problem and gives a construction in which the group manager can be un-trustworthy. The scheme is efficient even when the number of revoked members is large.
基金supported in part by the National Nature Science Foundation of China under Grant No. 60473027
文摘How to find efficient and secure member- ship revocation algorithms is one of the most important issues standing in the way of real-world applications of group signatures. In this paper, the proof of knowledge of divisibility is given and a novel membership revocation method in ACJT group signature scheme is proposed: the group manager issues the product E of the public keys of current members in the group, when a group member wants to sign, he should not only proves that he has a membership certificate, but also proves that the public key in his certificate divides exactly the public key product E with zero knowledge. The proposed method is efficient since the group manager only needs one division and one exponentiation when a group member is deleted, while the signing and verifying procedure are independent of the number of current group members and excluded members, as well as the original group public key and membership certificates needn't be changed.
基金Supported by the Scientific Research Plan Projectof the Education Department of Shaanxi Province (06JK197)
文摘In this paper, a new dynamic group signature scheme is proposed. It allows the group manager to increase or delete group members flexibly. Furthermore, the length of group signatures, as well as the computational effort for signing, verifying and opening are very small and independent of the number of group members and deleted group members. So it is efficient.
文摘Abe et al. proposed the methodology of ring signature (RS) design in 2002 andshowed how to construct RS with a mixture of public keys based on factorization and/or discretelogarithms. Their methodology cannot be applied to knowledge signatures (KS) using the Fiat-Shamirheuristic and cut-and-choose techniques, for instance, the Goldreich KS. This paper presents a moregeneral construction of RS from various public keys if there exists a secure signature using such apublic key and an efficient algorithm to forge the relation to be checked if the challenges in sucha signature are known in advance. The paper shows how to construct RS based on the graph isomorphismproblem (GIP). Although it is unknown whether or not GIP is NP-Complete, there are no knownarguments that it can be solved even in the quantum computation model. Hence, the scheme has abetter security basis and it is plausibly secure against quantum adversaries.
