Tracing-by-Linking Group Signatures
نویسنده
چکیده
In a group signature [19], any group member can sign on behalf of the group while remaining anonymous, but its identity can be traced in an future dispute investigation. Essentially all state-of-theart group signatures implement the tracing mechnism by requiring the signer to escrow its identity to an Open Authority (OA) [2, 14, 4, 25, 5, 7, 24]. We call them Tracing-by-Escrowing (TbE) group signatures. One drawback is that the OA also has the unnecessary power to trace without proper cause. In this paper we introduce Tracing-by-Linking (TbL) group signatures. The signer’s anonymity is irrevocable by any authority if the group member signs only once (per event). But if a member signs twice, its identity can be traced by a public algorithm without needing any trapdoor. We initiate the formal study of TbL group signatures by introducing its security model, constructing the first examples, and give several applications. Our core construction technique is the successful transplant of the TbL technique from single-term offline e-cash from the blind signature framework [10, 22, 21] to the group signature framework. Our signatures have size O(1).
منابع مشابه
Extracting Group Signatures from Traitor Tracing Schemes
To appear in Advances in Cryptology — Eurocrypt 2003, May 4-8, Warsaw, Poland, Eli Biham (Ed.), Springer LNCS, 2003 Digital Signatures emerge naturally from Public-Key Encryption based on trapdoor permutations, and the “duality” of the two primitives was noted as early as Diffie-Hellman’s seminal work. The present work is centered around the crucial observation that two well known cryptographic...
متن کاملEfficient Traceable Signatures in the Standard Model
Traceable signatures (TS), suggested by Kiayias, Tsiounis and Yung (Eurocrypt’04), extend group signatures to address various basic traceability issues beyond merely identifying the anonymous signer of a rogue signature. Namely, they enable the efficient tracing of all signatures produced by a misbehaving party without opening the identity of other parties. They also allow users to provably cla...
متن کاملNon-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable Linkability
Group signatures are an important privacy-enhancing tool that allow to anonymously sign messages on behalf of a group. A recent feature for group signatures is controllable linkability, where a dedicated linking authority (LA) can determine whether two given signatures stem from the same signer without being able to identify the signer(s). Currently the linking authority is fully trusted, which...
متن کاملEfficient Distributed Tag-Based Encryption and Its Application to Group Signatures with Efficient Distributed Traceability
In this work, we first formalize the notion of dynamic group signatures with distributed traceability, where the capability to trace signatures is distributed among nmanagers without requiring any interaction. This ensures that only the participation of all tracing managers permits tracing a signature, which reduces the trust placed in a single tracing manager. The threshold variant follows eas...
متن کاملAccountable Tracing Signatures
Demands for lawful access to encrypted data are a long standing obstacle to integrating cryptographic protections into communication systems. A common approach is to allow a trusted third party (TTP) to gain access to private data. However, there is no way to verify that this trust is well place as the TTP may open all messages indiscriminately. Moreover, existing approaches do not scale well w...
متن کامل