Off-Line Group Signatures with Smart Cards

Group signatures allow a group member to sign messages anonymously on behalf of the group and, if needed, a group authority is able to identify the signer. In most applications, groups are dynamic and the number of arrivals and departures is non-negligible. Group signature schemes must take into account this situation and deal with member revocation. Even if group signature schemes have been intensively investigated during the last decade, few are applicable in low resource context. Among them, the simplest and most efficient has been proposed by Canard and Girault at Cardis 2002 and involves the smart card as security proxy. This solution has many advantages; however, there is a need to be connected to a group authority in order to sign or to verify the signature. Clearly, this is a drawback in embedded security for mobile applications. Based on a re-assessment of the notion of group signature, we propose an improvement of the Canard-Girault scheme allowing to perform signature and verification both off-line. In particular, we introduce the notion of risk-management for group signature schemes, which leads us to a novel approach of the member revocation problem.