[Resource Topic] 2005/345: Group Signatures with Efficient Concurrent Join

Resource Cryptographic protocols
#1

Welcome to the resource topic for 2005/345

Title:
Group Signatures with Efficient Concurrent Join

Authors: Aggelos Kiayias, Moti Yung

Abstract:

A group signature is a basic privacy mechanism. The group joining operation
is a critical component of such a scheme. To date all secure
group signature schemes either employed a trusted-party aided join operation
or a complex joining protocol requiring many interactions between the prospective user
and the Group Manager (GM).
In addition no efficient scheme employed a join protocol proven secure against
adversaries that have the capability
to dynamically initiate multiple concurrent join sessions during an attack.

This work presents the first efficient group signature scheme with a simple
Joining protocol that is based on a ``single message and signature response’’
interaction between the prospective user and the GM. This single-message and
signature-response
registration paradigm where no other actions are taken, is
the most efficient possible join interaction and was originally alluded to
in 1997 by Camenisch and Stadler, but its efficient instantiation
remained open till now.

The fact that joining has two short communication flows and does not require secure
channels is highly advantageous:
for example, it allows users to easily join by a
proxy (i.e., a security officer of a company can send a file with all
registration requests in his company and get back their certificates
for distribution back to members of the company). It further allows
an easy and non-interactive global system re-keying operation as well
as straightforward treatment of multi-group signatures.
We present a strong security model for group signatures (the first
explicitly taking into account concurrent join attacks) and an efficient
scheme with a single-message and signature-response join protocol.

The present manuscript is a full version containing proofs, minor corrections as well
as a more flexible and efficient protocol construction compared to the proceedings
version.

ePrint: https://eprint.iacr.org/2005/345

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .