On the security of the Li-Hwang-Lee-Tsai threshold group signature scheme

Abstract

A (t,n) threshold group signature scheme is a generalization of group signature, in which only t or more members from a given group with n members can represent the group to generate signatures anonymously and the identities of signers of a signature can be revealed in case of dispute later. In this paper, we first present a definition of threshold group signatures, and propose several requirements to evaluate whether a threshold group signature scheme is secure and efficient. Then we investigate the security and efficiency of a threshold group signature scheme proposed by Li, Hwang, Lee and Tsai, and point out eight weaknesses in their scheme. The most serious weakness is that there is a framing attack on their scheme. In this framing attack, once the group private key is controlled, (n - t+1) colluding group members can forge a valid threshold group signature on any given message, which looks as if it was signed by (t-1) honest group members and one cheating member. At the same time, all these (t-1) honest members cannot detect this cheating behavior, because they can use the system to generate group signatures normally. © Springer-Verlag Berlin Heidelberg 2003.