Efficient secure group signatures with dynamic joins and keeping anonymity against group managers

Abstract

The demonstration of an efficient construction proven secure in a formal model that captures all intuitive security properties of a certain primitive is an ultimate goal in cryptographic design. This work offers the above for the case of a group signature scheme (with the traditional notion of dynamically joining users and untrusted join manager). To this end we adapt a formal model for group signatures capturing the state-of-the-art requirements in the area and we construct an efficient scheme and prove its security. Our construction is based on the scheme of Ateniese et al., which is modified appropriately so that it becomes provably secure. This task required designing novel cryptographic constructs as well as investigating some basic number-theoretic techniques for arguing security over the group of quadratic residues modulo a composite when its factorization is known. Along the way, we discover that in the basic construction, anonymity does not depend on factoring-based assumptions, which, in turn, allows the natural separation of user join management and anonymity revocation authorities. Anonymity can, in turn, be shown even against an adversary controlling the join manager. © Springer-Verlag Berlin Heidelberg 2005.