Group Signature with Deniability: How to Disavow a Signature

Access this Article

Author(s)

    • ISHIDA Ai
    • Department of Mathematical and Computing Sciences, Tokyo Institute of Technology|National Institute of Advanced Industrial Science and Technology
    • EMURA Keita
    • National Institute of Information and Communications Technology
    • SAKAI Yusuke
    • National Institute of Advanced Industrial Science and Technology
    • TANAKA Keisuke
    • Department of Mathematical and Computing Sciences, Tokyo Institute of Technology

Abstract

<p>Group signatures are a class of digital signatures with enhanced privacy. By using this type of signature, a user can sign a message on behalf of a specific group without revealing his identity, but in the case of a dispute, an authority can expose the identity of the signer. However, it is not always the case that we need to know the specific identity of a signature. In this paper, we propose the notion of <i>deniable group signatures</i>, where the authority can issue a proof showing that the specified user is NOT the signer of a signature, without revealing the actual signer. We point out that existing efficient non-interactive zero-knowledge proof systems cannot be straightforwardly applied to prove such a statement. We circumvent this problem by giving a fairly practical construction through extending the Groth group signature scheme (ASIACRYPT 2007). In particular, a denial proof in our scheme consists of 96 group elements, which is about twice the size of a signature in the Groth scheme. The proposed scheme is provably secure under the same assumptions as those of the Groth scheme.</p>

Journal

  • IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences

    IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences E100.A(9), 1825-1837, 2017

    The Institute of Electronics, Information and Communication Engineers

Codes

Page Top