Abstract
This paper proposes a group signature scheme with efficient membership revocation. Though group signature schemes with efficient membership revocation based on a dynamic accumulator were proposed, the previous schemes force a member to change his secret key whenever he makes a signature. Furthermore, for the modification, the member has to obtain a public membership information of O(lnN) bits, where ln is the length of the RSA modulus and N is the total number of joining members and removed members. In our scheme, the signer needs no modification of his secret, and the public membership information has only K bits, where K is the maximal number of members. Then, for middle-scale groups with the size that is comparable to the RSA modulus size (e.g., up to about 1000 members for 1024 bit RSA modulus), the public membership information is a single small value only, while the signing/verification also remains efficient.
| Original language | English |
|---|---|
| Pages (from-to) | 1224-1233 |
| Number of pages | 10 |
| Journal | IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences |
| Volume | E88-A |
| Issue number | 5 |
| DOIs | |
| Publication status | Published - 2005 |
Keywords
- Group signature
- Membership revocation
- Strong RSA assumption
ASJC Scopus subject areas
- Signal Processing
- Computer Graphics and Computer-Aided Design
- Electrical and Electronic Engineering
- Applied Mathematics