A secure group signature is required to be anonymous, that is, given two group signatures generated by two different members on the same message or two group signatures generated by the same member on two different messages, they are indistinguishable except for the group manager. In this paper we prove the equivalence of a group signature’s anonymity and its indistinguishability against chosen ciphertext attacks if we view a group signature as an encryption of member identity. Particularly, we prove ACJT’s group signature is IND-CCA2 secure, so ACJT’s scheme is anonymous in the strong sense. The result is an answer to an open question in literature.
Weitere Kapitel dieses Buchs durch Wischen aufrufen
- On Anonymity of Group Signatures
- Springer Berlin Heidelberg