## CryptoDB

### Paper: Breaking and Repairing Trapdoor-free Group Signature Schemes from Asiacrypt 2004

Authors: Xinyi Huang Willy Susilo Yi Mu URL: http://eprint.iacr.org/2005/122 Search ePrint Search Google Group signature schemes allow a member of a group to sign messages anonymously on behalf of the group. In the case of later dispute, a designated group manager can revoke the anonymity and identify the originator of a signature. In Asiacrypt 2004, Nguyen and Safavi-Naini proposed a group signature scheme that has a constant-size public key and signature length, and more importantly, their group signature scheme does not require trapdoor. Their scheme is very efficient and the sizes of signatures are shorter compared to the existing schemes that were proposed earlier. In this paper, we point out that Nguyen and Safavi-Naini's scheme is insecure. In particular, we provide a cryptanalysis of the scheme that allows a non-member of the group to sign on behalf of the group. The resulting group signature can convince any third party that a member of the group has indeed generated such a signature, although none of the members has done it. Therefore, in the case of dispute, the group manager cannot identify who has signed the message. We also provide a new scheme that does not suffer against this problem.
##### BibTeX
@misc{eprint-2005-12458,
title={Breaking and Repairing Trapdoor-free Group Signature Schemes from Asiacrypt 2004},
booktitle={IACR Eprint archive},
keywords={cryptographic protocols / group signatures, privacy and anonymity, cryptographic protocols, bilinear pairings},
url={http://eprint.iacr.org/2005/122},
note={ wsusilo@uow.edu.au 12892 received 16 Apr 2005, last revised 18 Apr 2005},
author={Xinyi Huang and Willy Susilo and Yi Mu},
year=2005
}