Paper 2012/431

On the Security of Dynamic Group Signatures: Preventing Signature Hijacking

Yusuke Sakai, Jacob C. N. Schuldt, Keita Emura, Goichiro Hanaoka, and Kazuo Ohta

Abstract

We identify a potential weakness in the standard security model for dynamic group signatures which appears to have been overlooked previously. More specifically, we highlight that even if a scheme provably meets the security requirements of the model, a malicious group member can potentially claim ownership of a group signature produced by an honest group member by forging a proof of ownership. This property leads to a number of vulnerabilities in scenarios in which dynamic group signatures are likely to be used. We furthermore show that the dynamic group signature scheme by Groth (ASIACRYPT 2007) does not provide protection against this type of malicious behavior. To address this, we introduce the notion of \emph{opening soundness} for group signatures which essentially requires that it is infeasible to produce a proof of ownership of a valid group signature for any user except the original signer. We then show a relatively simple modification of the scheme by Groth which allows us to prove opening soundness for the modified scheme without introducing any additional assumptions. We believe that opening soundness is an important and natural security requirement for group signatures, and hope that future schemes will adopt this type of security.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. An extended abstract appears in The 15th International Conference on Practice and Theory in Public Key Cryptography (PKC 2012).
Keywords
group signature
Contact author(s)
yusuke sakai @ uec ac jp
History
2012-08-05: received
Short URL
https://ia.cr/2012/431
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/431,
      author = {Yusuke Sakai and Jacob C. N.  Schuldt and Keita Emura and Goichiro Hanaoka and Kazuo Ohta},
      title = {On the Security of Dynamic Group Signatures: Preventing Signature Hijacking},
      howpublished = {Cryptology {ePrint} Archive, Paper 2012/431},
      year = {2012},
      url = {https://eprint.iacr.org/2012/431}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.