Research Of Group Signature Schemes

In their seminal 1976 paper "New Directions in Cryptography", Diffie and Hellman devised the concept of public key cryptography and proposed a protocol that allows two entities to derive a common secret key only by exchanging in public. From then on, public key cryptography developed quickly, so did digital signatures, parts of public key cryptography. With the quick development of communication in computers, digital signatures have played an important role in the aspects of authentication, data integrity, non-repudiation, anonymity and so on.Group signature which is a sort of important digital signatures, first introduced by D. Chaum and E. van Heyst in 1991, allowed individual members of a group to make signatures on behalf of the group while providing the signer's anonymity. Owing to its anonymity, group signature can be applied in the activity of electronic politics and electronic commerce such as electronic voting, electronic bidding and off-line electronic cash and so on.Signature of knowledge plays an important role in the group signature because it can avoid some attacks compared with early ones. However, the efficiency of many revocative group signatures proposed at present is poor and it has obstructed the development of group signature. This is one of reasons that dynamic group signature which can delete group members efficiently is proposed.At present, the difficulties of a dynamic group signature are to search some efficient algorithm to delete group members but not cut down the efficiency of group signature. We explores it beneficially in this dissertation. Based on network authentication, we proposed an efficient dynamic group signature scheme to delete group members. This revocative scheme can be transplanted to other group signature schemes.The following are the main researching results:1. The securities of three group signature schemes are analyzed. We prove that the scheme [CZ2000] isn't satisfied with exculpability and unforgeability, the scheme [WF2003] isn't satisfied with unforgeability, the scheme [TJ99] isn't satisfied with coalition-resistance and universal unforgeability and unlinkability.2. Based on RSA algorithm and discrete logarithm, a group signature scheme with ID verification is proposed and analyzed. We even attacked it by a lot of means and...