| As an important cryptographic primitive,group signature allows a message to be signed by a user on behalf of a group.When a group signature is verified,it can be established that the signature was generated by a member in the group,but without revealing the identity of the particular member.Meanwhile,to prevent the malicious group member from abusing his privilege,group signature is designed to be account-able.Given a group signature,the group manager is able to trace the true identity of the signature generator when necessary.In a word,group signature is an authentication technique that combines anonymity and accountability.In order to adapt group signatures into the novel distributed application scenarios such as vehicular ad-hoc networks(VANETs)and blockchain,the notions named group signatures with decentralized tracing and message linkable group signatures have been proposed.The former notion requires that a group signature will be opened only when multiple openers open it cooperatively.In this way,the problem of relying on a single opener is solved.While the latter notion requires that when a group member signs the same message for more than one time,there exists an efficient algorithm that will detect this behavior.In this way,the group signature is secure against Sybil attacks.However,existing group signatures with decentralized tracing do not consider the dynamic case,and are not secure against framing attacks.Meanwhile,existing message linkable group signatures do not have an efficient revocation mechanism.To overcome the above problems,we design a dynamic group signature scheme with decentralized tracing and a message linkable group signature scheme with efficient revocation.In detail,the contribution of this thesis is threefold.Firstly,we propose a dynamic group signature scheme with decentralized tracing.To overcome the drawback of lacking dynamic mechanism in group signature with de-centralized tracing,we propose a dynamic group signature with decentralized tracing.By combining threshold secret sharing technology with dynamic group signature,the scheme achieves decentralized traceability.At the same time,by using the distributed and verifiable key generation algorithm,the scheme solves the problem that group sig-natures rely on group manager to generate open keys.The scheme is proven to be secure in the random oracle model.When comparing with a similar result by Benjumea et al.(FC 2008),our proposal has the advantage of a shorter signature size.Secondly,we propose a newly designed message linkable group signature scheme.We expand the short group signature scheme proposed by Boneh-Bonyen-Shacham(BBS)to support the message linkability.To achieve this goal,we add a message linkable tag as well as a zero-knowledge proof of the correctness of this tag into the signature.When a group member signs the same message twice,this behavior will be detected by the link check algorithm.Hence,the proposed scheme is secure against Sybil attack.Security analysis shows that the scheme is provably secure under the ran-dom oracle model.Finally,we achieve efficient revocation in the proposed message linkable group signature scheme.To achieve efficient revocation in message linkable group signa-tures,we implement a mechanism of key update via public channel based on the newly designed message linkable group signature.This is a benefit from the specific struc-ture of the BBS group signature.The key update mechanism allows group members to obtain an updated certificate from the group manager via a public channel,thereby updating private key to ensure the freshness of the private key.When a group member needs to be revoked,the group manager only needs to stop issuing an updated certificate to the group member.Finally,the application of message linkable group signature with efficient revocation in VANETs is also introduced. |
PDF Full Text Request