Backward Unlinkability for a VLR Group Signature Scheme with Efficient Revocation Check

Verifier-Local Revocation (VLR) group signatures, introduced by Boneh and Shacham in 2004 are a particular case of dynamic group signature schemes where the revocation process does not influence the activity of the signers. The verifiers use a Revocation List to check if the signers are revoked. In all known schemes, checking a signature requires a computational time linear in the number of revoked members. Usually, it requires one pairing per revoked user. Recently, Chen and Li proposed a scheme where Revocation Check uses exponentiations instead of pairings. Moreover, their scheme is aimed to offer protection against the Group Manager by enabling Exculpability. In this paper, we propose a correction of their scheme to enable a full proof of the traceability property and an extension to ensure Backward Unlinkability. This property prevents the loss of anonymity of past signatures when a user is revoked. This improvement requires a constant additional cost to the signature size whereas revocation check remains as efficient. We thus obtain the scheme with the most efficient Revocation Check among VLR schemes enabling Backward Unlinkability.