This report continues a discussion begun in the LCIS-98-17B report. As for the Ateniese-Tsudik schemes, we show that both the ID-based and self-certified public keys based group signature schemes proposed by Tseng and Jan (1998/1999) are not coalition-resistant: two colluding group members can produce untraceable group signatures. Indexing terms: Digital signatures, Group signatures

We propose a model for fair electronic cash issued by multiple banks for the first time. A scheme of electronic cash with multiple banks in which a user can be traced is presented by using the improved group signature scheme of Cam97[4] and the group blind signature scheme of Lys98[16]. A weakness in the design of withdrawal and payment protocols of electronic cash using the existing group sign...

At Crypto’99, Dr Coron, Naccache, and Stern presented a signature forgery strategy of the RSA digital signature scheme. The attack is valid on Chaum’s blind signature scheme, which has been applied to many practical applications such as electronic cash and voting. In this paper we propose a method to inject a randomizing factor into a message when it is signed by the signer in Chaum’s blind sig...

Group signature schemes allow a group member to sign messages anonymously on behalf of the group. During last decade, group signature schemes have been intensively investigated in the literature and applied to various applications. Especially, as noted in [3], the complexity of member deletion stands in the way of real world applications of group signatures. In this paper, we propose a group si...

The idea of a proxy signature scheme was first presented by Mambo et al. [1] in 1996. Their proxy signature scheme allows an original signer to delegate his signing right to a proxy signer to sign the message on behalf of an original signer. Later, the verifier, which knows the public keys of original signer and a proxy signer can check a validity of a proxy signature issued by a proxy signer. ...

In a blind signature scheme, the user can get a signature sig(m) on message m generated from the signer’s blind signature sig(m) on blinded message m, but the signer can’t know the contents of the message m. When the signature sig(m) is revealed to public after that have been signed, if the signer can find the linkage between the signature sig(m) and the blind signature sig(m) on blinded messag...

We present an efficient group signature scheme which make use of elliptic curves identity-based signature scheme. The performance of the generated group signature scheme is similar to the performance of the underlying ID-based signature scheme.

The threshold proxy signature scheme allows the original signer to delegate a signature authority to the proxy group to cooperatively sign message on behalf of an original signer. In this paper, we propose a new scheme which includes the features and benefits of the RSA scheme. Also, we will evaluate the security of undeniable threshold proxy signature scheme with known signers. We find that th...

The ring signature is a group signature without a group manager, so that a signer realizes a signature in the name of the group. In some situations it is necessary for a message to be signed by more than one persons. The scheme of the ring signature with divided key is an algorithm which ensures realizing a key signature by a group of k entities from a group of n entities. Because of the way th...

A strong designated verifier signature scheme makes it possible for a signer to convince a designated verifier that she has signed a message in such a way that the designated verifier cannot transfer the signature to a third party, and no third party can even verify the validity of a designated verifier signature. We show that anyone who intercepts one signature can verify subsequent signatures...