Abstract
As a special digital signature, a group signature scheme allows a group member to sign message on behalf of the group in an anonymous and unlinkability way, In case of a dispute, the group manager can reveal the actual identity of signer. Anonymity and unlinkability are basic properties of group signature, which distinguish other signature scheme. Recently, based on the work of Camenisch and Lysyanskaya, which is known to be the most efficient scheme so far, E.Y.Choi et al propose an efficient group signature scheme with member revocation at TrustBus 2005. Unfortunately, in this work we show that the scheme has linkability, Namely, any one can distinguish whether two different group signatures are produced by the same signer, and that the revocation manager cannot trace the actual identity of a signer by a group signature. Finally, we give the corresponding attack to the scheme.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
