Abstract. We propose a group signature scheme with constant-size public key and signature length that does not require trapdoor. So system parameters can be shared by multiple groups belonging to different organizations. The scheme is provably secure in the formal model recently proposed by Bellare, Shi and Zhang (BSZ04), using random oracle model, Decisional Bilinear Diffie-Hellman and Strong Diffie-Hellman assumptions. We give a more efficient variant scheme and prove its security in a formal model which is a modification of BSZ04 model and has a weaker anonymity requirement. Both schemes are very efficient and the sizes of signatures are approximately one half and one third, respectively, of the sizes of the well-known ACJT00 scheme. We also use the schemes to construct a traceable signature scheme. 1

Group signature schemes are cryptographic systems that provides revocable anonymity for the signers of messages. In this paper, we propose a group signature scheme with constant-size parameters that does not require any trapdoor secret, thereby, allows sharing of public parameters among organizations. The group manager and the revocation manager of a group can be separate parties and the size of the signature is the shortest, only one third of the size of the current state-of-the-art scheme [1]. An identity escrow scheme can be constructed as the concept dual. Under the Decisional Bilinear Diffie-Hellman and Strong Diffie-Hellman assumptions, the group signature scheme provably satisfies the conventional list of security requirements in the random oracle model and so is the identity escrow scheme in the standard model.

Self-Certified keys provide an attractive alternative to traditional certificate-based public key infrastructures. Many self-certified key issuing protocols strive to blind trusted third parties to users ’ private keys. One such key issuing protocol is based on the Nyberg-Rueppel signature scheme, but requires a proof of knowledge to avoid impersonation attacks. This paper describes a version of this protocol that uses elliptic curves and eliminates the impersonation attacks and the proof of knowledge.

Abstract not found

Abstract. The generic group model is a valuable methodology for analyzing the computational hardness of the number-theoretic problems used in cryptography. Although generic hardness proofs exhibit many similarities, still the computational intractability of every newly introduced problem needs to be proven from scratch, a task that can easily become complicated and cumbersome when done rigorously. In this paper we make the first steps towards overcoming this problem by identifying verifiable criteria which if met by a cryptographic problem guarantee its hardness with respect to generic algorithms. As useful means for formalization of definitions and proofs we relate the concepts of generic algorithms and straight-line programs that have only been used independently in cryptography so far. The class of problems we cover includes a significant number of the cryptographic problems currently known, and is general enough to also include many future problems. Moreover, we strengthen the conventional generic model by incorporating a broader class of possible oracles (operations) since the underlying algebraic groups may possibly be related through mappings such as isomorphisms, homomorphisms or multilinear maps. Our approach could serve as an appropriate basis for tool-aided hardness verification in the generic model. Keywords. Generic Group Model, Straight-Line Programs, Hardness Conditions 1