Abstract:
How to efficiently revoke group membership and how to cope with key exposure are two important issues in designing group signature schemes. Up to now, there are few group schemes that can resolve the two problems at the same time. The common drawback of the previously proposed scheme is that the computational cost of verifying linearly depends on the number of the revoked group members. The revocation method based on accumulator has common drawback: previously signed signatures can not pass the verifying algorithm under the updated public value after the signer is revoked. Based on the ACJT group signature scheme, two new group signature schemes are proposed. The main trait is that they have efficiently revocable property and forward secure property at the same time. The evolution of secret key in scheme Ⅰ is more efficient. But the size of group public key and the computational cost of signing and verifying in scheme Ⅰ linearly depend on the number of time periods. Scheme Ⅱ adopts another forward secure method and overcomes this defect. Both the schemes tackle the drawback of the revocation method based on accumulator and support retroactively publicly revocable group membership with backward unlinkability. The computational cost of signing and verifying is independent of the number of the current group members and the revoked group members.