| Abstrakt: |
We present the first group signature scheme with provable security and signature size O(λ) bits where the group manager, the group members, and the Open Authority (OA) are all identity-based. We use the security model of Bellare, Shi, and Zhang [3], except to add three identity managers for manager, members, and OA respectively, and we discard the Open Oracle (${\mathcal O} {\mathcal O}$). Our construction uses identity-based signatures summarized in Bellare, Namprempre, and Neven [2] for manager, Boneh and Franklin's IBE [7] for OA, and we extend Bellare et al.[3]'s group signature construction by verifiably encrypt an image of the member public key, instead of the public key itself. The last innovation is crucial in our efficiency; otherwise, Camenisch and Damgard[9]'s verifiable encryption would have to be used resulting in lower efficiency. [ABSTRACT FROM AUTHOR] |
