Security remarks on a group signature scheme with member deletion
Conference Proceeding Article
A group signature scheme allows a group member of a given group to sign messages on behalf of the group in an anonymous and unlinkable fashion. In case of a dispute, however, a designated group manager can reveal the signer of a valid group signature. Based on the Camenisch-Michels group signature scheme [7,8], Kim, Lim and Lee proposed the first group signature scheme with a member deletion procedure at ICISC 2000 . Their scheme is very efficient in both communication and computation aspects. Unfortunately, their scheme is insecure. In this paper, we first identify an effective way that allows any verifier to determine whether two valid group signatures are signed by the same group member. Secondly, we find that in their scheme a deleted group member can still update his signing key and then generate valid group signatures after he was deleted from the group. In other words, the Kim-Lim-Lee group signature scheme  is linkable and does not support secure group member deletion.
Digital signature, group signature, member deletion
Information and Communications Security: 5th International Conference, ICICS 2003, Huhehaote, China, October 10-13: Proceedings
City or Country
WANG, Guilin; BAO, Feng; ZHOU, Jianying; and DENG, Robert H..
Security remarks on a group signature scheme with member deletion. (2003). Information and Communications Security: 5th International Conference, ICICS 2003, Huhehaote, China, October 10-13: Proceedings. 2836, 72-83. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/1082