### Abstract

Though group signature schemes with efficient membership revocation were proposed, the previous schemes force a member to obtain a public membership information of 0(l_{n}N) bits, where l_{n}., is the length of the RSA modulus and N is the number of members joining and removed. In the scheme proposed in this paper, the public membership information has only K bits, where K is the number of members' joining. Then, for groups with a reasonable size that is comparable to the RSA modulus size (e.g., about 1000 members for 1024 bit RSA modulus), the public membership information is a single small value only, while the signing/verification also remains efficient.

Original language | English |
---|---|

Pages (from-to) | 336-347 |

Number of pages | 12 |

Journal | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |

Volume | 3108 |

Publication status | Published - 2004 |

### Fingerprint

### Keywords

- Group signature scheme
- Membership revocation
- Strong RSA assumption
- Zero-knowledge proof of integer relations

### ASJC Scopus subject areas

- Computer Science(all)
- Biochemistry, Genetics and Molecular Biology(all)
- Theoretical Computer Science

### Cite this

*Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)*,

*3108*, 336-347.

**A group signature scheme with efficient membership revocation for reasonable groups.** / Nakanishi, Toru; Sugiyama, Yuji.

Research output: Contribution to journal › Article

*Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)*, vol. 3108, pp. 336-347.

}

TY - JOUR

T1 - A group signature scheme with efficient membership revocation for reasonable groups

AU - Nakanishi, Toru

AU - Sugiyama, Yuji

PY - 2004

Y1 - 2004

N2 - Though group signature schemes with efficient membership revocation were proposed, the previous schemes force a member to obtain a public membership information of 0(lnN) bits, where ln., is the length of the RSA modulus and N is the number of members joining and removed. In the scheme proposed in this paper, the public membership information has only K bits, where K is the number of members' joining. Then, for groups with a reasonable size that is comparable to the RSA modulus size (e.g., about 1000 members for 1024 bit RSA modulus), the public membership information is a single small value only, while the signing/verification also remains efficient.

AB - Though group signature schemes with efficient membership revocation were proposed, the previous schemes force a member to obtain a public membership information of 0(lnN) bits, where ln., is the length of the RSA modulus and N is the number of members joining and removed. In the scheme proposed in this paper, the public membership information has only K bits, where K is the number of members' joining. Then, for groups with a reasonable size that is comparable to the RSA modulus size (e.g., about 1000 members for 1024 bit RSA modulus), the public membership information is a single small value only, while the signing/verification also remains efficient.

KW - Group signature scheme

KW - Membership revocation

KW - Strong RSA assumption

KW - Zero-knowledge proof of integer relations

UR - http://www.scopus.com/inward/record.url?scp=24144495867&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=24144495867&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:24144495867

VL - 3108

SP - 336

EP - 347

JO - Lecture Notes in Computer Science

JF - Lecture Notes in Computer Science

SN - 0302-9743

ER -