On the security of Miyaji et al. group signature scheme

摘要

As a special digital signature, a group signature scheme allows a group member to sign message on behalf of the group in an anonymous and unlinkability way. In case of a dispute, the group manager can reveal the actual identity of signer. Anonymity and unlinkability are basic properties of group signature, which distinguish other signature scheme. Recently, based on modified Nyberg–Rueppel signature and knowledge proof signature, Miyaji et al. propose a new group signature scheme over only known-order group at ACNS2004. Unfortunately, in this work we show that the scheme has linkability, namely, anyone can distinguish whether two different group signatures are produced by the same signer. Furthermore, we give the corresponding attack to the scheme. Finally, we propose an improved scheme to overcome the above drawback: linkability.