Check out the new USENIX Web site.
Next: Acknowledgments Up: Implementing Group Signature Schemes Previous: Efficiency Considerations.

Conclusion

We have introduced a new way of designing group signature schemes by using a tamper-resistant device (as a smart card). First we showed how to build a (coalition-resistant) group signature scheme starting from any (ordinary) signature scheme and any (semantically secure) encryption scheme. Such group signatures can be computed very efficiently (typically only one or two exponentiation(s)) and are constant-size. Then we addressed the member revocation problem and solved it by using two approaches: in the first one, the group signature is completed with a signature involving a group-shared key which is renewed at each revocation; in the second one, the card checks it does not lie in a ``black list'' before computing a group signature. As a result, smart cards allow to design group signature schemes which are simple, generic, efficient and secure at the same time.