Abstract
A (t, n) threshold group signature scheme is a generalization of group signature, in which only t or more members from a given group with n members can represent the group to generate signatures anonymously and the identities of signers of a signature can be revealed in case of dispute later. In this paper, we first present a definition of threshold group signatures, and propose severalreq uirements to evaluate whether a threshold group signature scheme is secure and efficient. Then we investigate the security and efficiency of a threshold group signature scheme proposed by Li, Hwang, Lee and Tsai, and point out eight weaknesses in their scheme. The most serious weakness is that there is a framing attack on their scheme. In this framing attack, once the group private key is controlled, (n - t + 1) colluding group members can forge a valid threshold group signature on any given message, which looks as if it was signed by (t-1) honest group members and one cheating member. At the same time, all these (t - 1) honest members cannot detect this cheating behavior, because they can use the system to generate group signatures normally.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
G. Ateniese, J. Camenisch, M. Joye, and G. Tsudik. A practicala nd provably secure coalition-resistant group signature scheme. In: Crypto’2000, LNCS 1880, pp. 255–270. Springer-Verlag, 2000. 76, 77
G. Ateniese, M. Joye, and G. Tsudik. On the dificulty of coalition-resistant in group signature schemes. In: Second Workshop on Security in Communication Networks (SCN’99), September 1999. 76, 77
G. Ateniese, and G. Tsudik. Some open issues and new directions in group signature schemes. In: Financial Cryptography (FC’99), LNCS 1648, pp. 196–211. Springer-Verlag, 1999. 76, 77, 81
C. Boyd. Digitalm ultisignatures. In: Cryptography and Coding, pp. 241–246. Oxford University Press, 1989. 76
J. Camenisch. Efficient and generalized group signatures. In: Eurocrypt’97, LNCS 1233, pp. 465–479. Springer-Verlag, 1997. 76, 77
J. Camenisch, and M. Stadler. Efficient group signature schemes for large groups. In: Crypto’97, LNCS 1294, pp. 410–424. Springer-Verlag, 1997. 76, 77
J. Camenisch. Group signature schemes and payment systems based on the discrete logarithm problem. Vol. 2 ofETH-Series in Information Security an Cryptography, ISBN 3-89649-286-1, Hartung-Gorre Verlag, Konstanz, 1998. 76, 77
J. Camenisch, and M. Michels. Separability and efficiency for generic group signature schemes. In: Crypto’99, LNCS 1666, pp. 413–430. Springer-Verlag, 1999. 76, 77
J. Camenisch, and A. Lysyanskaya. Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Crypto’2002, LNCS 2442, pp. 61–76. Springer-Verlag, 2002.
D. Chaum, E. van Heyst. Group signatures. In: Eurocrypt’91, LNCS 547, pp. 257–265. Springer-Verlag, 1991. 75, 77
L. Chen, and T.P. Pedersen. New group signature schemes. In: Eurocrypt’94, LNCS 950, pp. 171–181. Springer-Verlag, 1995. 76, 77
L. Chen, and T. P. Pedersen. On the efficiency of group signatures providing information-theoretic anonymity. In: Eurocrypt’95, LNCS 921, pp. 39–49. Springer-Verlag, 1995. 76, 77
Y. Desmedt. Society and group oriented cryptography: a new concept. In Crypto’87, LNCS 293, pp.120–127. Springer-Verlag, 1988. 76
Y. Desmedt, and Y. Frankel. Threshold cryptosystems. In Crypto’89, LNCS 435, pp. 307–315. Springer-Verlag, 1990. 76
A. Fujioka, T. Okamoto, and K. Ohta. A practicald igital multisignature scheme based on discrete logarithms. In: Auscrypt’92, LNCS 718, pp. 244–251. Springer-Verlag, 1992. 76
R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. Robust threshold DSS signatures. In: Eurocrypt’96, LNCS1070, pp. 354–371. Springer-Verlag, 1996. 76
L. Harn. Group-oriented (t, n) threshold digital signature scheme and multisignature. IEE Proceedings-Computers and Digital Techniques, 1994, 141(5): 307–313. 76
L. Harn. New digitalsign ature scheme based on discrete logarithm. Electronic Letters, 1994, 30(5): 396–398. 76
L. Harn, and S. Yang. Group-oriented undeniable signature schemes without the assistance of a mutually trusted party. In Auscrypt’92, LNCS 718, pp.133–142. Springer-Verlag, 1993. 76
P. Horster, M. Michels, and H. Petersen. Meta-multisignature schemes based on the discrete logarithm problem. In Proc. of IFIP/SEC’95, pp. 128–141. Chapman & Hall, 1995. 76
M. Joye, S. Kim, and N-Y. Lee. Cryptanalysis of two group signature schemes. In: Information Security (ISW’99), LNCS 1729, pp. 271–275. Springer-Verlag, 1999. 76
M. Joye, N-Y. Lee, and T. Hwang. On the security of the Lee-Chang group signature scheme and its derivatives. In: Information Security (ISW’99), LNCS 1729, pp. 47–51. Springer-Verlag, 1999. 76
H-J. Kim, J. I. Lim, and D.H. Lee. Efficient and secure member deletion in group signature schemes. In: Information Security and Cryptology (ICISC 2000), LNCS 2015, pp. 150–161. Springer-Verlag, 2001. 76
S. K. Langford.Weaknesses in some threshold cryptosystems. In Crypto’96, LNCS 1109, pp.74–82. Springer-Verlag, 1996. 76
C-M. Li, T. Hwang and N-Y. Lee. Threshold-multisignature schemes where suspected forgery implies traceability of adversarial shareholders. In: Eurocrypt’94, LNCS 950, pp. 194–204. Springer-Verlag, 1995. 76, 77, 87
C-M. Li, T. Hwang, N-Y. Lee, and J-J. Tsai. (t, n) threshold-multisignature schemes and generalized-multisignature scheme where suspected forgery implies traceability of adversarial shareholders. Cryptologia, July 2000, 24(3): 250–268. 76, 77, 79, 80, 81, 82, 87
M. Michels, and P. Horster. On the risk of discruption in several multiparty signature schemes. In Asiacrypt’96, LNCS 1163, pp.334–345. Springer-Verlag, 1996. 76, 77, 86, 87
T. Okamoto. A digital multisignature scheme using bijective public-key cryptosystem. ACM Transactions on Computer Systems, 1988, 6(8): 432–441. 76
T. Ohata, and T. Okamoto. A digitalm ultisignature scheme based on the Fiat-Shamir scheme. In: Asiacrypt’91, LNCS 739, pp. 75–79. Springer-Verlag, 1991. 76
C. Park, and K. Kurosawa. New Elgamal type threshold digital signature scheme. IEICE Trans. Fundamentals, January 1996, E79-A(1): 86–93. 76
H. Petersen. How to convert any digitalsign ature scheme into a group signature scheme. In: Proc. of Security Protocols Workshop’97, LNCS 1361, pp. 67–78. Springer-Verlag, 1997. 76
A. Shamir. How to share a secret. Communications of the ACM, 1979, 22(11): 612–613.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wang, G. (2003). On the Security of the Li-Hwang-Lee-Tsai Threshold Group Signature Scheme. In: Lee, P.J., Lim, C.H. (eds) Information Security and Cryptology — ICISC 2002. ICISC 2002. Lecture Notes in Computer Science, vol 2587. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36552-4_6
Download citation
DOI: https://doi.org/10.1007/3-540-36552-4_6
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00716-6
Online ISBN: 978-3-540-36552-5
eBook Packages: Springer Book Archive