preview

RSA-based Undeniable Signature for a Group

Satisfactory Essays
3. Proposed Approach In this paper, a new RSA-based undeniable signatures approach for a group is proposed. A group member can sign a document on behalf of the group without revealing the identity of the actual signer. The group secret key is split into two parts by Group Manager, one part is provided, as his group membership secret, to the group member; and the other part is provided to a trusted security mediator, SM. In our scheme, it is ensured that the group public key size and the group signature length are independent of the group size and, therefore, remain constant. The group signature is realized by the collaboration of the group member and the SM. Neither of the two can produce a valid signature alone without other’s help, i.e., both the SM and the group member are mandatory to participate in the generation of the valid group signature. The verifier would interact with the SM for the verification of the valid signature of any member of the group. The group membership of any member can be revoked immediately by the GM. To revoke the group membership the GM need only change the status of the member to be invalid and henceforth stopping the SM to collaborate with the member in realization of group signature. In the proposed scheme, the SM has the following responsibilities: • Collaborate with the valid group members to generate valid group signatures. • Verify the legal signature of the members of the group by interacting with the verifier. • Help GM in revocation of the group membership immediately. • In case of any dispute, open the group signature and help the GM in revealing the identity of the actual signer. In the following, a very simple and efficient scheme for signature generation and verification is described. T... ... middle of paper ... ... If ( V = V’ ) Verifier accepts the Signature to be valid and quits the protocol.  Verifier chooses two secret random integers i, j ∈R Z*nand computes T = Si yj (mod n). Verifier → SM: (T)  SM computes R = Te (mod n). SM → Verifier: (R)  Verifier computes R’= mi gj (mod n)  If ( R = R’ ) Verifier accepts the Signature to be valid and quits the protocol.  Verifier computes K= (V g-b)i (mod n) and L= (R g-j)a (mod n).  If ( K = L ) Verifier concludes that Signature is forged.  Else Verifier concludes that SM is trying to deny the Signature. Step 6. Open: In case of disputes, when GM needs to identify the signer of a particular message M, he can easily open the given signature and identify the actual signer with the help of SM. The SM issues the query to retrieve the identity of the member with respect to the value m, stored prior to the signature generation.
Get Access