Unformatted text preview: ignatures have the following properties: — Only members of the group can sign messages. — The receiver of the signature can verify that it is a valid signature from the group. — The receiver of the signature cannot determine which member of the group is the signer. — In the case of a dispute, the signature can be “opened” to reveal the identity of the signer. Group Signatures with a Trusted Arbitrator
This protocol uses a trusted arbitrator: (1) Trent generates a large pile of public-key/private-key key pairs and gives every member of the group a different list of unique private keys. No keys on any list are identical. (If there are n members of the group, and each member gets m key pairs, then there are n*m total key pairs.) (2) Trent publishes the master list of all public keys for the group, in random order. Trent keeps a secret record of which keys belong to whom. (3) When group members want to sign a document, he chooses a key at random from his personal list. (4) When someone wants to verify that a signature belongs to the group, he looks on the master list for the corresponding public key and verifies the signature. (5) In the event of a dispute, Trent knows which public key corresponds to which group member. The problem with this protocol is that it requires a trusted party. Trent knows everyone’s private keys and can forge signatures. Also, m must be long enough to preclude attempts to analyze which keys each member uses. Chaum  lists a number of other protocols, some in which Trent is unable to fake signatures and others in which Trent is not even required. Another protocol  not only hides the identity of the signer, but also allows new members to join the group. Yet another protocol is . 4.7 Fail-Stop Digital Signatures
Let’s say Eve is a very powerful adversary. She has vast computer networks and rooms full of Cray computers—orders of magnitude more computing power than Alice. All of these computers chug away, day and night, trying to break Alice’s private key. Final...
View Full Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
- Fall '10