The Fiat–Shamir Transform for Group and Ring Signature Schemes

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

2 Citations (Scopus)


The Fiat-Shamir (FS) transform is a popular tool to produce particularly efficient digital signature schemes out of identification protocols. It is known that the resulting signature scheme is secure (in the random oracle model) if and only if the identification protocol is secure against passive impersonators. A similar results holds for constructing ID-based signature schemes out of ID-based identification protocols. The transformation had also been applied to identification protocols with additional privacy properties. So, via the FS transform, ad-hoc group identification schemes yield ring signatures and identity escrow schemes yield group signature schemes. Unfortunately, results akin to those above are not known to hold for these latter settings and the security of the resulting schemes needs to be proved from scratch, or worse, it is often simply assumed. In this paper we provide the missing foundations for the use of the FS transform in these more complex settings. We start with defining a formal security model for identity escrow schemes (a concept proposed earlier but never rigorously formalized). Our main result constists of necessary and sufficient conditions for an identity escrow scheme to yield (via the FS transform) a secure group signature schemes. In addition, using the similarity between group and ring signature schemes we give analogous results for the latter primitive.
Translated title of the contributionThe Fiat–Shamir Transform for Group and Ring Signature Schemes
Original languageEnglish
Title of host publicationSecurity and Cryptography for Networks - SCN 2010
PublisherSpringer Berlin Heidelberg
Publication statusPublished - 2010

Bibliographical note

Other page information: 363-380
Conference Proceedings/Title of Journal: Security and Cryptography for Networks - SCN 2010
Other identifier: 2001253

Fingerprint Dive into the research topics of 'The Fiat–Shamir Transform for Group and Ring Signature Schemes'. Together they form a unique fingerprint.

Cite this