| 摘要 |
To provide an efficient and safe group signature system. In the group signature system, not an issuer but an opener holds open means, and data necessary for executing the open means does not have a key pair of the issuer so that the open means can be properly executed even if the issuer creates an open key by an invalid method. Moreover, it is possible to prove that the key pair of a member cannot be forged, to indicate it from a discrete logarithmic assumption, by a method similar to that for indicating that the ElGamal cipher system is safe, that a cipher text or a portion of a signed sentence cannot be decrypted other than the opener and to indicate it from a random Oracle assumption, by a method similar to that for proving that the Schnorr signature is safe, that the signature of a knowledge has an extractability. |
