The representative collective digital signature scheme allows the creation of a unique collective signature on document M that represents an entire signing community consisting of many individual signers and many different signing groups, each signing group is represented by a group leader. On document M, a collective signature can be created using the representative digital signature scheme that represents an entire community consisting of individual signers and signing groups, each of which is represented by a group leader. The characteristic of this type of letter is that it consists of three elements (U, E, S), one of which (U) is used to store the information of all the signers who participated in the formation of the collective signature on document M. While storing this information is necessary to identify the signer and resolve disputes later, it greatly increases the size of signatures. This is considered a limitation of the collective signature representing 3 elements. In this paper, we propose and build a new type of collective signature, a collective signature representing 2 elements (E, S). In this case, the signature has been reduced in size, but it contains all the information needed to identify the signer and resolve disputes if necessary. To construct the approved group signature scheme, which is the basic scheme for the proposed representative collective signature schemes, we use the discrete logarithm problem on the prime finite field. At the end of this paper, we present the security analysis of the AGDS scheme and a performance evaluation of the proposed collective signature schemes.

To ensure the security of transactions on the network, people often use authentication systems based on digital signatures. Digital signatures [

In order to meet many different authentication requirements in practice, many types of digital signature schemes have been researched and published such as single digital signature scheme [

It is known that a group signature is a multi-signature formed by a group of signers under the control of the group leader (who manages the signing group). This type of signature usually consist of two components, or pairs of two sufficiently large integers (E and S). A group signature scheme must meet the following minimum requirements: i) A set (subnet) of any individual signers the individual, selected from a group of members, can generate a signature, representing the signing group, on document M; ii) The signing group manager can identify everyone who participated in the group signature formation process of the signing group they manage, and only the group manager can do this; and iii) Persons outside of the signing group cannot establish a subset of individual signers so that these people create group signatures representing the signing group.

The Approved Group Digital Signatures (AGDS) type proposed by us [

Therefore, to meet the above conditions, the approved group signature has been designed in the form of a set of three components U, E, and S [

To overcome this limitation, we change the AGDS schema, and subsequently change the representative collective signature scheme, so that it allows the creation of group signatures and representative collective signatures consisting of only sets of 2 components (E, S) [

In three-element grouping signature schemes [

The AGDS generation procedure in this case, which generates a 2-component group signature, is performed through the following steps:

The set of individual signers together create a collective signature on the document M to be signed. Then, send the newly created collective signature (E_{col}, S_{col}) to the group manager.

The group manager uses the received collective signature (E_{col}, S_{col}), document M, and his private key z to compute a pseudo-random value T, according to a predefined algorithm.

Using the calculated pseudo-random value, the group manager computes the random component of the group signature (R), and then computes the two components of the team leader's signature (E, S) on document M This is also the group signature of the whole group signing on document M.

Thus, we reduce the size of the group signature and the representative collective signature [

In this paper, we use the difficult problem of the discrete logarithm on prime finite fields to build both forms of collective signature schema representing 2 components: i) Collective signature shared by multiple signing groups and ii) Collective signatures shared by multiple signing groups and many individual signers. The collective signature scheme and the consent group signature scheme are used as the basis for the proposed collective signature scheme.

This part uses the digital signature scheme described in [

The input parameters are chosen as follows: Choose a sufficiently large prime number

The main procedures of the collective signature scheme on the document M are described below.

Includes the following stages:

Each

Choose a random value

Calculate the value of the random component

Send

A certain signer, or all signers, in the signing collective does:

Calculate the value of the common (public) random component of the collective R using the following formula:

Calculate the first component

Each

Calculate the value of the individual share component

Send

A certain person, or all signers, in the signing collective calculates the second component of the S collective signature using the following formula:

So the value pair (

To verificate the validity of the signature received with the document M, the verifier performs the following step:

Calculate the public key

Calculate the value of the random parameter R^{*} using the following formula:

Calculate the value of the component E^{*} using the following formula:

Compare E^{*} with E. If E^{*} = E: The received signature is valid; otherwise, it is invalid and will be rejected.

To prove the correctness of this scheme, we need to prove the existence of the test expression

Conspicuously, the test expression

Thus, the test expression

This section describes the two-component approved group signature scheme. The signing group in this case consists of m signers and one who plays the role of group manager. The input parameters are selected as shown in the CDS-2.1 scheme. M is the document that needs to have a group signature on it.

Each signer generates a random secret number to serve as the private key. The public key

The main procedures of the two-component approved group signature scheme on the document M are described below.

The group signature in this case is formed through two stages:

Creating a collective signature on document

On the basis of the collective signature that has just been created, the group manager creates a group signature of 2 components, representing the whole signing group

Individual signers create a collective signature on the document

Each _{i}_{i}_{ }r

Then send

Any signer in the group, or all, calculate

And calculate

Each

Then, sends

Any signer in the signing group, or all, calculate

So the tuple (_{col}, _{col}) is the collective signature of a signing group of m members. The length of the signature is: _{col}| + _{col}| ≈ 240 bit.

This collective signature is forwarded to the group manager,

The group manager checks the validity of the received collective signature (_{col}, _{col}) by checking the precision of the following expression:

If the collective signature is valid, the group manager will calculate the pseudo-random value T:

The group manager calculates the values R, E and S as follows:

Thus, the tuple (E, S) is the two-component approved group signature of the signing group including m signers and the group manager on the document M.

To check the validity of the approved group signature received with the document M, the verifier performs the following steps:

Calculate the value of the random parameter

Calculate the value of component E^{*} using the following formula:

Compare E^{*} with E. If E^{*} = E: The received signature is valid; otherwise, it is invalid and will be rejected.

The correctness of this representative collective signature scheme is shown through: i) The existence of a formula to check the shared signature

The correctness of the formula to check the shared signature per signer:

It is easy to see that the shared signature checking formula is always correct:

The correctness of the formula for checking collective signatures:

It is easy to see that the collective signature checking formula is always correct:

The correctness of the group signature checking procedure:

Conspicuously, the signature checking expression

And calculates:

Thus, the expression

This scheme generates a collective signature for

Suppose that the j-th group consists of

The protocol of collective signatures for signing groups is descibed as follows:

Including these following steps:

Each j-th group generates a group signature according to the GDS-2.2 signing group scheme above and then send

A certain GM in the collective, or all, calculates the values of R and E by the following formulas:

E is the first component of the collective signature.

GM of each j-th signing group continues to execute:

Calculate the shared composition

Send

A certain GM in the collective, or all, does the final works:

Verify the precision of the shared component

If all

Thus, the value par (E, S) is the collective digital signature, two components, of a collective of g signing groups on the document M.

To check the validity of the signature received with the document M, the verifier performs the following steps:

Calculate collective public key

Calculate the

Calculate the

Compare E^{*} with E. If E^{*} = E: The received signature is valid; otherwise, it is invalid and will be rejected.

The precision of this representative collective signature scheme is shown through: i) The existence of a shared signature verification formula shared by the signing team leaders; and ii) Existence of the test expression in the signature check procedure.

Prove the correctness of the member's signature:

It is easy to see that the shared signature checking formula

Prove the correctness of the last signature:

Conspicuously, the signature check expression

Thus, the expression

From (a) and (b): The correctness of the RCS.01-3.1 scheme is guaranteed.

Suppose there is a signing collective consisting of

The input parameters, secret key, public key… are selected and calculated as the scheme RCS.01-3.1.

Including these steps:

The GM of each group performs:

Generate a group signature according to the scheme for the GDS-2.2 signing group above and then send

Each

Choose a random number

Send

A GM or an individual signer in the collective calculates the values of

where:

GM of each j-th group will:

Calculate the shared component

Send

Each

Calculate their shared component

Send

A GM or an individual signer in the signing collective will:

Check the validity of each

with

with

If all the conditions are satisfied, the third component of the group signature will be calculated by the formula:

Thus, the value pair (E, S) is a collective signature, two components, of a collective consisting of

To check the validity of the signature received with the document M, the verifier performs the following steps:

Calculate the collective public key of the signing collective by using the following formula:

Calculate the random parameter value by using the following formula:

Calculate the E^{*} using the following formula:

^{*} with E. If E^{*} = E: The received signature is valid; otherwise, it is invalid and will be rejected.

The precision of this representative collective signature scheme is shown through: i) The existence of a formula to check the shared signature

The correctness of the formula to check the shared signature of m group managers:

Conspicuously, the formula for checking the shared signature of each group manager always exists:

The correctness of the formula to check the shared signature per signer:

Conspicuously, the formula for checking the shared signature of each group manager always exists:

The correctness of the procedure for checking the representative collective signature:

Conspicuously, the signature checking expression E = E^{*} always exists.

Thus, the expression E^{*} = E always exisits: This proves that the precision of the signature checking precedure, or the precision of the RCS.02-3.2 scheme is always guaranteed.

From (a), (b) and (c): The correctness of the RCS.02-3.2 scheme is guaranteed.

The approved group signature and the approved group signature scheme has the following security advantages:

The group signature in this paper is built based on the discrete logarithm problem on the prime finite field, so it inherits all the security advantages of this difficult problem. The same is true for the group approved digital signature scheme.

Signing group members and the group manager can both use a pair of their private key and public key for both purposes: Forming private signatures and participating in group signature formation. As a result, this scheme can be fully deployed on existing PKI (Public Key Infrastructure) systems [

The signer's private key and secret keys are not used directly in the group signature formation process, nor are they passed on to the group manager and other members of the signing group. In this case, the security and privacy of the values involved are guaranteed.

Using the group manager's public key Y as the public key of the signing group makes it possible both to check the validity of the signature (of the verifier) and to change the set of participants that form the signature (of the group manager) have become much more convenient.

The random parameters

The proposed representative collective signature scheme is built on the basis of the approved group signature scheme, so it fully inherits the advantages of this scheme.

We evaluate the computational performance of the two-element representative collective signature schemes by calculating the time cost that the scheme takes for the signature generation process (Signature generation procedure) and the need for the signature verification process (Signature verification procedure). The time costs of representative collective signature schemes proposed in this paper are shown in

Notations:

According to [

Information from

The scheme | Time for the signature generation | Time for the signature verification |
---|---|---|

RCS.01-3.1 | ||

RCS.02-3.2 |

The pseudo-random number generation algorithm T [

Use the group signature (E, S) to recalculate T by using the following formula:

Calculate:

And then recalculate the collective signature value using the formula:

Select a signing group (subset) consisting of any m members from the signing collective (this is a group of signers selected from the signing collective, they are assigned the task of creating a collective signature on document M): Use public key of this signing group to generate the collective public key. Use the newly computed collective public key to recalculate the

A representative collective signature is a form of signature formed by a group of signatures whose members are drawn from different signing groups and/or are from individuals of the same level with the signatories. It is a requirement of this type of signature that it contains information regarding all signers who participated in the signing process. This information is needed for the identification of the signer and to solve the “repudiation” responsibility issue later. We have proposed and implemented a representative collective signature scheme that only has two components (E, S) while still meeting the requirements for a representative scheme.

In [_{col}, S_{col}), precisely in the pseudo-random parameter T; ii) The group manager can easily identify all those who participated in the formation of the group's consent group signature, this is possible thanks to the special structure of the parameter T; and iii) Only the group manager can perform the “opening” of the group signature to identify the signer since only this person knows must know the secret key z, a very important component in T.

In addition to having the same security advantages of the three-component signature scheme and the consensus group signature protocol, the two-component collective signature scheme also exhibits the following capabilities: i) Helps to create signatures of shorter size, equal to

In this paper, we use the discrete logarithm problem on a prime finite field to build the proposed collective signature, hence the signature size and time cost for the signature formation/checking process not significantly reduced. We have reason to believe that, if we use the discrete logarithm problem on the elliptic curve [