Patent attributes
Methods and systems are provided for authenticating a message μ, at a user computer of a group signature scheme, to a verifier computer. The method includes, at the user computer, storing a user id m for the user computer and a user signing key which comprises a signature on the user id m under a secret key of a selectively-secure signature scheme. The user id m is an element of a predetermined subring, isomorphic to q[x]/(g(x)), of a ring R=q[x]/(f(x)), where f(x) and g(x) are polynomials of degree deg(f) and deg(g) respectively such that deg(f)>deg(g)>1. The method includes, at the user computer, generating a first cryptographic proof Π1 comprising a zero-knowledge proof of knowledge of the user signing key and including the message μ in this proof of knowledge. The user computer sends the message μ and a group signature, comprising the first proof Π1, to the verifier computer.
