Spontaneous Group Cryptography

Speaker:          Prof. Victor K. Wei  
                  Department of Information Engineering    
                  Chinese University of Hong Kong    

Title:            Spontaneous Group Cryptography


Date:             Monday, 24 November 2003 

Time:             4:00pm - 5:00pm 

Venure:           Lecture Theatre F (Leung Yat Seng Lecture Theatre) 
                  (near lift nos. 25/26)   


ABSTRACT: 


D. Chaum was among the first to study group signatures. Any single user, 
or any subset of t users among a group of n users can generate a signature 
based on a group secret.   Usually, singer-ambiguity (anonymity) is a 
desirable feature in addition to signature unforgeability, completeness, 
and message confidentiality. Early group signature schemes often rely on 
a TTP called group leader/manager/clerk who often has extraordinary power. 
Newer schemes replace the group manager with a all-member collaborative 
round which implicitly or explicitly establishes a secret-sharing scheme.
    

In [Cramer-Damgard-Shoemakers, crypto'94], and in [Rivest-Shamir-Tauman
Asiacypt'01], spontaneous anonymous group signature schemes, also know as 
ring signatures, were proposed. Any single member of a group can generate 
a signature which can be verified using public-keys only to be signed by
one of the group members, yet the identity of the signer remain totally 
ambiguous. In addition, there is no group manager or any other TTP, and 
there is no collaboration from any member other than the actual signer.   
This new paradign has generates research interests. [Bresson-Stern-Szydlo,
Crypto'02] proposed other implementations as well as spontaneous anonymous 
threshold signatures (threshold ring signatures). [Naor, Crypto'03] presented 
spontaneous anonymous group authentications. [Abe,Ohkubo,Suzuki,Asiacrypt'02] 
presented separable RSA-and-DL mixed versions. [Zhang-Kim, Asiacrypt '02] 
and [Boneh,et al., Eurocrypt '03] wrote about ring signatures.

With co-authors Joseph K. Liu and Duncan S. Wong, I also obtained several
results on spontaneous anonymous threshold signatures and spontaneous 
anonymous verifiable encryption. In particular, we have (1) the first 
efficient spontaneous anonymous threshold signature scheme; (2) the
first polynomial-construction spontaneous anonymous group signature; 
(3) the first linkable and culpable spontaneous group signature; (4) the 
first spontaneous group-anonymous verifiable encryption; (5) the first 
bilinear spontaneous anonymous group signature. All these results have 
been proven secure under the random oracle model, with back patches, with 
rewind simulation, or with multiple rewind simulation. Additionally, a new 
e-voting scheme based on (3) has been constructed which does not require a 
registration round. Furthermore, in the process of proving the above results, 
we have obtained a new proof of the old rewind simulation paradigm. Our RoS 
(Rewind-on-Success) Lemma can be used to replace the well-known heavy-row 
lemma in proving rewind simulation results.


BIOGRAPHY: 

Victor K. Wei graduated with Bachelor of Science, Electrical Engineering, 
from National Taiwan University, Taipei, in 1976. He obtained PhD, Electrical 
Engineering from University of Hawaii in 1980.
 
From 1980 to 1983, he was Member of Technical Staff, Mathematics Research
Center, Bell Labs.   From 1984 to 1994 he was Member of Technical Staff, 
Discrete Mathematics Research, and District Manager then Director of 
Computation and Communication Principles Research, Bell Communications 
Research (Bellcore).  Since 1994 he has been Professor, Department of 
Information Engineering, Chinese University of Hong Kong.
 
Professor Wei placed first in the Joint Entrance Examinations for Universities 
and Colleges in Taiwan in 1972.  He became a Fellow of the IEEE in 1995.