Step-out Group Signatures

    Marek Klonowski, Lukasz Krzywiecki, Miroslaw Kutylowski, Anna Lauks

                Institute of Mathematics and Computer Science, 
                     Wroclaw University of Technology

Group signature schemes enable to create digital signatures such that the signers 
are hidden in a group of potential signers, but in a case of need it is possible to 
reveal the actual signer. In a typical scenario, the revealing procedure is  performed
 by a group administrator.

We design a so called step-out group signature scheme where the situation is reversed:
any member of the group except the signer may prove that she or he was not the author 
of the signature. This is a dual solution that is useful in certain scenarios: 
it does not require any authority during revealing procedure, which is advantageous  
in distributed systems with unreliable communication. Moreover, in many cases it is not 
necessary to find the signer but to eliminate some potential signers (e.g. prosecutions 
and court procedures). Our solution is also more convenient for implementing personal 
data protection rules: since the signer is not revealed, there is no need to protect 
this information. On the other hand, the traditional scheme may lead to serious legal 
problems: if the legal case is to find out whether Bob has created group signature 
s, it might be illegal to reveal  that Alice has created s. Of course, for step-out 
signatures identifying the actual signer is tedious - it requires cooperation with 
many group members. On the other hand, the group members may refuse to cooperate, 
if they have good reasons for non-revealing the signer. 

(presentation accepted fo 8th Central European Conference on Cryptography, Graz 2008)