Chaum and van Heyst’s classical group signature [1] allows for the possibility of creating a signature by a group member, with a hidden identity. However, in this scheme, the trusted authority person can make the identity of the signer known. It is an undesirable property of the system, and much effort has been expended to solve this problem. There is a trend toward the elimination of the trusted authority person. One of the methods proposed in the literature is the democratic group signature scheme [2].
In this paper, the authors propose a step-out group signature scheme [3]. The idea of the method is that, for the set of all registered users Ω, the scheme allows for the following:
- (1) “Any set of up to n users from Ω can collectively sign a document M in the way that convinces a verifier that a subset d users of Ω has signed M. ... The signature is denoted by σ(M).”
- (2) “Any user from Ω that has participated in creation of a signature σ(M) ... can prove that he is one of the creators of σ(M).”
- (3) “Any user from Ω that was not taking part in creating σ(M) can prove this by executing a step-out procedure.”
The paper proposes some further improvements to the scheme. The construction is based on Lagrangian interpolation and some anonymous key revocation techniques [4]. Klonowski et al. provide a rigorous description of the algorithms and a clear formulation of the details.