Group signatures with reduced bandwidth
Group signatures are generalised credential/member authentication schemes with wide applications. Membership revocation problem is a major issue of group signatures, and is often resolved through an additional protocol which would encumber the whole group signature both in computation and storage, as Camenisch et al. did to ACJT's group signature scheme (the first ever practical group signature based on RSA problem put forward by Ateniese et al. at Crypto'00) by dynamic accumulator. Boneh et al. applied Camenisch et al.'s dynamic accumulator based revocation reversely, resulted in short group signature. We formally define the method used by Boneh et al., named reversed dynamic accumulator in this paper, and apply it on some previous group signatures to obtain improved ones with revocation capability, reduced bandwidth (signature size) and less signature generation computations. We also address the problems unsolved in Boneh et al.'s work, e.g. how to open a group signature since the current certificate may no longer be the one stored when it is firstly generated.