On the Security of Dynamic Group Signatures: Preventing Signature Hijacking
The authors identify a potential weakness in the standard security model for dynamic group signatures which appears to have been overlooked previously. More specifically, they highlight that even if a scheme provably meets the security requirements of the model, a malicious group member can potentially claim ownership of a group signature produced by an honest group member by forging a proof of ownership. This property leads to a number of vulnerabilities in scenarios in which dynamic group signatures are likely to be used. They furthermore show that the dynamic group signature scheme by Groth (ASIACRYPT 2007) does not provide protection against this type of malicious behavior.