This paper describes two attacks on an anonymous group identification scheme proposed by Handley at Financial Crypto 2000. The first attack enables to forge valid proofs of membership for any secret key. As a consequence, any user, registered or not, can be properly authenticated by the group manager. The second attack enables the authority to recover the identity of any user who authenticates. Those two attacks can be very easily conducted in practice, without any heavy computation. Those attacks can be fixed with simple modifications and additions to the protocol but we think that the technique used to issue certificates is conceptually flawed and we propose a way to repair this phase of the protocol using zero-knowledge proof techniques.
展开▼
