From the perspective of cryptography, anonymity has two meanings:
1. Given a ciphertext, its public key cannot be recovered, which is mainly used for the security analysis of cryptographic algorithms;
2. The user's identity information will not be revealed when using the password scheme, which is more in line with the semantics of the real world.
Any member in the 1. group can sign the message on behalf of the group with his own private key, and the signer does not know which group member signed it.
2. The group administrator can find the identity of the group members according to the certificate.
1. Create a group, which is executed by the group owner to generate the private key and public key of the group owner;
2. Adding a group member, which is executed by the group owner, generates the private key and certificate of the group member, and the certificate is used to prove the identity of the group member;
3. Generate a group signature, and the group members sign the information through the private key;
4. Verify the group signature. The verifier can verify the legitimacy of the signature through the group public key. The verifier can determine that the signature really comes from this group, but can't determine which group member signed it.
5. Open the group signature, and the group owner can obtain the signer's certificate through the signature information, thus tracking the signer's identity.
Meet two conditions:
1. In order to facilitate member management, it is necessary to support revoking group members;
2. Considering the limited storage resources of the blockchain, the signature data should not be too large and can be aligned with the standard RSA signature.
The BBS04 scheme is based on bilinear pairs, and group administrators can initialize groups according to different linear pairs. The storage and calculation costs of group signatures under different linear pair types are as follows: