Efficient traceable signatures in the standard model

Traceable signatures (TS), suggested by Kiayias, Tsiounis and Yung (Eurocrypt’04), extend group signatures to address various basic traceability issues beyond merely identifying the anonymous signer of a rogue signature. Namely, they enable the efficient tracing of all signatures produced by a misbehaving party without opening the identity of other parties. They also allow users to provably claim ownership of a previously signed anonymous signature. To date, known TS systems all rely on the random oracle model. In this work we present the first realization of the primitive that avoids resorting to the random oracle methodology in its security proofs. Furthermore, our realization’s efficiency is comparable to that of the latest fastest and shortest standard model group signatures.