I'm new to cryptography and signatures, I've done work that involves a signature model, and now I need to run tests on it.
In this paper [1], a signature model called Linkable Spontaneous Anonymous Group Signature is created.
The algorithm is described in the paper, it is capable of creating signatures for groups of public keys. If a signature was created using LSAG, a verifier can verify the correctness of the signature but cannot know which public key is related to it, it only knows that it belongs to a group of public keys. Also, if a private key is used more than once, its generated signatures will be linked, and a verifier may know that the messages were signed by the same private key, but not which public key is related.
This sinature model has clear applications in voting systems to avoid double voting and preserve voters' anonymity.
My problem:
I managed to run the algorithm and it works correctly. But now I need to test the property cited in the paper as "Theorem 2 (Signer-Ambiguity)". The paper produces a mathematical proof of this in the appendix "C Proof of Theorem 2 (Signer-Ambiguity)". What I need is to understand how I can proceed with formal tests to verify Signer-ambiguity in practice.
Any kind of help would be grateful.
Linkable Spontaneous Anonymous Group Signature for Ad Hoc Groups
