Abstract
In many applications of group signatures, not only a signer's identity but also which group the signer belongs to is sensitive information regarding signer privacy. In this paper, we study these applications and combine a group signature with a ring signature to create a ring group signature, which specifies a set of possible groups without revealing which member of which group produced the signature. The main contributions of this paper are a formal definition of a ring group signature scheme and its security model, a generic construction and a concrete example of such a scheme. Both the construction and concrete scheme are provably secure if the underlying group signature and ring signature schemes are secure.