The digital signature is a technology which guarantees validity of data together with a signer. 
The group signature scheme proposed by Chaum and van Heyst, 
allows a group member to sign a message anonymously on behalf of the group; 
a designated entity to identify signers which is called function of tracing; 
and a designated entity to revoke a group member form the group. 

In this thesis, we propose two kind of group signature scheme 
from the viewpoints of efficiency and signer's privacy, 
and show the security proof. 
The first scheme, aiming at the efficiency, 
proposes a modified Nyberg-Rueppel signature scheme 
and efficient zero-knowledge proof of knowledge 
that proves the knowledge of modified Nyberg-Rueppel signature. 
The second scheme, aiming at signer's privacy, 
separates one group manager into two equivalent 
and independent group managers. 
As a result, there is no single entity who can reveal the signer's identity. 
Furthermore, we give the security proof of our scheme 
under the formal definitions of security requirement for group signature scheme with a revocation scheme.