This paper introduces a new privacy primitive called "Traceable Signatures," along with an efficient provably secure implementation. The authors develop mathematical and protocol tools, define the concepts and security model, and present the scheme and its security proof. Traceable signatures support extended fairness mechanisms for anonymity management and revocation, unlike traditional group signatures. They allow tracing of signatures from a single misbehaving party without revealing identities of others, which is not possible with standard group signatures. The authors develop basic tools, including zero-knowledge proofs, protocols, and primitives, to enable efficient implementation. These mechanisms work directly over a group of unknown order, contributing to the efficiency and modularity of the design. The interactive version of the signature scheme yields the notion of "traceable (anonymous) identification." The paper discusses the need for additional mechanisms to lift privacy conditions, as existing group signature schemes require opening all signatures, violating privacy. The proposed traceable signatures allow selective linking of signatures from a misbehaving user without compromising the privacy of law-abiding users. The authors introduce a novel general way of modeling privacy systems, including correctness and security properties. They define a security model that captures adversarial activities, including misidentification, anonymity, and framing attacks. The model is based on simulation-based security proofs and includes a set of security definitions to capture various adversarial behaviors. The construction is motivated by the state of the art and mathematical assumptions that allow users to generate keys modulo a composite number. The authors introduce new tools and cryptographic constructs to enable the various mechanisms of the model and scheme. The scheme is consistent with the present state-of-the-art revocation method for group signatures. The paper also discusses applications of traceable signatures, including transforming anonymous systems into ones with "fair privacy" and membership revocation of the CRL-type. The authors present a proof of knowledge for a discrete-log relation set, which is a generic way of designing zero-knowledge proof systems. They also define a notion of "discrete-log representations of arbitrary powers" and a mechanism called "drawing random powers." The paper concludes with a security model for traceable schemes, formalizing the security requirements and defining the interface for a traceable scheme. The model captures adversarial activities and includes security definitions for misidentification, anonymity, and framing attacks. The authors also define the security of traceable schemes based on canonical 3-move proofs of knowledge and passive impersonation-type attacks.This paper introduces a new privacy primitive called "Traceable Signatures," along with an efficient provably secure implementation. The authors develop mathematical and protocol tools, define the concepts and security model, and present the scheme and its security proof. Traceable signatures support extended fairness mechanisms for anonymity management and revocation, unlike traditional group signatures. They allow tracing of signatures from a single misbehaving party without revealing identities of others, which is not possible with standard group signatures. The authors develop basic tools, including zero-knowledge proofs, protocols, and primitives, to enable efficient implementation. These mechanisms work directly over a group of unknown order, contributing to the efficiency and modularity of the design. The interactive version of the signature scheme yields the notion of "traceable (anonymous) identification." The paper discusses the need for additional mechanisms to lift privacy conditions, as existing group signature schemes require opening all signatures, violating privacy. The proposed traceable signatures allow selective linking of signatures from a misbehaving user without compromising the privacy of law-abiding users. The authors introduce a novel general way of modeling privacy systems, including correctness and security properties. They define a security model that captures adversarial activities, including misidentification, anonymity, and framing attacks. The model is based on simulation-based security proofs and includes a set of security definitions to capture various adversarial behaviors. The construction is motivated by the state of the art and mathematical assumptions that allow users to generate keys modulo a composite number. The authors introduce new tools and cryptographic constructs to enable the various mechanisms of the model and scheme. The scheme is consistent with the present state-of-the-art revocation method for group signatures. The paper also discusses applications of traceable signatures, including transforming anonymous systems into ones with "fair privacy" and membership revocation of the CRL-type. The authors present a proof of knowledge for a discrete-log relation set, which is a generic way of designing zero-knowledge proof systems. They also define a notion of "discrete-log representations of arbitrary powers" and a mechanism called "drawing random powers." The paper concludes with a security model for traceable schemes, formalizing the security requirements and defining the interface for a traceable scheme. The model captures adversarial activities and includes security definitions for misidentification, anonymity, and framing attacks. The authors also define the security of traceable schemes based on canonical 3-move proofs of knowledge and passive impersonation-type attacks.