Abstract. Group signature schemes allow a group member to anonymously sign on group’s behalf. Moreover, in case of anonymity misuse, a group authority can recover the issuer of a signature. This paper analyzes the security of two group signature schemes recently proposed by Tseng and Jan. We show that both schemes are universally forgeable, that is, anyone (not necessarily a group member) is able to produce a valid group signature on an arbitrary message, which cannot be traced by the group authority. Keywords. Digital signatures, group signatures, cryptanalysis, universal forgeries.