There is provided in accordance with the present invention a key issuing method for being performed by a user apparatus in a group signature system including the user apparatus and an issuer apparatus connected to the user apparatus through a network. The method comprises: reading an issuer public key from the issuer apparatus into a user storage through the network; receiving, from the issuer apparatus through the network, first confidential data including one or plural confidential texts which are produced by confidentializing the issuer public key using element data containing information of an element of a group in the issuer apparatus; performing a second confidential data generating process for generating second confidential data of a confidential text represented by the product of modulo-exponentiated element data corresponding to the confidential texts included in the first confidential data or a confidential text represented by the sum of the element data multiplied by a constant, using the issuer public key and the first confidential data; sending the second confidential data to the issuer apparatus through the network; receiving, from the issuer apparatus through the network, information generated in the issuer apparatus and based on the element data corresponding to the second confidential data; and generating a member public key which is a public key corresponding to the user apparatus and a member secret key which is a secret key corresponding to the user apparatus, using the information based on the element data corresponding to the second confidential data, and writing the member public key and the member secret key into the user storage.