Non-interactive Designated Verifier Proofs and Undeniable Signatures
نویسندگان
چکیده
Non-interactive designated verifier (NIDV) proofs were first introduced by Jakobsson et al. and have widely been used as confirmation and denial proofs for undeniable signature schemes. There appears to be no formal security modelling for NIDV undeniable signatures or for NIDV proofs in general. Indeed, recent work by Wang has shown the original NIDV undeniable signature scheme of Jakobsson et al. to be flawed. We argue that NIDV proofs may have applications outside of the context of undeniable signatures and are therefore of independent interest. We therefore present two security models, one for general NIDV proof systems, and one specifically for NIDV undeniable signatures. We go on to repair the NIDV proofs of Jakobsson et al., producing secure NIDV proofs suited to combination with Chaum’s original undeniable signature scheme resulting in a secure and efficient concrete NIDV undeniable signature scheme.
منابع مشابه
An Attack on Not-interactive Designated Verifier Proofs for Undeniable Signatures
At Crypto’89, Chaum and van Antwerpen first introduced the concept of undeniable signatures, which has a special property such that a signature cannot be verified without the signer’s cooperation. In 1996, Jakobsson, Sako, and Impagliazzo proposed a not-interactive undeniable signature scheme by employing a new primitive called designated verifier proofs. However, this paper shows that their sc...
متن کاملDesignated Verifier Proofs and Their Applications
For many proofs of knowledge it is important that only the verifier designated by the confirmer can obtain any conviction of the correctness of the proof. A good example of such a situation is for undeniable signatures, where the confirmer of a signature wants t o make sure that only the intended verifier(s) in fact can be convinced about the validity or inva1idit)y of the signature. Generally,...
متن کاملUniversal Undeniable Signatures
In this paper, we provide a new approach to study undeniable signatures by translating secure digital signatures to secure undeniable signatures so that the existing algorithms can be used. Our mechanism is that any verifier without trapdoor information cannot distinguish whether a message is encoded from Diffie-Hellamn resource D or random resource R while a signer with trapdoor information ca...
متن کاملSpecial Signature Schemes and Key Agreement Protocols
This thesis is divided into two distinct parts. The first part of the thesis explores various deniable signature schemes and their applications. Such schemes do not bind a unique public key to a message, but rather specify a set of entities that could have created the signature, so each entity involved in the signature can deny having generated it. The main deniable signature schemes we examine...
متن کاملShort undeniable SignatureS: deSign, analySiS, and applicationS
Digital signatures are one of the main achievements of public-key cryptography and constitute a fundamental tool to ensure data authentication. Although their universal verifiability has the advantage to facilitate their verification by the recipient, this property may have undesirable consequences when dealing with sensitive and private information. Motivated by such considerations, undeniable...
متن کامل