Designated Con rmer Signatures Revisited
نویسنده
چکیده
Previous de nitions of designated con rmer signatures in the literature are incomplete, and the proposed security de nitions fail to capture key security properties, such as unforgeability against malicious con rmers and non-transferability. We propose new de nitions. Previous schemes rely on the random oracle model or set-up assumptions, or are secure with respect to relaxed security de nitions. We construct a practical scheme that is provably secure with respect to our security definition under the strong RSA-assumption, the decision composite residuosity assumption, and the decision Di e-Hellman assumption. To achieve our results we introduce several new relaxations of standard notions. We expect these techniques to be useful in the construction and analysis of other e cient cryptographic schemes.
منابع مشابه
Designated Conrmer Signatures Revisited * Douglas Wikström
Previous de nitions of designated con rmer signatures in the literature are incomplete, and the proposed security de nitions fail to capture key security properties, such as unforgeability against malicious con rmers and non-transferability. We propose new de nitions. Previous schemes rely on the random oracle model or set-up assumptions, or are secure with respect to relaxed security de nition...
متن کاملAnonymity and Denial of Undeniable and Confirmer Signatures
We introduce a new security property for undeniable and con rmer signatures in the multi-user setting, namely, anonymity. We show that many existing systems do not have this property.We modify the original undeniable signature scheme of Chaum and van Antwerpen and the RSA-based undeniable/con rmer signature scheme of Gennaro, Krawczyk and Rabin so that they achieve anonymity. We also provide a ...
متن کاملMulti-Designated Verifiers Signatures Revisited
Multi-Designated Verifier Signatures (MDVS) are privacy-oriented signatures that can only be verified by a set of users specified by the signer. We propose two new generic constructions of MDVS from variants of existing cryptographic schemes, which are ring signature from anonymous subset and multi-chameleon hash. We first devise a single add-on protocol which enables many existing identity-bas...
متن کاملIdentity-based strong designated verifier signature revisited
Designated verifier signature (DVS) allows the signer to persuade a verifier the validity of a statement but prevent the verifier from transferring the conviction. Strong designated verifier signature (SDVS) is a variant of DVS, which only allows the verifier to privately check the validity of the signer’s signature. In this work we observe that the unforgeability model considered in the existi...
متن کاملChaum's Designated Confirmer Signature Revisited
This article revisits the original designated confirmer signature scheme of Chaum. Following the same spirit we naturally extend the Chaum’s construction in a more general setting and analyze its security in a formal way. We prove its security in the random oracle model by using a random hash function and a random permutation. We notably consider the confirmer as an attacker against the existen...
متن کامل