New Constructions of Convertible Undeniable Signature Schemes without Random Oracles

In Undeniable Signature, a signature’s validity can only be confirmed or disavowed with thehelp of an alleged signer via a confirmation or disavowal protocol. A Convertible undeniablesignature further allows the signer to release some additional information which can make anundeniable signature become publicly verifiable. In this work we introduce a new kind of attacks,called claimability attacks, in which a dishonest/malicious signer both disavows a signature via thedisavowal protocol and confirms it via selective conversion. Conventional security requirement doesnot capture the claimability attacks. We show that some convertible undeniable signature schemesare vulnerable to this kind of attacks.We then propose a new efficient construction of fully functional convertible undeniable signature,which supports both selective conversion and universal conversion, and is immune to the claimabilityattacks. To the best of our knowledge, it is the most efficient convertible undeniable signaturescheme with provable security in the standard model. A signature is comprised of three elements ofa bilinear group. Both the selective converter of a signature and the universal converter consist ofone group element only. Besides, the confirmation and disavowal protocols are also very simple andefficient. Furthermore, the scheme can be extended to support additional features which includethe delegation of conversion and confirmation/disavowal, threshold conversion and etc.We also propose an alternative generic construction of convertible undeniable signature schemes.Unlike the conventional sign-then-encrypt paradigm, the signer encrypts its (standard) signaturewith an identity-based encryption instead of a public key encryption. It enjoys the advantage ofshort selective converter, which is simply an identity-based user private key, and security againstclaimability attacks.