Designated confirmer signatures : modelling, design and analysis

Digital signatures are one of the most significant achievements of public-key cryptography and constitute a fundamental tool to ensure data authentication. However, the public verifiability of digital signatures may have undesirable consequences when manipulating sensitive and private information. Undeniable signatures, whose verification requires the cooperation of the signer in an interactive way, were invented due to such considerations. Whereafter, designated confirmer signatures (DCS) were introduced as an improved cryptographic primitive when the signer becomes unavailable in undeniable signatures. This thesis is mainly devoted to the modelling, design and analysis of designated confirmer signatures. By exploiting the existing security notions, we theoretically analyse the relations among unimpersonation, invisibility, non-transferability and transcriptsimulatability. To this end, we develop formal proofs to demonstrate the implications of those properties. After providing the theoretical results related to the security model, we develop both concrete and generic DCS constructions that adapts to a full verification setting. On one hand, by supporting the signer’s ability to disavow, we can achieve an efficient designated confirmer signatures by using bilinear maps, and such a construction is secure in the random oracle model under a new computational assumption, called Decisional Co-efficient Linear (D-co-L) assumption, whose intractability in pairing settings is analysed in the generic group model. The proposed scheme is constructed by encrypting Boneh, Lynn and Shacham’s pairing based short signatures with signed ElGamal encryption. On the other hand, we build a generic transformation that is inspired by Gentry, Molnar, Ramzan’s DCS scheme. The new generic DCS scheme is proved to be secure in the standard model, and can be implemented to obtain an efficient instantiation with a Persesen Commitment, a Camenisch and Shoup’s Paillierbased encryption scheme and a Boneh, Lynn and Shacham’s short signature scheme.