Generic Constructions for Secure and Efficient Confirmer Signature Schemes
نویسندگان
چکیده
In contrast to ordinary digital signatures, the verification of undeniable signatures and of confirmer signatures requires the cooperation of the signer or of a designated confirmer, respectively. Various schemes have been proposed so far, from practical solutions based on specific number-theoretic assumptions to theoretical constructions using basic cryptographic primitives. To motivate the necessity of new and provably secure constructions for confirmer signatures, we first describe a flaw in a previous realization by Okamoto. We then present two generic constructions for designing provably secure and efficient confirmer variants of many well-known signature schemes, including the schemes by Schnorr, Fiat and Shamir, ElGamal, and the RSA scheme. The constructions employ a new tool called confirmer commitment schemes. In this concept the ability to open the committed value is delegated to a designated confirmer. We present an efficient realization based on the Decision-Diffie-Hellman assumption.
منابع مشابه
Convertible limited (multi-) verifier signature: new constructions and applications
A convertible limited (multi-) verifier signature (CL(M)VS) provides controlled verifiability and preserves the privacy of the signer. Furthermore, limited verifier(s) can designate the signature to a third party or convert it into a publicly verifiable signature upon necessity. In this proposal, we first present a generic construction of convertible limited verifier signature (CLVS) into which...
متن کاملOn the Generic and Efficient Constructions of Secure Designated Confirmer Signatures
For controlling the public verifiability of ordinary digital signatures, designated confirmer signature (DCS) schemes were introduced by Chaum at Eurocrypt 1994. In such schemes, a signature can be verified only with the help of a semi-trusted third party, called the designated confirmer. The confirmer can further selectively convert individual designated confirmer signatures into ordinary sign...
متن کاملOn Generic Constructions of Designated Confirmer Signatures
Designated Confirmer signatures were introduced to limit the verification property inherent to digital signatures. In fact, the verification in these signatures is replaced by a confirmation/denial protocol between the designated confirmer and some verifier. An intuitive way to obtain such signatures consists in first generating a digital signature on the message to be signed, then encrypting t...
متن کاملEfficient Transformation of Well Known Signature Schemes into Designated Confirmer Signature schemes
Since designated confirmer signature schemes were introduced by Chaum and formalized by Okamoto, a number of attempts have been made to design efficient and secure designated confirmer signature schemes. Yet, there has been a consistent gap in security claims and analysis between all generic theoretical proposals and any concrete implementation proposal one can envision using in practice. In th...
متن کاملEfficient Confirmer Signatures from the "Signature of a Commitment" Paradigm
Generic constructions of designated confirmer signatures follow one of the following two strategies; either produce a digital signature on the message to be signed, then encrypt the resulting signature, or produce a commitment on the message, encrypt the string used to generate the commitment and finally sign the latter. We study the second strategy by determining the exact security property ne...
متن کامل