A signer in a Nominative Signature (NS) scheme can arbitrarily choose a nominee, then jointly generate a signature in such a way that the signature can only be verified with the nominee’s consent. NS is particularly useful in user certification systems. Currently, the only secure NS scheme available requires multi-round communications between the nominator and the nominee during signature gener...

about electronic signatures there are more or less some writings concerning their legal aspect. but in those writings there has been a little attention to credibility and evidential value of the electronic signatures. some questions and ambiguities despite being set before has not been answered at all or answered unsatisfactorily. meanwhile, some authors have made mistakes and some have set tri...

Two most important goals of server assisted signature schemes are to aid small and mobile devices in computing digital signatures and to provide immediate revocation of signing capabilities. In this paper, we introduce an efficient scheme named server assisted one-time signature (SAOTS) alternative to server assisted signature scheme introduced by Asokan et al. Extended the Lamport’s one-time s...

A leakage-resilient cryptosystem remains secure even if arbitrary, but bounded, information about the secret key (and possibly other internal state information) is leaked to an adversary. Denote the length of the secret key by n. We show: – A full-fledged signature scheme tolerating leakage of ( 1− n− ) · n bits of information about the secret key (for any constant < 1), based on general assump...

Oblivious Signature-Based Envelope (OSBE) has been widely employed for anonymity-orient and privacypreserving applications. The conventional OSBE execution relies on a secure communication channel to protect against eavesdroppers. In TCC 2012, Blazy, Pointcheval and Vergnaud proposed a framework of OSBE (BPV-OSBE) without requiring any secure channel by clarifying and enhancing the OSBE securit...

The group signature scheme [1], ACJT for short, is popular. In this paper we show that it is not secure. It does not satisfy exculpability. The group manager can sign on behalf of any group member. The drawback found in the scheme shows that some inductions are not sound, though they are prevalent in some so-called security proofs.

a broadcast authentication protocol enables the receivers to verify that a received packet was really sent by the claimed sender. Data confidentiality, authenticity, integrity, and non repudiation are basic concerns of securing data delivery over an insecure network. Large and distributed systems with time critical applications require immediate and secure authentication of command and control ...

Proxy signature is a special signature which provided the signer can delegate his signing capability to others. The proxy signature provides that the original signer can delegate his signing permission to a proxy signer, and the proxy signer can replace the original signer to sign the message. In this paper, we propose a proxy signature scheme based on ideas from classical proxy signature schem...