Zero-knowledge undeniable signatures (extended abstract)
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Efficient Identification and Signatures for Smart Cards
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
The Decision Diffie-Hellman Problem
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Designated verifier proofs and their applications
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Efficient and generalized group signatures
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
On the security of nominative signatures
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Hi-index | 0.08 |
To prevent potential misuse and to enhance privacy, signatures with restricted verifiability have been recently extensively discussed in the literature. Unlike undeniable signatures and designated verifier signatures, nominative signatures restrict the ability of signature verification and confirmation to a designated verifier only. In this paper, security issues of a nominative signature scheme proposed by Huang and Wang are reconsidered. The first result obtained is that the cryptanalysis reported recently by Susilo and Mu is shown to be incompletely correct; namely, the nominator in fact cannot verify but can only screen signatures, and therefore any third party should not be convinced by the confirmation done by the nominator. The second observation is that the scheme proposed by Huang and Wang may not be as strong as originally claimed. Nevertheless, the overall result is optimistic that the security properties provided by the Huang-Wang nominative signature scheme are sufficient for most applications.