A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Breaking and repairing a convertible undeniable signature scheme
CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
Flaws in Applying Proof Methodologies to Signature Schemes
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Convertible Undeniable Signatures
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Key-Privacy in Public-Key Encryption
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Adapting the Weaknesses of the Random Oracle Model to the Generic Group Model
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
The Residues modulo m of Products of Random Integers
Combinatorics, Probability and Computing
Generic Groups, Collision Resistance, and ECDSA
Designs, Codes and Cryptography
Designated verifier proofs and their applications
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Lower bounds for discrete logarithms and related problems
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Invisibility and anonymity of undeniable and confirmer signatures
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Discrete-Log-Based signatures may not be equivalent to discrete log
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Time-selective convertible undeniable signatures
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Non-interactive designated verifier proofs and undeniable signatures
IMA'05 Proceedings of the 10th international conference on Cryptography and Coding
The security of the FDH variant of Chaum's undeniable signature scheme
IEEE Transactions on Information Theory
An efficient construction of time-selective convertible undeniable signatures
ISC'11 Proceedings of the 14th international conference on Information security
An efficient convertible undeniable signature scheme with delegatable verification
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Provably secure pairing-based convertible undeniable signature with short signature length
Pairing'07 Proceedings of the First international conference on Pairing-Based Cryptography
| Hi-index | 0.00 |
In 1990, Boyar, Chaum, Damgård and Pedersen introduced convertible undeniable signatureswhich limit the self-authenticating property of digital signatures but can be converted by the signer to ordinary signatures. Michels, Petersen and Horster presented, in 1996, an attack on the Elgamal-based seminal scheme of Boyar et al.and proposed a repaired version without formal security analysis. In this paper, we modify their protocol so that it becomes a generic one and it provides an advanced feature which permits the signer to universally convert achronouslyall signatures pertaining to a specific time period. We supply a formal security treatment of the modified scheme: we prove, in the generic group model, that the protocol is existentially unforgeable and anonymous under chosen message attacks, assuming new assumptions (though reasonable) on the underlying hash function.