Signature schemes based on the strong RSA assumption
ACM Transactions on Information and System Security (TISSEC)
Foundations of Cryptography: Basic Tools
Foundations of Cryptography: Basic Tools
Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Wallet Databases with Observers
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Designated Confirmer Signatures and Public-Key Encryption are Equivalent
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Modified Maurer-Yacobi`s scheme and its applications
ASIACRYPT '92 Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Undeniable Confirmer Signature
ISW '99 Proceedings of the Second International Workshop on Information Security
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Short Signatures from the Weil Pairing
Journal of Cryptology
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Public-key cryptosystems based on composite degree residuosity classes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Confirmer signature schemes secure against adaptive adversaries
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
On the generic and efficient constructions of secure designated confirmer signatures
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Designated confirmer signatures revisited
TCC'07 Proceedings of the 4th conference on Theory of cryptography
Invisibility and anonymity of undeniable and confirmer signatures
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
Trading one-wayness against chosen-ciphertext security in factoring-based encryption
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Discrete-Log-Based signatures may not be equivalent to discrete log
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Efficient designated confirmer signatures without random oracles or general zero-knowledge proofs
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Efficient identity-based encryption without random oracles
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Impossibility proofs for RSA signatures in the standard model
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Provably secure convertible undeniable signatures with unambiguity
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
A framework for constructing convertible undeniable signatures
ProvSec'10 Proceedings of the 4th international conference on Provable security
Non-interactive confirmer signatures
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
Designated confirmer signatures with unified verification
IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding
Generic constructions for verifiable signcryption
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
| Hi-index | 0.00 |
Designated Confirmer signatures were introduced to limit the verification property inherent to digital signatures. In fact, the verification in these signatures is replaced by a confirmation/denial protocol between the designated confirmer and some verifier. An intuitive way to obtain such signatures consists in first generating a digital signature on the message to be signed, then encrypting the result using a suitable encryption scheme. This approach, referred to as the "encryption of a signature" paradigm, requires the constituents (encryption and signature schemes) to meet the highest security notions in order to achieve secure constructions.In this paper, we revisit this method and establish the necessary and sufficient assumptions on the building blocks in order to attain secure confirmer signatures. Our study concludes that the paradigm, used in its basic form, cannot allow a class of encryption schemes, which is vital for the efficiency of the confirmation/denial protocols. Next, we consider a slight variation of the paradigm, proposed in the context of undeniable signatures; we recast it in the confirmer signature framework along with changes that yield more flexibility, and we demonstrate its efficiency by explicitly describing its confirmation/denial protocols when instantiated with building blocks from a large class of signature/encryption schemes. Interestingly, the class of signatures we consider is very popular and has been for instance used to build efficient designated verifier signatures.