A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
One-way functions are necessary and sufficient for secure signatures
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
How To Sign Given Any Trapdoor Function
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Designated Confirmer Signatures and Public-Key Encryption are Equivalent
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Efficient Group Signature Schemes for Large Groups (Extended Abstract)
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
New Efficient and Secure Protocols for Verifiable Signature Sharing and Other Applications
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Concurrent Zero-Knowledge: Reducing the Need for Timing Constraints
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Publicly verifiable secret sharing
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
Efficient concurrent zero-knowledge in the auxiliary string model
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Efficient proofs that a committed number lies in an interval
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
How to Construct Fail-Stop Confirmer Signature Schemes
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
RSA-Based Undeniable Signatures for General Moduli
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
Randomness Re-use in Multi-recipient Encryption Schemeas
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Invisible designated confirmer signatures without random oracles
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Efficient designated confirmer signature from bilinear pairings
Proceedings of the 2008 ACM symposium on Information, computer and communications security
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
Efficient Deniable Authentication for Signatures
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Anonymity from Public Key Encryption to Undeniable Signatures
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
On Tamper-Resistance from a Theoretical Viewpoint
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
On Generic Constructions of Designated Confirmer Signatures
INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
On the generic and efficient constructions of secure designated confirmer signatures
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Designated confirmer signatures revisited
TCC'07 Proceedings of the 4th conference on Theory of cryptography
A secure signature scheme from bilinear maps
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Online-untransferable signatures
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
Identity-based chameleon hash scheme without key exposure
ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
Efficient confirmer signatures from the "signature of a commitment" paradigm
ProvSec'10 Proceedings of the 4th international conference on Provable security
A new construction of designated confirmer signature and its application to optimistic fair exchange
Pairing'10 Proceedings of the 4th international conference on Pairing-based cryptography
On-line non-transferable signatures revisited
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
On the invisibility of designated confirmer signatures
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Fair and abuse-free contract signing protocol from Boneh-Boyen signature
EuroPKI'10 Proceedings of the 7th European conference on Public key infrastructures, services and applications
New approach for selectively convertible undeniable signature schemes
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Short 2-move undeniable signatures
VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
Conditionally verifiable signature
INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
Efficient designated confirmer signatures without random oracles or general zero-knowledge proofs
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Universally convertible directed signatures
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Separable identity-based deniable authentication: cryptographic primitive for fighting phishing
EuroPKI 2006 Proceedings of the Third European conference on Public Key Infrastructure: theory and Practice
Time-selective convertible undeniable signatures
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
3-Move undeniable signature scheme
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Chaum's designated confirmer signature revisited
ISC'05 Proceedings of the 8th international conference on Information Security
Relations among security notions for undeniable signature schemes
SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
Non-interactive designated verifier proofs and undeniable signatures
IMA'05 Proceedings of the 10th international conference on Cryptography and Coding
Cryptography and Security
Designated confirmer signatures with unified verification
IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding
Certificateless undeniable signatures from bilinear maps
Information Sciences: an International Journal
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Information Sciences: an International Journal
Identity-based chameleon hashing and signatures without key exposure
Information Sciences: an International Journal
| Hi-index | 0.00 |
The main difference between confirmer signatures and ordinary digital signatures is that a confirmer signature can be verified only with the assistance of a semitrusted third party, the confirmer. Additionally, the confirmer can selectively convert single confirmer signatures into ordinary signatures. This paper points out that previous models for confirmer signature schemes are too restricted to address the case where several signers share the same confirmer. More seriously, we show that various proposed schemes (some of which are provably secure in these restricted models) are vulnerable to an adaptive signature-transformation attack. We define a new stronger model that covers this kind of attack and provide a generic solution based on any secure ordinary signature scheme and public key encryption scheme. We also exhibit a concrete instance thereof.