A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Signature schemes based on the strong RSA assumption
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Efficient verifiable encryption (and fair exchange) of digital signatures
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
SIAM Journal on Computing
Convertible Undeniable Signatures
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Designated Confirmer Signatures and Public-Key Encryption are Equivalent
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Efficient Group Signature Schemes for Large Groups (Extended Abstract)
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Efficient Zero-Knowledge Proofs of Knowledge Without Intractability Assumptions
PKC '00 Proceedings of the Third International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Secure hash-and-sign signatures without the random oracle
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Public-key cryptosystems based on composite degree residuosity classes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Confirmer signature schemes secure against adaptive adversaries
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Efficient concurrent zero-knowledge in the auxiliary string model
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Efficient proofs that a committed number lies in an interval
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Invisibility and anonymity of undeniable and confirmer signatures
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Efficient designated confirmer signatures without random oracles or general zero-knowledge proofs
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
3-Move undeniable signature scheme
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Chaum's designated confirmer signature revisited
ISC'05 Proceedings of the 8th international conference on Information Security
Optimistic fair exchange of digital signatures
IEEE Journal on Selected Areas in Communications
Efficient designated confirmer signature from bilinear pairings
Proceedings of the 2008 ACM symposium on Information, computer and communications security
On Generic Constructions of Designated Confirmer Signatures
INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
An abuse-free fair contract-signing protocol based on the RSA signature
IEEE Transactions on Information Forensics and Security
Efficient confirmer signatures from the "signature of a commitment" paradigm
ProvSec'10 Proceedings of the 4th international conference on Provable security
A new construction of designated confirmer signature and its application to optimistic fair exchange
Pairing'10 Proceedings of the 4th international conference on Pairing-based cryptography
On the invisibility of designated confirmer signatures
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Designated confirmer signatures with unified verification
IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Information Sciences: an International Journal
Hi-index | 0.00 |
For controlling the public verifiability of ordinary digital signatures, designated confirmer signature (DCS) schemes were introduced by Chaum at Eurocrypt 1994. In such schemes, a signature can be verified only with the help of a semi-trusted third party, called the designated confirmer. The confirmer can further selectively convert individual designated confirmer signatures into ordinary signatures so that anybody can check their validity. In the last decade, a number of DCS schemes have been proposed. However, most of those schemes are either inefficient or insecure. At Asiacrypt 2005, Gentry, Molnar and Ramzan presented a generic transformation to convert any signature scheme into a DCS scheme, and proved the scheme is secure in their security model. Their DCS scheme not only has efficient instantiations but also gets rid of both random oracles and general zero-knowledge proofs. In this paper, we first show that their DCS transformation does not meet the desired security requirements by identifying two security flaws. Then, we point out the reasons that cause those flaws and further propose a secure improvement to fix the flaws. Finally, we present a new generic and efficient DCS scheme without using any public key encryption and prove its security. To the best of our knowledge, this is the first secure DCS scheme that does not require public key encryption.