A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
Communications of the ACM
1-out-of-n Signatures from a Variety of Keys
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Designated verifier proofs and their applications
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Universal designated verifier signature without delegatability
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
New extensions of pairing-based signatures into universal designated verifier signatures
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Universal designated verifier signature proof (or how to efficiently prove knowledge of a signature)
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Identity-Based universal designated verifier signatures
EUC'05 Proceedings of the 2005 international conference on Embedded and Ubiquitous Computing
Short signature and universal designated verifier signature without random oracles
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Hi-index | 0.00 |
Universal Designated-Verifier Signatures (UDVS) are proposed to protect the privacy of a signature holder. Since UDVS schemes reduce to standard signatures when no verifier designation is performed, from the perspective of a signer, it is natural to ask if a UDVS can be constructed from widely used standardized-signatures so that the existing public key infrastructures for these schemes can be used without modification. Additionally, if designated-verifiers already have their own private/public key-pairs (which may be of a different type from the signer's), then, for the convenience of designated-verifiers, it is also natural to ask if designated-verifiers can use their own private keys to verify designated signatures instead of using a new key compatible with the UDVS system. In this paper, we address these problems and propose a new UDVS scheme. In our scheme, the signature is generated by a signer using DSA/ECDSA, and the designated-signature can be verified using the original private key (RSA-based or DL-based) of the designated-verifier instead of using a new key. We call this new property verifier-key-flexible. The security of the scheme is proved in the random oracle model.