Formal definition and construction of nominative signature

Authors:
Dennis Y. W. Liu;Duncan S. Wong;Xinyi Huang;Guilin Wang;Qiong Huang;Yi Mu;Willy Susilo
Affiliations:
Department of Computer Science, City University of Hong Kong, Hong Kong, China;Department of Computer Science, City University of Hong Kong, Hong Kong, China;Centre for Computer and Information Security Research, School of Computer Science and Software Engineering, University of Wollongong, Wollongong, NSW, Australia;Institute for Infocomm Research, Singapore and School of Computer Science University of Birmingham, UK;Department of Computer Science, City University of Hong Kong, Hong Kong, China;Centre for Computer and Information Security Research, School of Computer Science and Software Engineering, University of Wollongong, Wollongong, NSW, Australia;Centre for Computer and Information Security Research, School of Computer Science and Software Engineering, University of Wollongong, Wollongong, NSW, Australia
Venue:
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Year:
2007

Citing 11
Cited 4

A digital signature scheme secure against adaptive chosen-message attacks

SIAM Journal on Computing - Special issue on cryptography
Witness indistinguishable and witness hiding protocols

STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
Zero-knowledge undeniable signatures (extended abstract)

EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Cryptographically Strong Undeniable Signatures, Unconditionally Secure for the Signer

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Undeniable Signatures

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Designated verifier proofs and their applications

EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Invisibility and anonymity of undeniable and confirmer signatures

CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
On the security of nominative signatures

ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
3-Move undeniable signature scheme

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Strongly unforgeable signatures based on computational diffie-hellman

PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
How to strengthen any weakly unforgeable signature into a strongly unforgeable signature

CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology

Provably Secure Convertible Nominative Signature Scheme

Information Security and Cryptology
Pairing-based nominative signatures with selective and universal convertibility

Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Non-transferable user certification secure against authority information leaks and impersonation attacks

ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
One-Move convertible nominative signature in the standard model

ProvSec'12 Proceedings of the 6th international conference on Provable Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Since the introduction of nominative signature in 1996, there are three problems that have still not been solved. First, there is no convincing application proposed; second, there is no formal security model available; and third, there is no proven secure scheme constructed, given that all the previous schemes have already been found flawed. In this paper, we give positive answers to these problems. First, we illustrate that nominative signature is a better tool for building user certification systems which were originally implemented using universal designated-verifier signature. Second, we propose a formal definition and adversarial model for nominative signature. Third, we show that Chaum's undeniable signature can be transformed to an efficient nominative signature by simply using a standard signature. The security of our transformation can be proven under the standard number-theoretic assumption.