Zero-knowledge undeniable signatures (extended abstract)
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
RSA-Based Undeniable Signatures for General Moduli
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Designated verifier proofs and their applications
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Confirmer signature schemes secure against adaptive adversaries
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Efficient concurrent zero-knowledge in the auxiliary string model
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Online-untransferable signatures
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
Short 2-move undeniable signatures
VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
General conversion for obtaining strongly existentially unforgeable signatures
INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
Efficient designated confirmer signatures without random oracles or general zero-knowledge proofs
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Efficient identity-based encryption without random oracles
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
3-Move undeniable signature scheme
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Strongly unforgeable signatures based on computational diffie-hellman
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Non-interactive designated verifier proofs and undeniable signatures
IMA'05 Proceedings of the 10th international conference on Cryptography and Coding
Provably secure pairing-based convertible undeniable signature with short signature length
Pairing'07 Proceedings of the First international conference on Pairing-Based Cryptography
Hi-index | 0.00 |
Undeniable signatures, introduced by Chaum and van Antwerpen, and designated confirmer signatures, introduced by Chaum, allow a signer to control the verifiability of his signatures by requiring a verifier to interact with the signer to verify a signature. An important security requirement for these types of signature schemes is nontransferability which informally guarantees that even though a verifier has confirmed the validity of a signature by interacting with the signer, he cannot prove this knowledge to a third party. Recently Liskov and Micali pointed out that the commonly used notion of nontransferability only guarantees security against an off-line attacker which cannot influence the verifier while he interacts with the signer, and that almost all previous schemes relying on interactive protocols are vulnerable to online attacks. To address this, Liskov and Micali formalized on-line nontransferable signatures which are resistant to on-line attacks, and proposed a generic construction based on a standard signature scheme and an encryption scheme. In this paper, we revisit on-line nontransferable signatures. Firstly, we extend the security model of Liskov and Micali to cover not only the sign protocol, but also the confirm and disavow protocols executed by the confirmer. Our security model furthermore considers the use of multiple (potentially corrupted or malicious) confirmers, and guarantees security against attacks related to the use of signer specific confirmer keys. We then present a new approach to the construction of on-line non-transferable signatures, and propose a new concrete construction which is provably secure in the standard model. Unlike the construction by Liskov and Micali, our construction does not require the signer to issue "fake" signatures to maintain security, and allows the confirmer to both confirm and disavow signatures. Lastly, our construction provides noticeably shorter signatures than the construction by Liskov and Micali.