Threshold Undeniable RSA Signature Scheme
ICICS '01 Proceedings of the Third International Conference on Information and Communications Security
Relations Among Notions of Security for Public-Key Encryption Schemes
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Society-oriented Designated Confirmer Signatures
ICNC '07 Proceedings of the Third International Conference on Natural Computation - Volume 05
Efficient designated confirmer signature from bilinear pairings
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Confirmer signature schemes secure against adaptive adversaries
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
On the generic and efficient constructions of secure designated confirmer signatures
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Designated confirmer signatures revisited
TCC'07 Proceedings of the 4th conference on Theory of cryptography
A new signature scheme without random oracles from bilinear pairings
VIETCRYPT'06 Proceedings of the First international conference on Cryptology in Vietnam
Efficient designated confirmer signatures without random oracles or general zero-knowledge proofs
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Designated confirmer signatures with unified verification
IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding
Hi-index | 0.00 |
As an important cryptographic primitive, designated confirmer signatures are introduced to control the public verifiability of signatures. That is, only the signer or a semi-trusted party, called designated confirmer, can interactively assist a verifier to check the validity of a designated confirmer signature. The central security property of a designated confirmer signature scheme is called invisibility, which requires that even an adaptive adversary cannot determine the validity of an alleged signature without direct cooperation from either the signer or the designated confirmer. However, in the literature researchers have proposed two other related properties, called impersonation and transcript simulatability, though the relations between them are not clear. In this paper, we first explore the relations among these three invisibility related concepts and conclude that invisibility, impersonation and transcript simulatability forms an increasing stronger order. After that, we turn to study the invisibility of two designated confirmer signature schemes recently presented by Zhang et al. and Wei et al. By demonstrating concrete and effective attacks, we show that both of those two scheme fail to meet invisibility, the central security property of designated confirmer signatures.