SIAM Journal on Computing
Efficient Identification and Signatures for Smart Cards
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
A method for fast revocation of public key certificates and security capabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Designated verifier proofs and their applications
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Security proofs for signature schemes
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Hi-index | 0.00 |
We consider a scenario in which Alice entitles Bob to serve as her proxy with the right to sign one out of two possible documents, say m1 and m2. The protocol guarantees that the data given to Bob cannot be recognized as signatures of m1 and m2, unless Bob transforms them with his private key. The most important feature is, however, then if Bob finalizes both signatures (of m1 and of m2) - violating the delegated rights, then Bob's private key will be revealed to Alice. So we propose an undeniable proof of misbehavior instead of other means that turn out to be less effective and more difficult to implement. The presented solution can be applied for providing agents or representatives in negotiations to provide the original signed documents on behalf of represented parties. The solution can be immediately extended to a version with any fixed number of documents, from which only one can be signed finally. Security of the scheme can be shown in random oracle model. We also provide a solution, for which security of the signer is protected within the fail-stop framework.