A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
Public-key cryptosystems provably secure against chosen ciphertext attacks
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Signature schemes based on the strong RSA assumption
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Improved Online/Offline Signature Schemes
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Efficient Identification and Signatures for Smart Cards
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Wallet Databases with Observers
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Designated Confirmer Signatures and Public-Key Encryption are Equivalent
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Efficient Zero-Knowledge Proofs of Knowledge Without Intractability Assumptions
PKC '00 Proceedings of the Third International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
On Defining Proofs of Knowledge
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Designated verifier proofs and their applications
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
A threshold cryptosystem without a trusted party
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Secure hash-and-sign signatures without the random oracle
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Public-key cryptosystems based on composite degree residuosity classes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Confirmer signature schemes secure against adaptive adversaries
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Efficient concurrent zero-knowledge in the auxiliary string model
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Strengthening zero-knowledge protocols using signatures
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Optimistic fair exchange of digital signatures
IEEE Journal on Selected Areas in Communications
Invisible designated confirmer signatures without random oracles
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Efficient designated confirmer signature from bilinear pairings
Proceedings of the 2008 ACM symposium on Information, computer and communications security
On Generic Constructions of Designated Confirmer Signatures
INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
On the generic and efficient constructions of secure designated confirmer signatures
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Designated confirmer signatures revisited
TCC'07 Proceedings of the 4th conference on Theory of cryptography
Online-untransferable signatures
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
Efficient confirmer signatures from the "signature of a commitment" paradigm
ProvSec'10 Proceedings of the 4th international conference on Provable security
A new construction of designated confirmer signature and its application to optimistic fair exchange
Pairing'10 Proceedings of the 4th international conference on Pairing-based cryptography
Non-interactive confirmer signatures
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
On-line non-transferable signatures revisited
PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
On the invisibility of designated confirmer signatures
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
An efficient construction of time-selective convertible undeniable signatures
ISC'11 Proceedings of the 14th international conference on Information security
Designated confirmer signatures with unified verification
IMACC'11 Proceedings of the 13th IMA international conference on Cryptography and Coding
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Information Sciences: an International Journal
| Hi-index | 0.00 |
Most prior designated confirmer signature schemes either prove security in the random oracle model (ROM) or use general zero-knowledge proofs for NP statements (making them impractical). By slightly modifying the definition of designated confirmer signatures, Goldwasser and Waisbard presented an approach in which the Confirm and ConfirmedSign protocols could be implemented without appealing to general zero-knowledge proofs for NP statements (their “Disavow” protocol still requires them). The Goldwasser-Waisbard approach could be instantiated using Cramer-Shoup, GMR, or Gennaro-Halevi-Rabin signatures. In this paper, we provide an alternate generic transformation to convert any signature scheme into a designated confirmer signature scheme, without adding random oracles. Our key technique involves the use of a signature on a commitment and a separate encryption of the random string used for commitment. By adding this “layer of indirection,” the underlying protocols in our schemes admit efficient instantiations (i.e., we can avoid appealing to general zero-knowledge proofs for NP statements) and furthermore the performance of these protocols is not tied to the choice of underlying signature scheme. We illustrate this using the Camenisch-Shoup variation on Paillier’s cryptosystem and Pedersen commitments. The confirm protocol in our resulting scheme requires 10 modular exponentiations (compared to 320 for Goldwasser-Waisbard) and our disavow protocol requires 41 modular exponentiations (compared to using a general zero-knowledge proof for Goldwasser-Waisbard). Previous schemes use the “encryption of a signature” paradigm, and thus run into problems when trying to implement the “confirm” and “disavow” protocols efficiently.