Zero-knowledge undeniable signatures (extended abstract)
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Designated verifier proofs and their applications
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Efficient and generalized group signatures
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Security reconsideration of the Huang-Wang nominative signature
Information Sciences: an International Journal
An efficient one-move Nominative Signature scheme
International Journal of Applied Cryptography
On the Portability of Generalized Schnorr Proofs
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Provably Secure Convertible Nominative Signature Scheme
Information Security and Cryptology
Nominative signature from ring signature
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Formal definition and construction of nominative signature
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Pairing-based nominative signatures with selective and universal convertibility
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
One-Move convertible nominative signature in the standard model
ProvSec'12 Proceedings of the 6th international conference on Provable Security
Hi-index | 0.00 |
Nominative signatures are the dual scheme of undeniable signatures, where only the nominee can verify the nominator (signer)’s signature and if necessary, only the nominee can prove to the third party that the signature issued to him (her) is valid. The first construction was proposed by Kim, Park and Won [7] and it was shown in the recent work of Huang and Wang in ACISP 2004 [5] that Kim-Park-Won’s scheme does not satisfy the goal of nominative signatures. Moreover, Huang and Wang suggested a new nominative signature scheme in the same paper. They claimed that the new scheme satisfies all requirements of nominative signatures. In this paper, we show that Huang and Wang’s scheme does not satisfy one important property of nominative signatures, namely the nominator (signer) can also verify the validity of the published signature. Moreover, we will show that the nominator can always show to anyone that the signature is indeed a valid signature without any cooperation from the nominee. Hence, the scheme is not nominative, since it does not satisfy the requirements of nominative signatures. Finally, we also discuss the security assumption that needs to be satisfied to obtain secure and efficient nominative signatures.