On the security of nominative signatures

Authors:
Willy Susilo;Yi Mu
Affiliations:
Centre for Information Security Research, School of Information Technology and Computer Science, University of Wollongong, Wollongong, Australia;Centre for Information Security Research, School of Information Technology and Computer Science, University of Wollongong, Wollongong, Australia
Venue:
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Year:
2005

Citing 3
Cited 9

Zero-knowledge undeniable signatures (extended abstract)

EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Designated verifier proofs and their applications

EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Efficient and generalized group signatures

EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques

Security reconsideration of the Huang-Wang nominative signature

Information Sciences: an International Journal
An efficient one-move Nominative Signature scheme

International Journal of Applied Cryptography
On the Portability of Generalized Schnorr Proofs

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Provably Secure Convertible Nominative Signature Scheme

Information Security and Cryptology
Nominative signature from ring signature

IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Formal definition and construction of nominative signature

ICICS'07 Proceedings of the 9th international conference on Information and communications security
Pairing-based nominative signatures with selective and universal convertibility

Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Non-transferable user certification secure against authority information leaks and impersonation attacks

ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
One-Move convertible nominative signature in the standard model

ProvSec'12 Proceedings of the 6th international conference on Provable Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Nominative signatures are the dual scheme of undeniable signatures, where only the nominee can verify the nominator (signer)’s signature and if necessary, only the nominee can prove to the third party that the signature issued to him (her) is valid. The first construction was proposed by Kim, Park and Won [7] and it was shown in the recent work of Huang and Wang in ACISP 2004 [5] that Kim-Park-Won’s scheme does not satisfy the goal of nominative signatures. Moreover, Huang and Wang suggested a new nominative signature scheme in the same paper. They claimed that the new scheme satisfies all requirements of nominative signatures. In this paper, we show that Huang and Wang’s scheme does not satisfy one important property of nominative signatures, namely the nominator (signer) can also verify the validity of the published signature. Moreover, we will show that the nominator can always show to anyone that the signature is indeed a valid signature without any cooperation from the nominee. Hence, the scheme is not nominative, since it does not satisfy the requirements of nominative signatures. Finally, we also discuss the security assumption that needs to be satisfied to obtain secure and efficient nominative signatures.