Multiple NonInteractive Zero Knowledge Proofs Under General Assumptions
SIAM Journal on Computing
Communications of the ACM
Efficient Identification and Signatures for Smart Cards
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Wallet Databases with Observers
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Mitigating the Untrusted Terminal Problem Using Conditional Signatures
ITCC '04 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 2 - Volume 2
Zero-knowledge proofs of knowledge without interaction
SFCS '92 Proceedings of the 33rd Annual Symposium on Foundations of Computer Science
Extended sanitizable signatures
ICISC'06 Proceedings of the 9th international conference on Information Security and Cryptology
Hi-index | 0.00 |
We consider conditional digital signatures (CDS for short). According to this scheme a creator of a CDS signature, say Alice, signs a message M1 conditioned by a Bob's signature of M2. The string created by Alice can be transformed into an Alice's digital signature of M1, once we are given a signature of M2 generated by Bob. Until the moment of creating a Bob's signature of M2, Alice's signature of M1 does not exist in a technical sense. This differs from the previous solutions where merely a condition about M2 has been included into a message signed by Alice. The key feature of our scheme is that Alice prepares the CDS signature before Bob actually signs M2. We propose two CDS schemes – the first one prohibits checking that a signature of M1 has been prepared by Alice until Bob signs M2. In the second case, Alice can prove interactively that the string created hides a CDS signature of some form, but the proof is useless for a third party. We present applications of CDS signatures in business and European legal frameworks. In particular, CDS schemes can be used to build a system in which a signature can be retrieved at a given future date. This feature requires only an institution signing periodically the current time. The scheme is also quite useful for wireless mobile networks, where unreliability of communication may cause many problems. CDS scheme may be used there for signing in advance even if a protocol requires a fixed sequential schedule.