On the soundness of restricted universal designated verifier signatures and dedicated signatures: how to prove the possession of an ElGamal/DSA signature

Authors:
Fabien Laguillaumie;Damien Vergnaud
Affiliations:
GREYC, Université de Caen, Caen Cedex, France;École normale supérieure, Département d'informatique, Paris Cedex 05, France
Venue:
ISC'07 Proceedings of the 10th international conference on Information Security
Year:
2007

Citing 15
Cited 1

A public key cryptosystem and a signature scheme based on discrete logarithms

Proceedings of CRYPTO 84 on Advances in cryptology
A digital signature scheme secure against adaptive chosen-message attacks

SIAM Journal on Computing - Special issue on cryptography
Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems

Journal of the ACM (JACM)
Zero-Knowledge Proofs of Possession of Digital Signatures and Its Applications

ICICS '99 Proceedings of the Second International Conference on Information and Communication Security
Undeniable Signatures

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Short Signatures from the Weil Pairing

Journal of Cryptology
Generic Groups, Collision Resistance, and ECDSA

Designs, Codes and Cryptography
Designated verifier proofs and their applications

EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
New extensions of pairing-based signatures into universal designated verifier signatures

ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Discrete-Log-Based signatures may not be equivalent to discrete log

ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Designated verifier signature schemes: attacks, new security notions and a new construction

ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
How to protect a signature from being shown to a third party

TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
Restricted universal designated verifier signature

UIC'06 Proceedings of the Third international conference on Ubiquitous Intelligence and Computing
Designated verifier signatures: anonymity and efficient construction from any bilinear map

SCN'04 Proceedings of the 4th international conference on Security in Communication Networks
Universal designated verifier signatures without random oracles or non-black box assumptions

SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks

How to Balance Privacy with Authenticity

Information Security and Cryptology --- ICISC 2008

Quantified Score

Hi-index	0.00

Visualization

Abstract

In 2006, Huang, Susilo, Mu and Zhang proposed the concept of restricted universal designated verifier signatures while Klonowski, Kubiak, Kutylowski and Lauks proposed independently the dual primitive of dedicated signatures. In both notions, a signature holder can convince one or more verifiers of his knowledge of a digital signature, but cannot exploit this knowledge without being punished for that. In this paper, we state that a signature holder may generically provide a proof that it has a certain signature without being punished and that consequently both primitives cannot fulfill their alleged security goals. To demonstrate the feasibility of this claim, we propose the first non-interactive universal designated verifier proof of the possession of an Elgamal or a DSA signature in the random oracle model. This construction may be of independent interest.