RSA-Based Undeniable Signatures

We present the first undeniable signatures scheme based on RSA. Since their introduction in 1989 a significant amount of work has been devoted to the investigation of undeniable signatures. So far, this work has been based on discrete log systems. In contrast, our scheme uses regular RSA signatures to generate undeniable signatures. In this new setting, both the signature and verification exponents of RSA are kept secret by the signer, while the public key consists of a composite modulus and a sample RSA signature on a single public message. Our scheme possesses several attractive properties. First of all, provable security, as forging the undeniable signatures is as hard as forging regular RSA signatures. Second, both the confirmation and denial protocols are zero-knowledge. In addition, these protocols are efficient (particularly, the confirmation protocol involves only two rounds of communication and a small number of exponentiations). Furthermore the RSA-based structure of our scheme provides with simple and elegant solutions to add several of the more advanced properties of undeniable signatures found in the literature, including convertibility of the undeniable signatures (into publicly verifiable ones), the possibility to delegate the ability to confirm and deny signatures to a third party without giving up the power to sign, and the existence of distributed (threshold) versions of the signing and confirmation operations. Due to the above properties and the fact that our undeniable signatures are identical in form to standard RSA signatures, the scheme we present becomes a very attractive candidate for practical implementations.

[1]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[2]  Silvio Micali,et al.  Proofs that yield nothing but their validity and a methodology of cryptographic protocol design , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[3]  Ivan Damgård,et al.  New Convertible Undeniable Signature Schemes , 1996, EUROCRYPT.

[4]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[5]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[6]  Stanislav,et al.  Robust and E cient Sharing of RSA FunctionsRosario , 1996 .

[7]  Hugo Krawczyk,et al.  Robust and Efficient Sharing of RSA Functions , 1996, CRYPTO.

[8]  David Chaum,et al.  Cryptographically Strong Undeniable Signatures, Unconditionally Secure for the Signer , 1991, CRYPTO.

[9]  Moti Yung,et al.  Weaknesses of undeniable signature schemes , 1991 .

[10]  Tatsuaki Okamoto,et al.  Designated Confirmer Signatures and Public-Key Encryption are Equivalent , 1994, CRYPTO.

[11]  Oded Goldreich,et al.  Foundations of Cryptography (Fragments of a Book) , 1995 .

[12]  David Chaum,et al.  Zero-Knowledge Undeniable Signatures , 1991, EUROCRYPT.

[13]  David Chaum,et al.  Convertible Undeniable Signatures , 1990, CRYPTO.

[14]  Patrick Horster,et al.  Breaking and repairing a convertible undeniable signature scheme , 1996, CCS '96.

[15]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[16]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[17]  Torben P. Pedersen Distributed Provers with Applications to Undeniable Signatures , 1991, EUROCRYPT.

[18]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[19]  Atsushi Fujioka,et al.  Interactive Bi-Proof Systems and Undeniable Signature Schemes , 1991, EUROCRYPT.

[20]  David Chaum,et al.  Designated Confirmer Signatures , 1994, EUROCRYPT.

[21]  Markus Jakobsson,et al.  Blackmailing using Undeniable Signatures , 1994, EUROCRYPT.

[22]  David Chaum,et al.  An Improved Protocol for Demonstrating Possession of Discrete Logarithms and Some Generalizations , 1987, EUROCRYPT.

[23]  Markus Jakobsson,et al.  Proving Without Knowing: On Oblivious, Agnostic and Blindolded Provers , 1996, CRYPTO.

[24]  Markus Jakobsson,et al.  Designated Verifier Proofs and Their Applications , 1996, EUROCRYPT.

[25]  Moti Yung,et al.  How to share a function securely , 1994, STOC '94.