Formal Definition and Construction of Nominative Signature

Since the introduction of nominative signature in 1996, there are three problems that have still not been solved. First, there is no convincing application proposed; second, there is no formal security model available; and third, there is no proven secure scheme constructed, given that all the previous schemes have already been found flawed. In this paper, we give positive answers to these problems. First, we illustrate that nominative signature is a better tool for building user certification systems which were originally implemented using universal designated-verifier signature. Second, we propose a formal definition and adversarial model for nominative signature. Third, we show that Chaum's undeniable signature can be transformed to an efficient nominative signature by simply using a standard signature. The security of our transformation can be proven under the standard number-theoretic assumption.

[1]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[2]  David Chaum,et al.  Undeniable Signatures , 1989, CRYPTO.

[3]  David Chaum,et al.  Zero-Knowledge Undeniable Signatures , 1991, EUROCRYPT.

[4]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[5]  David Chaum,et al.  Cryptographically Strong Undeniable Signatures, Unconditionally Secure for the Signer , 1991, CRYPTO.

[6]  Joan Feigenbaum,et al.  Advances in Cryptology-Crypto 91 , 1992 .

[7]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[8]  David Chaum,et al.  Designated Confirmer Signatures , 1994, EUROCRYPT.

[9]  Markus Jakobsson,et al.  Designated Verifier Proofs and Their Applications , 1996, EUROCRYPT.

[10]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[11]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[12]  Ivan Bjerre Damgård,et al.  Advances in Cryptology — EUROCRYPT ’90 , 2001, Lecture Notes in Computer Science.

[13]  Ron Steinfeld,et al.  Universal Designated-Verifier Signatures , 2003, ASIACRYPT.

[14]  Steven D. Galbraith,et al.  Invisibility and Anonymity of Undeniable and Confirmer Signatures , 2003, CT-RSA.

[15]  Chi Sung Laih,et al.  Advances in Cryptology - ASIACRYPT 2003 , 2003 .

[16]  Marc Joye,et al.  Topics in Cryptology — CT-RSA 2003 , 2003 .

[17]  Yumin Wang,et al.  Convertible Nominative Signatures , 2004, ACISP.

[18]  Yi Mu,et al.  On the Security of Nominative Signatures , 2005, ACISP.

[19]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[20]  Kaoru Kurosawa,et al.  3-Move Undeniable Signature Scheme , 2005, EUROCRYPT.

[21]  Brent Waters,et al.  Strongly Unforgeable Signatures Based on Computational Diffie-Hellman , 2006, Public Key Cryptography.

[22]  Qiong Huang,et al.  Generic Transformation to Strongly Unforgeable Signatures , 2007, ACNS.

[23]  Aggelos Kiayias,et al.  Public Key Cryptography - PKC 2006 , 2006, Lecture Notes in Computer Science.

[24]  Masayuki Abe,et al.  Topics in Cryptology CT-RSA 2007 , 2007 .

[25]  Ron Steinfeld,et al.  How to Strengthen Any Weakly Unforgeable Signature into a Strongly Unforgeable Signature , 2007, CT-RSA.

[26]  Duncan S. Wong,et al.  Further Discussions on the Security of a Nominative Signature Scheme , 2007, Security and Management.