Time-selective convertible undeniable signatures with short conversion receipts

Undeniable signatures were introduced in 1989 by Chaum and van Antwerpen to limit the self-authenticating property of digital signatures. An extended concept - the convertible undeniable signatures - proposed by Boyar, Chaum, Damgard and Pedersen in 1991, allows the signer to convert undeniable signatures to ordinary digital signatures. In this article, we present a new efficient convertible undeniable signature scheme based on bilinear maps. Its unforgeability is tightly related, in the random oracle model, to the computational Diffie-Hellman problem and its anonymity to a non-standard decisional assumption. The advantages of our scheme are the short length of the signatures, the low computational cost of the signature and the receipt generation. Moreover, a variant of our scheme permits the signer to universally convert signatures pertaining only to a specific time period. We formalize this new notion as the time-selective conversion. We also improve our original scheme from CT-RSA'05 by reducing the length of the generated receipts: their size is now logarithmic in the number of time periods.

[1]  Steven D. Galbraith,et al.  Invisibility and Anonymity of Undeniable and Confirmer Signatures , 2003, CT-RSA.

[2]  Dan Boneh,et al.  Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups , 2008, Journal of Cryptology.

[3]  Jan Camenisch,et al.  Efficient group signature schemes for large groups , 1997 .

[4]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[5]  Thomas Ristenpart,et al.  The Power of Proofs-of-Possession: Securing Multiparty Signatures against Rogue-Key Attacks , 2007, EUROCRYPT.

[6]  M. Kasahara,et al.  A New Traitor Tracing , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[7]  David Chaum,et al.  Convertible Undeniable Signatures , 1990 .

[8]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[9]  Jan Camenisch,et al.  Practical Verifiable Encryption and Decryption of Discrete Logarithms , 2003, CRYPTO.

[10]  Jacques Stern,et al.  Proofs of Knowledge for Non-monotone Discrete-Log Formulae and Applications , 2002, ISC.

[11]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[12]  Markus Michels,et al.  E cient convertible undeniable signature schemes , 1997 .

[13]  Fabien Laguillaumie,et al.  Universally Convertible Directed Signatures , 2005, ASIACRYPT.

[14]  Hugo Krawczyk,et al.  RSA-Based Undeniable Signatures , 1997, Journal of Cryptology.

[15]  Colin Boyd,et al.  Off-Line Fair Payment Protocols Using Convertible Signatures , 1998, ASIACRYPT.

[16]  Yi Mu,et al.  Provably Secure Pairing-Based Convertible Undeniable Signature with Short Signature Length , 2007, Pairing.

[17]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[18]  Damien Vergnaud,et al.  Gradually Convertible Undeniable Signatures , 2007, ACNS.

[19]  Kenneth G. Paterson,et al.  Non-interactive Designated Verifier Proofs and Undeniable Signatures , 2005, IMACC.

[20]  Victor Shoup,et al.  OAEP Reconsidered , 2002, Journal of Cryptology.

[21]  Kenneth G. Paterson,et al.  RSA-Based Undeniable Signatures for General Moduli , 2002, CT-RSA.

[22]  John B. Shoven,et al.  I , Edinburgh Medical and Surgical Journal.

[23]  David Chaum,et al.  Zero-Knowledge Undeniable Signatures , 1991, EUROCRYPT.

[24]  Patrick Horster,et al.  Breaking and repairing a convertible undeniable signature scheme , 1996, CCS '96.

[25]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[26]  Markus Jakobsson,et al.  Designated Verifier Proofs and Their Applications , 1996, EUROCRYPT.

[27]  Gerrit Bleumer,et al.  Undeniable Signatures , 2011, Encyclopedia of Cryptography and Security.

[28]  Reihaneh Safavi-Naini,et al.  Efficient Verifiably Encrypted Signature and Partially Blind Signature from Bilinear Pairings , 2003, INDOCRYPT.

[29]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[30]  Fabien Laguillaumie,et al.  Time-Selective Convertible Undeniable Signatures , 2005, CT-RSA.

[31]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[32]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[33]  Ivan Damgård,et al.  New Convertible Undeniable Signature Schemes , 1996, EUROCRYPT.