Provably Secure Convertible Nominative Signature Scheme

Nominative signature, introduced by Kim, Park and Won, is a useful cryptographic primitive to limit the publicly verifiable property of ordinary digital signature. In a nominative signature scheme, a nominator and a nominee jointly generate a signature in such a way that only the nominee can check the validity of the signature and further convince a third party of the fact. An extended concept, convertible nominative signature, was introduced by Huang and Wang. In the new concept, the nominee can convert a nominative signature into a publicly verifiable one. In this paper, we first propose selectively and universally convertible nominative signatures so that the nominee can publish a selective proof to convert a nominative signature into a publicly verifiable one, or issue a universal proof to make all nominative signatures with respect to the nominator and the nominee publicly verifiable. Then, we present a security model for convertible nominative signatures. Furthermore, we propose a concrete scheme based on bilinear pairings and give the security analysis in the random oracle model.

[1]  Yi Mu,et al.  On the Security of Nominative Signatures , 2005, ACISP.

[2]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[3]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[4]  David Chaum,et al.  Convertible Undeniable Signatures , 1990, CRYPTO.

[5]  Kaoru Kurosawa,et al.  3-Move Undeniable Signature Scheme , 2005, EUROCRYPT.

[6]  Feng Bao,et al.  Security Remarks on a Convertible Nominative Signature Scheme , 2007, SEC.

[7]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[8]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[9]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[10]  David Chaum,et al.  Undeniable Signatures , 1989, CRYPTO.

[11]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[12]  Yumin Wang,et al.  Convertible Nominative Signatures , 2004, ACISP.

[13]  Tsuyoshi Takagi,et al.  Pairing-Based Cryptography - Pairing 2007, First International Conference, Tokyo, Japan, July 2-4, 2007, Proceedings , 2007, Pairing.

[14]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[15]  Yi Mu,et al.  Formal Definition and Construction of Nominative Signature , 2007, ICICS.

[16]  Duncan S. Wong,et al.  Further Discussions on the Security of a Nominative Signature Scheme , 2007, Security and Management.

[17]  Yi Mu,et al.  Provably Secure Pairing-Based Convertible Undeniable Signature with Short Signature Length , 2007, Pairing.

[18]  Duncan S. Wong,et al.  An efficient one-move Nominative Signature scheme , 2008, Int. J. Appl. Cryptogr..

[19]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[20]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[21]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.