Many attempts to controlling who and under which circumstances can verify our signatures have been made so far. For this purpose one can use undeniable signatures, designated confirmer signatures or designated verifier signatures. We introduce a model of new kind of signatures, called dedicated digital signatures (or dds for short). The core idea is that a designated verifier can present a standard signature of the signer derived from dds to a third party, but at the price of revealing the private key of the designated verifier or at the price of revealing the designated verifier’s signature of a particular message. Therefore the verifier will show the signature only in very special situations. We present a construction of a dds based on ElGamal signatures and its modifications that allow to obtain additional important features.
[1]
David Chaum,et al.
Demonstrating Possession of a Discrete Logarithm Without Revealing It
,
1986,
CRYPTO.
[2]
David Chaum,et al.
An Improved Protocol for Demonstrating Possession of Discrete Logarithms and Some Generalizations
,
1987,
EUROCRYPT.
[3]
Paul Feldman,et al.
A practical scheme for non-interactive verifiable secret sharing
,
1987,
28th Annual Symposium on Foundations of Computer Science (sfcs 1987).
[4]
David Chaum,et al.
Designated Confirmer Signatures
,
1994,
EUROCRYPT.
[5]
David Chaum,et al.
Undeniable Signatures
,
1989,
CRYPTO.
[6]
Markus Jakobsson,et al.
Designated Verifier Proofs and Their Applications
,
1996,
EUROCRYPT.