Universally Convertible Directed Signatures

Many variants of Chaum and van Antwerpen’s undeniable signatures have been proposed to achieve specific properties desired in real-world applications of cryptography. Among them, directed signatures were introduced by Lim and Lee in 1993. Directed signatures differ from the well-known confirmer signatures in that the signer has the simultaneous abilities to confirm, deny and individually convert a signature. The universal conversion of these signatures has remained an open problem since their introduction in 1993. This paper provides a positive answer to this quest by showing a very efficient design for universally convertible directed signatures (UCDS) both in terms of computational complexity and signature size. Our construction relies on the so-called xyz-trick applicable to bilinear map groups. We define proper security notions for UCDS schemes and show that our construction is secure in the random oracle model, under computational assumptions close to the CDH and DDH assumptions. Finally, we introduce and realize traceable universally convertible directed signatures where a master tracing key allows to link signatures to their direction.

[1]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[2]  David Chaum,et al.  Undeniable Signatures , 1989, CRYPTO.

[3]  David Chaum,et al.  Convertible Undeniable Signatures , 1990, CRYPTO.

[4]  David Chaum,et al.  Cryptographically Strong Undeniable Signatures, Unconditionally Secure for the Signer , 1991, CRYPTO.

[5]  Ivan Damgård,et al.  Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks , 1991, CRYPTO.

[6]  Chae Hoon Lim,et al.  Modified Maurer-Yacobi's scheme and its applications , 1992, AUSCRYPT.

[7]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[8]  David Chaum,et al.  Designated Confirmer Signatures , 1994, EUROCRYPT.

[9]  Matthew K. Franklin,et al.  Verifiable Signature Sharing , 1995, EUROCRYPT.

[10]  Markus Jakobsson,et al.  Designated Verifier Proofs and Their Applications , 1996, EUROCRYPT.

[11]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[12]  Jan Camenisch,et al.  Efficient group signature schemes for large groups , 1997 .

[13]  S. Araki,et al.  The Limited Verifier Signature and Its Application , 1999 .

[14]  N. Asokan,et al.  Optimistic fair exchange of digital signatures , 1998, IEEE Journal on Selected Areas in Communications.

[15]  Jan Camenisch,et al.  Confirmer Signature Schemes Secure against Adaptive Adversaries , 2000, EUROCRYPT.

[16]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[17]  Jacques Stern,et al.  Proofs of Knowledge for Non-monotone Discrete-Log Formulae and Applications , 2002, ISC.

[18]  Fangguo Zhang,et al.  A Universal Forgery on Araki et al.'s Convertible Limited Verifier Signature Scheme , 2003, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[19]  Mihir Bellare,et al.  The Knowledge-of-Exponent Assumptions and 3-Round Zero-Knowledge Protocols , 2004, CRYPTO.

[20]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[21]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[22]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[23]  Shafi Goldwasser,et al.  Transformation of Digital Signature Schemes into Designated Confirmer Signature Schemes , 2004, TCC.

[24]  Fabien Laguillaumie,et al.  Time-Selective Convertible Undeniable Signatures , 2005, CT-RSA.