Verifiable Encryption and Applications to Group Signatures and Signature Sharing

We generalise and improve the security and efficiency of the verifiable encryption scheme of Asokan et al., such that it can rely on more general assumptions, and can be proven secure without relying on random oracles. We show a new application of verifiable encryption to group signatures with separability, these schemes do not need special purpose keys but can work with a wide range of signature and encryption schemes already in use. Finally, we extend our basic primitive to verifiable threshold and group encryption. By encrypting digital signatures this way, one gets new solutions to the verifiable signature sharing problem.

[1]  Jan Camenisch,et al.  A Group Signature Scheme with Improved Efficiency , 1998, ASIACRYPT.

[2]  Jan Camenisch,et al.  Fair Blind Signatures , 1995, EUROCRYPT.

[3]  Holger Petersen,et al.  How to Convert any Digital Signature Scheme into a Group Signature Scheme , 1997, Security Protocols Workshop.

[4]  Ueli Maurer,et al.  Digital Payment Systems with Passive Anonymity-Revoking Trustees , 1996, ESORICS.

[5]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[6]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[7]  Markus Stadler,et al.  Cryptographic protocols for revocable privacy , 1996 .

[8]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1988, Journal of Cryptology.

[9]  Amit Sahai,et al.  Concurrent Zero-Knowledge: Reducing the Need for Timing Constraints , 1998, CRYPTO.

[10]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[11]  N. Asokan,et al.  Optimistic fair exchange of digital signatures , 1998, IEEE Journal on Selected Areas in Communications.

[12]  Devdatt P. Dubhashi Martingales and Locality in Distributed Computing , 1998, FSTTCS.

[13]  Ronald Cramer,et al.  Modular Design of Secure yet Practical Cryptographic Protocols , 1997 .

[14]  Ivan Damgård,et al.  Zero-Knowledge Proofs for Finite Field Arithmetic; or: Can Zero-Knowledge be for Free? , 1998, CRYPTO.

[15]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[16]  Moni Naor,et al.  Concurrent zero-knowledge , 1998, STOC '98.

[17]  Lidong Chen,et al.  New Group Signature Schemes (Extended Abstract) , 1994, EUROCRYPT.

[18]  Jan Camenisch,et al.  Efficient and Generalized Group Signatures , 1997, EUROCRYPT.

[19]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[20]  M. Yung,et al.  \indirect Discourse Proofs": Achieving Eecient Fair Oo-line E-cash , 1996 .

[21]  Rasmus Pagh,et al.  Low redundancy in dictionaries with O(1) worst case lookup time , 1998 .

[22]  Jean-Jacques Quisquater,et al.  A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory , 1988, EUROCRYPT.

[23]  Devdatt P. Dubhashi Talagrand’s Inequality in Hereditary Settings , 1998 .

[24]  Devdatt P. Dubhashi Talagrand's Inequality and Locality in Distributed Computing , 1998, RANDOM.

[25]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[26]  Jan Camenisch,et al.  Proving in Zero-Knowledge that a Number Is the Product of Two Safe Primes , 1998, EUROCRYPT.

[27]  Markus Stadler,et al.  Publicly Verifiable Secret Sharing , 1996, EUROCRYPT.

[28]  Glynn Winskel,et al.  A Categorical Axiomatics for Bisimulation , 1998, International Conference on Concurrency Theory.

[29]  Silvio Micali,et al.  The Notion of Security for Probabilistic Cryptosystems , 1986, CRYPTO.

[30]  J. Camenisch,et al.  A Group Signature Scheme Based on an RSA-Variant , 1998 .

[31]  Matthew K. Franklin,et al.  Verifiable Signature Sharing , 1995, EUROCRYPT.

[32]  Rosario Gennaro,et al.  New Efficient and Secure Protocols for Verifiable Signature Sharing and Other Applications , 2000, J. Comput. Syst. Sci..

[33]  Joe Kilian,et al.  Identity Escrow , 1998, CRYPTO.