As an important cryptographic primitive, designated confirmer signatures are introduced to control the public verifiability of signatures. That is, only the signer or a semi-trusted party, called designated confirmer, can interactively assist a verifier to check the validity of a designated confirmer signature. The central security property of a designated confirmer signature scheme is called invisibility, which requires that even an adaptive adversary cannot determine the validity of an alleged signature without direct cooperation from either the signer or the designated confirmer. However, in the literature researchers have proposed two other related properties, called impersonation and transcript simulatability, though the relations between them are not clear. In this paper, we first explore the relations among these three invisibility related concepts and conclude that invisibility, impersonation and transcript simulatability forms an increasing stronger order. After that, we turn to study the invisibility of two designated confirmer signature schemes recently presented by Zhang et al. and Wei et al. By demonstrating concrete and effective attacks, we show that both of those two scheme fail to meet invisibility, the central security property of designated confirmer signatures.
SUMMARYIn 2009, Wu and Lin introduced the concept of self‐certified proxy convertible authenticated encryption (SP‐CAE) by integrating self‐certified public‐key system and designated verifier proxy signature with message recovery. They also presented the first SP‐CAE scheme which is based the discrete logarithm problem. However, Wu‐Lin scheme is not secure as Xie et al. recently showed that this scheme is existentially forgeable under adaptive chosen warrants, unconfidentiable and verifiable under adaptive chosen messages and designated verifiers. In this paper, we first discuss the security requirements of SP‐CAE and then formally define unforgeability, message confidentiality, and unverifiability. Consequently, the first complete formal model of SP‐CAE is proposed. After that, we propose a provably secure SP‐CAE scheme by using two‐party Schnorr signature introduced by Nicolosi et al. in 2003. Finally, we prove the formal security of the proposed scheme in the random oracle model under the discrete logarithm assumption. Copyright © 2013 John Wiley & Sons, Ltd.
After the introduction of designated confirmer signatures (DCS) by Chaum in 1994, considerable researches have been done to build generic schemes from standard digital signatures and construct efficient concrete solutions. In DCS schemes, a signature cannot be verified without the help of either the signer or a semi-trusted third party, called the designated confirmer. If necessary, the confirmer can further convert a DCS into an ordinary signature that is publicly verifiable. However, there is one limit in most existing schemes: the signer is not given the ability to disavow invalid DCS signatures. Motivated by this observation, in this paper we first propose a new variant of DCS model, called designated confirmer signatures with unified verification, in which both the signer and the designated confirmer can run the same protocols to confirm a valid DCS or disavow an invalid signature. Then, we present the first DCS scheme with unified verification and prove its security in the random oracle (RO) model and under a new computational assumption, called Decisional Co-efficient Linear (D-co-L) assumption, whose intractability in pairing settings is shown to be equivalent to the well-known Decisional Bilinear Diffie-Hellman (DBDH) assumption. The proposed scheme is constructed by encrypting Boneh, Lynn and Shacham's pairing based short signatures with signed ElGamal encryption. The resulting solution is efficient in both aspects of computation and communication. In addition, we point out that the proposed concept can be generalized by allowing the signer to run different protocols for confirming and disavowing signatures.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.