Abstract
The main difference between confirmer signatures and ordinary digital signatures is that a confirmer signature can be verified only with the assistance of a semitrusted third party, the confirmer. Additionally, the confirmer can selectively convert single confirmer signatures into ordinary signatures.
This paper points out that previous models for confirmer signature schemes are too restricted to address the case where several signers share the same confirmer. More seriously, we show that various proposed schemes (some of which are provably secure in these restricted models) are vulnerable to an adaptive signature-transformation attack. We define a new stronger model that covers this kind of attack and provide a generic solution based on any secure ordinary signature scheme and public key encryption scheme. We also exhibit a concrete instance thereof.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
N. Asokan, V. Shoup, and M. Waidner. Optimistic fair exchange of digital signatures. In EUROCRYPT’ 98, vol. 1403 of LNCS, pp. 591–606, 1998.
M. Bellare, J. A. Garay, and T. Rabin. Fast batch verification for modular exponentiation and digital signatures. In EUROCRYPT’ 98, vol. 1403 of LNCS, pp. 236–250. Springer Verlag, 1998.
M. Bellare and S. Micali. How to sign given any trapdoor function. In CRYPTO’ 88, vol. 403 of LNCS, pp. 200–215. Springer-Verlag, 1990.
M. Bellare and P. Rogaway. The exact security of digital signature — how to sign with RSA and Rabin. In EUROCRYPT’ 96, vol. 1070 of LNCS, pp. 399–416. Springer Verlag, 1996.
F. Boudot. Efficient proofs that a committed number lies in an interval. In EU-ROCRYPT 2000, vol. 1807 of LNCS, pp. 431–444. Springer Verlag, 2000 (this volume).
J. Camenisch and M. Michels. Separability and efficiency for generic group signature schemes. In CRYPTO’ 99, vol. 1296 of LNCS, pp. 413–430, 1999.
J. Camenisch and M. Stadler. Efficient group signature schemes for large groups. In CRYPTO’ 97, vol. 1296 of LNCS, pp. 410–424. Springer Verlag, 1997.
D. Catalano and R. Gennaro. New efficient and secure protocols for verifiable signature sharing and other applications. In CRYPTO’ 98, vol. 1642 of LNCS, pp. 105–120. Springer Verlag, 1998.
D. Chaum. Designated confirmer signatures. In EUROCRYPT’ 94, vol. 950 of LNCS, pp. 86–91. Springer Verlag, 1994.
D. Chaum and H. van Antwerpen. Undeniable signatures. In CRYPTO’ 89, vol. 435 of LNCS, pp. 212–216. Springer-Verlag, 1990.
L. Chen. Efficient fair exchange with verifiable confirmation of signatures. In ASIACRYPT’ 98, vol. 1514 of LNCS, pp. 286–299. Springer Verlag, 1998.
R. Cramer, I. Damgård, and B. Schoenmakers. Proofs of partial knowledge and simplified design of witness hiding protocols. In CRYPTO’ 94, vol. 839 of LNCS, pp. 174–187. Springer Verlag, 1994.
R. Cramer and V. Shoup. A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In CRYPTO’ 98, vol. 1642 of LNCS, pp. 13–25. Springer Verlag, 1998.
G. Di Crescenzo and R. Ostrovsky. On concurrent zero-knowledge with preprocessing. In CRYPTO’ 99, vol. 1296 of LNCS, pp. 485–502, 1999.
I. Damgård. Efficient concurrent zero-knowledge in the auxiliary string model. In EUROCRYPT 2000, vol. 1807 of LNCS, pp. 418–430. Springer Verlag, 2000 (this volume).
D. Dolev, C. Dwork, and M. Naor. Non-malleable cryptography. In Proc. 35th IEEE Symposium on Foundations of Computer Science (FOCS), 1994.
C. Dwork and A. Sahai. Concurrrent zero-knowledge: Reducing the need for timing constraints. In CRYPTO’ 98, vol. 1642 of LNCS, pp. 105–120, 1998.
M. Franklin and M. Reiter. Verifiable signature sharing. In EUROCRYPT’ 95, vol. 921 of LNCS, pp. 50–63. Springer Verlag, 1995.
E. Fujisaki and T. Okamoto. A practical and provably secure scheme for publicly verifiable secret sharing and its applications. In EUROCRYPT’ 98, vol. 1403 of LNCS, pp. 32–46. Springer Verlag, 1998.
S. Goldwasser, S. Micali, and R. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2):281–308.
M. Michels and M. Stadler. Generic constructions for secure and efficient confirmer signature schemes. In EUROCRYPT’ 98, vol. 1403 of LNCS, pp. 406–421, 1998.
K. Nguyen, Y. Mu, and V. Varadharajan. Undeniable confirmer signature. Proc. Information Security Workshop’99, LNCS, Springer-Verlag, 1999.
T. Okamoto. Designated confirmer signatures and public-key encryption are equivalent. In CRYPTO’ 94, vol. 839 of LNCS, pp. 61–74. Springer Verlag, 1994.
R. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Comm. of the ACM, 21(2):120–126, Feb. 1978.
J. Rompel. One-way functions are necessary and sufficient for secure signature. In Proc. 22nd Annual ACM STOC, 387–394, 1990.
C. P. Schnorr. Efficient signature generation for smart cards. Journal of Cryptology, 4(3):239–252, 1991.
M. Stadler. Publicly verifiable secret sharing. In EUROCRYPT’ 96, vol. 1070 of LNCS, pp. 191–199. Springer Verlag, 1996.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Camenisch, J., Michels, M. (2000). Confirmer Signature Schemes Secure against Adaptive Adversaries. In: Preneel, B. (eds) Advances in Cryptology — EUROCRYPT 2000. EUROCRYPT 2000. Lecture Notes in Computer Science, vol 1807. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45539-6_17
Download citation
DOI: https://doi.org/10.1007/3-540-45539-6_17
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67517-4
Online ISBN: 978-3-540-45539-4
eBook Packages: Springer Book Archive