Abstract
A nominative signature scheme allows a nominator (i.e. the signer) and a nominee (i.e. a designated verifier) to jointly generate and publish a signature so that only the nominee can check the validity of a nominative signature and further convince a third party to accept this fact. Recently, Huang and Wang proposed such a new scheme at ACISP 2004, and claimed that their scheme is secure under some standard computational assumptions. In this paper, we remark that their scheme is not a nominative signature in fact, since it fails to meet the crucial security requirement: verification untransferability. Specifically, we identify an adaptively chosen-message attack against their scheme such that the nominator can determine the validity of a new message-signature pair with some indirect help from the nominee. Moreover, we point out that using our attack the nominator is further able to demonstrate the validity of nominative signatures to a third party. Therefore, the Huang-Wang scheme does not meet confirmation/disavowal untransferability either.
Please use the following format when citing this chapter: Wang, G. and Bao, R, 2007, in IFIP International Federation for Information Processing, Volume 232, New Approaches for Security, Privacy and Trust in Complex Environments, eds. Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R., (Boston: Springer), pp. 265–275.
Chapter PDF
Similar content being viewed by others
References
J. Camenisch, and M. Michels. Confirmer Signature Schemes Secure Against Adaptive Adversaries. In: Proc. of Advances in Cryptology — EUROCRYPT’ 00, LNCS 1870, pp. 243–258. Springer-Verlag, 2000.
J. Camenisch and M. Stadler. Efficient Group Signature Schemes for Large Groups. In: Proc. of Advances in Cryptology — CRYPTO’ 97, LNCS 1294, pp. 410–424. Springer-Verlag, 1997.
J. Camenisch and V. Shoup. Practical Verifiable Encryption and Decryption of Discrete Logarithms. In: Proc. of Advances in Cryptology — CRYPTO’ 03, LNCS 2729, pp. 126–144. Springer-Verlag, 2003.
D. Chaum and H. Antwerpen. Undeniable Signatures. In: Proc. of Advances in Cryptology — CRYPTO’ 89, LNCS 435, pp. 212–216. Springer-Verlag, 1989.
D. Chaum and T. P. Pedersen. Wallet Database with Observers. In: Proc. of Advances in Cryptology — CRYPTO’ 92, LNCS 740, pp. 89–105. Springer-Verlag, 1993.
D. Chaum. Designated Confirmer Signatures. In: Proc. of Advances in Cryptology — EUROCRYPT’ 94, LNCS 950, pp. 86–91. Springer-Verlag, 1994.
R. Cramer, I. Damgård, and P. MacKenzie. Efficient Zero-Knowledge Proofs of Knowledge Without Intractability Assumptions. In: Proc. of PKC’ 00, LNCS 1751, pp. 354–373. Springer-Verlag, 2000.
I. Damgård. Efficient Concurrent Zero-Knowledge in the Auxiliary String Model. In: Proc. of Advances in Cryptology — EUROCRYPT’ 00, LNCS 1807, pp. 418–430, Springer-Verlag, 2000.
S. D. Galbraith and W. Mao. Invisibility and Anonymity of Undeniable and Confirmer Signatures. In: Proc. of CT-RSA’ 03, LNCS 2612, pp. 80–97. Springer-Verlag, 2003.
R. Gennaro. Multi-trapdoor Commitments and Their Applications to Proofs of Knowledge Secure Under Concurrent Man-in-the-Middle Attacks. In: Advances in Cryptology — CRYPTO’ 04, LNCS 3152, pp. 220–236. Springer-Verlag, 2004.
C. Gentry, D. Molnar, and Z. Ramzan. Efficient Designated Confirmer Signatures without Random Oracles or General Zero-knowledge Proofs. In: Advances in Cryptology — ASIACRYPT 2005, LNCS 3788, pp. 662–681. Springer-Verlag, 2005.
L. Guo, G. Wang, and D. Wong. Further Discussions on the Security of a Nominative Signature Scheme. IACR ePrint archive, http://www.eprint.iacr.org/2006/007.
Z. Huang and Y. Wang. Convertible Nominative Signatures. In: Proc. of Information Security and Privacy (ACISP’ 04), LNCS 3108, pp. 348–357. Springer-Verlag, 2004.
S.J. Kim, S.J. Park, and D.H. Won. Zero-Knowledge Nominative Signatures. In: Proc. of PragoCrypt’ 96, International Conference on the Theory and Applications of Cryptology, pp. 380–392, 1996.
M. Michels and M. Stadler. Efficient Convertible Undeniable Signature Schemes. In: Proc. of 4th Annual Workshop on Selected Areas in Cryptography (SAC’97), pp. 231–244, 1997.
D. Pointcheval and J. Stern. Security Arguments for Digital Signatures and Blind Signatures. Journal of Cryptology, 13(3): 361–396, 2000.
C.P. Schnorr. Efficient Signature Generation by Smart Cards. Journal of Cryptology, 4(3): 161–174, 1991.
W. Susilo and Y. Mu. On the Security of Nominative Signatures. In: Proc. of Information Security and Privacy (ACISP’ 05), LNCS 3547, pp. 329–335. Springer-Verlag, 2005.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 International Federation for Information Processing
About this paper
Cite this paper
Wang, G., Bao, F. (2007). Security Remarks on a Convertible Nominative Signature Scheme. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds) New Approaches for Security, Privacy and Trust in Complex Environments. SEC 2007. IFIP International Federation for Information Processing, vol 232. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-72367-9_23
Download citation
DOI: https://doi.org/10.1007/978-0-387-72367-9_23
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-72366-2
Online ISBN: 978-0-387-72367-9
eBook Packages: Computer ScienceComputer Science (R0)