Confirmer Signature Schemes Secure against Adaptive Adversaries

(Extended Abstract)
  • Jan Camenisch
  • Markus Michels
Conference paper

DOI: 10.1007/3-540-45539-6_17

Part of the Lecture Notes in Computer Science book series (LNCS, volume 1807)
Cite this paper as:
Camenisch J., Michels M. (2000) Confirmer Signature Schemes Secure against Adaptive Adversaries. In: Preneel B. (eds) Advances in Cryptology — EUROCRYPT 2000. EUROCRYPT 2000. Lecture Notes in Computer Science, vol 1807. Springer, Berlin, Heidelberg


The main difference between confirmer signatures and ordinary digital signatures is that a confirmer signature can be verified only with the assistance of a semitrusted third party, the confirmer. Additionally, the confirmer can selectively convert single confirmer signatures into ordinary signatures.

This paper points out that previous models for confirmer signature schemes are too restricted to address the case where several signers share the same confirmer. More seriously, we show that various proposed schemes (some of which are provably secure in these restricted models) are vulnerable to an adaptive signature-transformation attack. We define a new stronger model that covers this kind of attack and provide a generic solution based on any secure ordinary signature scheme and public key encryption scheme. We also exhibit a concrete instance thereof.

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Jan Camenisch
    • 1
  • Markus Michels
    • 2
  1. 1.IBM ResearchZürich Research LaboratoryRüschlikon
  2. 2.Entrust Technologies (Switzerland)Glattzentrum

Personalised recommendations