Subliminal channels for signature transfer and their application to signature distribution schemes

  • Kouichi Sakurai
  • Toshiya Itoh
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 718)


In this paper, we consider the subliminal channel, hidden in an identification scheme, for signature transfer. We point out that the direct parallelization of the Fiat-Shamir identification scheme has a subliminal channel for the transmission of the digital signature, which does not exist in the serial (zero-knowledge) version. We apply this subliminal channel to a multi-verifier interactive protocol and propose a distributed verification signature that cannot be verified without all verifiers' corporation. Our proposed protocol is the first implementation of the distributed verification signature without secure channels, and the basic idea of our construction suggests the novel primitive with which a signature transfer secure against adversary can be constructed using only one-way function (without trapdoor).


Signature Scheme Secret Message Parallel Version Secret Share Scheme Signature Transfer 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Brassard, G., Chaum, D., and Crépeau, C., “Minimum Disclosure Proof of Knowledge,” JCSS Vol.37, pp.156–189 (1989).Google Scholar
  2. 2.
    Boyor, J., Chaum, D., Damgård, I., and Pedersen, T., “Convertible Undeniable Signature,” Proc. of Crypto'90.Google Scholar
  3. 3.
    Burmester, M. and Desmedt, Y., “Broadcast Interactive Proofs,” Proc. of Eurocrypt'91.Google Scholar
  4. 4.
    Burmester, M. and Desmedt, Yvo., Piper, F., and Walker, M., “A general zero-knowledge scheme,” Proc. of Eurocrypt'89.Google Scholar
  5. 5.
    Brickell, E.F., Lee, P.J., and Yacobi, Y., “Secure Audio Teleconference,” Proc. of Crypto'87.Google Scholar
  6. 6.
    Brickell, E.F. and McCurley, K.S “An Interactive Identification Scheme Based on Discrete Logarithms and Factoring,” Journal of Cryptology, Vol.5, pp.29–40 (1992).Google Scholar
  7. 7.
    Chaum,D., Damgård, I., and van de Graaf, J. “Multiparty computations ensuring privacy of each party's input and correctness of the result,” Proc. of Crypto'87.Google Scholar
  8. 8.
    Chaum, D., “Zero-knowledge undeniable signatures,” Proc. of Eurocrypt'90.Google Scholar
  9. 9.
    Chaum, D. and van Antwepen, H., “Undeniable signature,” Proc. of Crypto'89.Google Scholar
  10. 10.
    Desmedt, Y., “Major security problems with the “unforgeable” (Feige-)Fiat-Shamir proofs of identity and how to overcome them,” Proc. of Securicom'88.Google Scholar
  11. 11.
    Desmedt, Y.: “Subliminal-free Authentication and Signature,” Proc. of Eurocrypt'88.Google Scholar
  12. 12.
    Desmedt, Y.: “Abuse in cryptography and how to fight them,” Proc. of Crypto'88.Google Scholar
  13. 13.
    Desmedt, Y. and Frankel, Y.: “Shared generation of authenticators and signatures,” Proc. of Crypto'91.Google Scholar
  14. 14.
    Desmedt, Y., Goutier, C. and Bengio,S.: “Special Uses and abuses of the Fiat-Shamir Passport Protocol,” Proc. of Crypto'87.Google Scholar
  15. 15.
    Diffie, W., and Helmann, M. “New Directions in Cryptology”, IEEE Trans. on Info. Technology, vol. IT-22, 6(1976) pp.644–654 (1976).Google Scholar
  16. 16.
    De Soete,M., Quisquater,J., and Vedder, K., “A signature with shared verification scheme,” Proc. of Crypto'89.Google Scholar
  17. 17.
    Feige, U., Fiat, A., and Shamir, A., “Zero-Knowledge Proofs of Identity,” Journal of Cryptology, Vol.1, pp.179–194 (1988).Google Scholar
  18. 18.
    Fiat, A. and Shamir, A., “How to Prove Yourself,” Proc. of Crypto'86.Google Scholar
  19. 19.
    Goldwasser, S., Micali, S., and Rackoff, C., “The Knowledge Complexity of Interactive Proof Systems,” SIAM Journal on Computing, Vol.18, No.1, pp.186–208 (February 1989).Google Scholar
  20. 20.
    Goldwasser,M., Micali, S., and Rivest, R., “A digital signature scheme secure against adaptive chosen-message attacks,” Proc. of FOCS'84. IEEE Annual Symposium on Foundations of Computer Science, pp.441–448 (October 1984).Google Scholar
  21. 21.
    Guillou,L.C. and Quisquater,J.J. “A “Paradoxical” Identity-Based Signature Scheme Resulting from Zero-Knowledge” Proc. of Crypto'88.Google Scholar
  22. 22.
    Impagliazzo, R. and Rudich, S., “Limits on the Provable Consequences of One-way Permutations,” Proc. of STOC'89. ACM Annual Symposium on Theory on Computing, pp.44–61 (May 1989).Google Scholar
  23. 23.
    Lamport, L., “Constructing digital signatures from one-way functions,” SRI intl. CSL-98, pp.33–43 (Oct. 1979).Google Scholar
  24. 24.
    Naor, M. and Yung, M. “Universal One-Way Hash Functions and their Cryptographic Applications,” Proc. of STOC'89. ACM Annual Symposium on Theory on Computing, pp.33–43 (May 1989).Google Scholar
  25. 25.
    Okamoto, T., “A digital Multisignature Scheme Using Bijective Public-Key Cryptosystems,” ACM Trans. on Comp. Systems, Vol.6, No.8, pp.432–441 (1988).Google Scholar
  26. 26.
    Okamoto, T. and Ohta, K., “Divertible Zero-Knowledge Interactive Proofs and Commutative Random Self-Reducibility,” Proc. of Eurocrypt'89.Google Scholar
  27. 27.
    Okamoto, T. and Ohta, K., “How to utilize the randomness of Zero-Knowledge Proofs,” Proc. of Crypto'90.Google Scholar
  28. 28.
    Ohta, K. and Okamoto, T., “A Digital Multisignature Scheme Based on the Fiat-Shamir Scheme,” Abstracts of Asiacrypt'91 (1991).Google Scholar
  29. 29.
    Pedersen, P.T., “Distributed Provers with Applications to Undeniable Signatures,” Proc. of Eurocrypt'91.Google Scholar
  30. 30.
    Rompel, J., “One-way functions are necessary and sufficient for secure signature,” Proc. of STOC'90.Google Scholar
  31. 31.
    Shamir, A., “How to share a secret,” CACM, 22, pp.612–613 (1979).Google Scholar
  32. 32.
    Sakurai, I., and Itoh,T., “Privately recordable signatures and signature sharing scheme,” Proc. of 1992 SCIS, 6C, (Japan, 1992).Google Scholar
  33. 33.
    Sakurai, I., and Itoh,T., “On the discrepancy between Serial and Parallel of Zero-Knowledge Protocols,” Abstracts of Crypto'92.Google Scholar
  34. 34.
    Simmons, G. J., “The Prisoner's Problem and the Subliminal Channel,” Proc. of Crypto'83.Google Scholar
  35. 35.
    Simmons, G. J., “The Subliminal Channel and Digital Signature,” Proc. of Eurocrypt'84.Google Scholar
  36. 36.
    Simmons, G.J., “The Secure subliminal Channel (?),” Proc. of Crypto'85.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1993

Authors and Affiliations

  • Kouichi Sakurai
    • 1
  • Toshiya Itoh
    • 2
  1. 1.Computer & Information Systems LaboratoryMitsubishi Electric CorporationKamakuraJapan
  2. 2.Dept. of Information ProcessingTokyo Institute of TechnologyYokohamaJapan

Personalised recommendations