Gradually Convertible Undeniable Signatures

(Michels-Petersen-Horster Convertible Undeniable Signatures Revisited)
  • Laila El Aimani
  • Damien Vergnaud
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4521)


In 1990, Boyar, Chaum, Damgård and Pedersen introduced convertible undeniable signatures which limit the self-authenticating property of digital signatures but can be converted by the signer to ordinary signatures. Michels, Petersen and Horster presented, in 1996, an attack on the Elgamal-based seminal scheme of Boyar et al. and proposed a repaired version without formal security analysis. In this paper, we modify their protocol so that it becomes a generic one and it provides an advanced feature which permits the signer to universally convert achronously all signatures pertaining to a specific time period. We supply a formal security treatment of the modified scheme: we prove, in the generic group model, that the protocol is existentially unforgeable and anonymous under chosen message attacks, assuming new assumptions (though reasonable) on the underlying hash function.


Hash Function Random Oracle Model Public Parameter Signature Query Signing Oracle 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-privacy in public-key encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 566–582. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Kohno, T.: Hash function balance and its impact on birthday attacks. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 401–418. Springer, Heidelberg (2004)Google Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: Denning, D., Pyle, R., Ganesan, R., Sandhu, R., Ashby, V. (eds.) Proceedings of the First ACM Conference on Computer and Communications Security, pp. 62–73. ACM Press, New York (1993)CrossRefGoogle Scholar
  4. 4.
    Boyar, J., Chaum, D., Damgård, I.B., Pedersen, T.P.: Convertible undeniable signatures. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 189–205. Springer, Heidelberg (1991)Google Scholar
  5. 5.
    Brown, D.R.L.: Generic Groups, Collision Resistance, and ECDSA. Des. Codes Cryptography 35(1), 119–152 (2005)CrossRefGoogle Scholar
  6. 6.
    Camenisch, J.L., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126–144. Springer, Heidelberg (2003)Google Scholar
  7. 7.
    Chaum, D., van Antwerpen, H.: Undeniable signatures. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 212–216. Springer, Heidelberg (1990)Google Scholar
  8. 8.
    Dent, A.W.: Adapting the weaknesses of the random oracle model to the generic group model. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 100–109. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Galbraith, S.D., Mao, W.: Invisibility and Anonymity of Undeniable and Confirmer Signatures. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 80–97. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Goldwasser, S., Micali, S., Rivest, R.L.: A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks. SIAM J. Comput. 17(2), 281–308 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Jakobsson, M., Sako, K., Impagliazzo, R.: Designated verifier proofs and their applications. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 143–154. Springer, Heidelberg (1996)Google Scholar
  12. 12.
    Kudla, C., Paterson, K.G.: Non-interactive designated verifier proofs and undeniable signatures. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 136–154. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Laguillaumie, F., Vergnaud, D.: Time-Selective Convertible Undeniable Signatures. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 154–171. Springer, Heidelberg (2005)Google Scholar
  14. 14.
    Michels, M., Petersen, H., Horster, P.: Breaking and Repairing a Convertible Undeniable Signature Scheme. In: Gong, L., Stern, J. (eds.) Proceedings of the Third ACM Conference on Computer and Communications Security, pp. 148–152. ACM Press, New York (1996)Google Scholar
  15. 15.
    Ogata, W., Kurosawa, K., Heng, S.-H.: The Security of the FDH Variant of Chaum’s Undeniable Signature Scheme. IEEE Trans. Inf. Theory 52(5), 2006–2017 (2006)CrossRefMathSciNetGoogle Scholar
  16. 16.
    Okamoto, T., Pointcheval, D.: The Gap-Problems: a New Class of Problems for the Security of Cryptographic Schemes. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 104–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Paillier, P., Vergnaud, D.: Discrete-log-based signatures may not be equivalent to discrete log. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 1–20. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    Rogaway, P., Shrimpton, T.: Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 371–388. Springer, Heidelberg (2004)Google Scholar
  19. 19.
    Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)Google Scholar
  20. 20.
    Stadje, W.: The Residues modulo m of Products of Random Integers. Comb. Probab. Comput. 11(5), 529–540 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Stern, J., Pointcheval, D., Malone-Lee, J., Smart, N.P.: Flaws in applying proof methodologies to signature schemes. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 93–110. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Laila El Aimani
    • 1
  • Damien Vergnaud
    • 1
  1. 1.b-it COSEC - Bonn/Aachen International Center for Information Technology, Computer Security Group, Dahlmannstr. 2, D-53113 BonnGermany

Personalised recommendations