Anonymity from Public Key Encryption to Undeniable Signatures

  • Laila El Aimani
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5580)


Anonymity or “key privacy” was introduced in [1] as a new security notion a cryptosystem must fulfill, in some settings, in addition to the traditional indistinguishability property. It requires an adversary not be able to distinguish pairs of ciphertexts based on the keys under which they are created. Anonymity for undeniable signatures is defined along the same lines, and is considered a relevant requirement for such signatures.

Our results in this paper are twofold. First, we show that anonymity and indistinguishability are not as orthogonal to each other (i.e., independent) as previously believed. In fact, they are equivalent under certain circumstances. Consequently, we confirm the results of [1] on the anonymity of ElGamal’s and of Cramer-Shoup’s schemes, based on existing work about their indistinguishability. Next, we constructively use anonymous encryption together with secure digital signature schemes to build anonymous convertible undeniable signatures. In this context, we revisit a well known undeniable signature scheme, whose security remained an open problem for over than a decade, and prove that it is not anonymous. Moreover, we repair this scheme so that it provides the anonymity feature and analyze its security in our proposed framework. Finally, we analyze an efficient undeniable signature scheme, which was proposed recently, in our framework; we confirm its security results and show that it also enjoys the selective conversion feature.


Encryption schemes Anonymity KEM/DEM Convertible undeniable signatures Generic construction 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-Privacy in Public-Key Encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 566–582. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Camenisch, J., Michels, M.: Confirmer Signature Schemes Secure against Adaptative Adversaries. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 243–258. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Chaum, D., van Antwerpen, H.: Undeniable Signatures. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 212–216. Springer, Heidelberg (1990)Google Scholar
  4. 4.
    Cramer, R., Shoup, V.: Design and Analysis of Practical Public-Key Encryption Schemes Secure Against Adaptive Chosen Ciphertext Attack. SIAM J. Comput. 33(1), 167–226 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Damgård, I.B., Pedersen, T.P.: New Convertible Undeniable Signature Schemes. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 372–386. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  6. 6.
    Aimani, L.E.: Toward a Generic Construction of Universally Convertible Undeniable Signatures from Pairing-Based Signatures. In: Roy Chowdhury, D., Rijmen, V., Das, A. (eds.) Progress in Cryptology - Indocrypt 2008. LNCS, vol. 5365, pp. 145–157. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Gamal, T.E.: A Public Key Cryptosystem and a Signature Scheme based on Discrete Logarithms.. IEEE Trans. Inf. Theory 31, 469–472 (1985)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Galbraith, S.D., Mao, W.: Invisibility and Anonymity of Undeniable and Confirmer Signatures. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 80–97. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Halevi, S.: A sufficient condition for key-privacy (2005),
  10. 10.
    Herranz, J., Hofheinz, D., Kiltz, E.: KEM/DEM: Necessary and Sufficient Conditions for secure Hybrid Encryption (August 2006),
  11. 11.
    Kurosawa, K., Takagi, T.: New Approach for Selectively Convertible Undeniable Signature Schemes. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 428–443. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Paillier, P., Vergnaud, D.: Discrete-Log Based Signatures May Not Be Equivalent to Discrete-Log. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 1–20. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Pointcheval, D., Stern, J.: Security Arguments for Digital Signatures and Blind Signatures.. J. Cryptology 13(3), 361–396 (2000)CrossRefzbMATHGoogle Scholar
  14. 14.
    Waters, B.: Efficient Identity-Based Encryption Without Random Oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Zhang, R., Hanaoka, G., Imai, H.: Orthogonality between Key Privacy and Data Privacy, Revisited. In: Pei, D., Yung, M., Lin, D., Wu, C. (eds.) INSCRYPT 2007. LNCS, vol. 4990, pp. 313–327. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Laila El Aimani
    • 1
  1. 1.Universität BonnBonnGermany

Personalised recommendations