Security of Verifiably Encrypted Signatures and a Construction without Random Oracles
In a verifiably encrypted signature scheme, signers encrypt their signature under the public key of a trusted third party and prove that they did so correctly. The security properties, due to Boneh et al. (Eurocrypt 2003), are unforgeability and opacity.
This paper proposes two novel fundamental requirements for verifiably encrypted signatures, called extractability and abuse-freeness, and analyzes its effects on the established security model. Extractability ensures that the trusted third party is always able to extract a valid signature from a valid verifiably encrypted signature and abuse-freeness guarantees that a malicious signer, who cooperates with the trusted party, is not able to forge a verifiably encrypted signature. We further show that both properties are not covered by the model of Boneh et al. The second main contribution of this paper is a verifiably encrypted signature scheme, provably secure without random oracles, that is more efficient and greatly improves the public key size of the only other construction in the standard model by Lu et al. (Eurocrypt 2006). Moreover, we present strengthened definitions for unforgeability and opacity in the spirit of strong unforgeability of digital signature schemes.
KeywordsSignature Scheme Random Oracle Random Oracle Model Digital Signature Scheme Encrypt Signature
Unable to display preview. Download preview PDF.
- 4.Bao, Deng, Mao: Effcient and Practical Fair Exchange Protocols with Off-Line TTP. In: RSP: 19th IEEE Computer Society Symposium on Research in Security and Privacy. IEEE Computer Society Press, Los Alamitos (1998)Google Scholar
- 14.Rückert, M., Schröder, D.: Security of Verifiably Encrypted Signatures and a Construction Without Random Oracles (Extended Version). Number 2009/027 in Cryptology eprint archive (2009), eprint.iacr.org