Blackmailing using undeniable signatures
With blackmailing we mean a situation where after a signature has been verified, the conviction of its correctness can be either kept to the verifier or, at his sole discretion, be shared with some predetermined set of cooperating co-verifiers. We show how a weakness in the protocol for undeniable signatures allows blackmailing of a signer of a undeniable signature, or several verifiers simultaneously to verify several signatures. Also, we discuss how multiple verifiers can be convinced about the correctness of a signature in similar protocols, like Designated Confirmer Signatures, although no blackmailing attack is found for here.
- 1.D. Chaum, H. van Antwerpen, “Undeniable Signatures,” Crypto '89, pp. 212–216Google Scholar
- 2.D. Chaum, “Designated Confirmer Signatures”, Eurocrypt '94Google Scholar
- 3.D. Chaum, “Some Weaknesses of “Weaknesses of Undeniable Signatures”,” Eurocrypt '91, pp. 554–556Google Scholar
- 4.D. Chaum, C. Crépeau, I. Damgård, “Multiparty Unconditionally Secure Protocols,” 20th STOC, 1988, pp. 11–19Google Scholar
- 5.Y. Desmedt, M. Yung, “Weaknesses of Undeniable Signature Schemes,” Eurocrypt '91, pp. 205–220Google Scholar