Revisiting Oblivious Signature-Based Envelopes

  • Samad Nasserian
  • Gene Tsudik
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4107)


In this paper, we investigate an interesting and practical cryptographic construct – Oblivious Signature-Based Envelopes (OSBEs) – recently introduced in [15]. OSBEs allow a sender to communicate information to a receiver such that the latter’s rights (or roles) are unknown to the former. At the same time, a receiver can obtain the information only if it is authorized to access it. This makes OSBEs a natural fit for anonymity-oriented and privacy-preserving applications. Previous results yielded three OSBE constructs: one based on RSA and two based on Identity-Based Encryption (IBE). Our work focuses on the ElGamal signature family: we succeed in constructing practical and secure OSBE schemes for several well-known signature schemes, including: Schnorr, Nyberg-Rueppel, ElGamal and DSA. As illustrated by experiments with a prototype implementation, our schemes are more efficient than previous techniques. Furthermore, we show that some OSBE schemes, despite offering affiliation privacy for the receiver, result in no additional cost over schemes that do not offer this feature.


Signature Scheme Random Oracle Perfect Forward Secrecy Semantic Security Digital Signature Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Asokan, N., Shoup, V., Waidner, M.: Optimistic Fair Exchange of Digital Signatures. IEEE Journal on Selected Areas in Communications 18(4) (April 2000)Google Scholar
  2. 2.
    Balfanz, D., Durfee, G., Shankar, N., Smetters, D., Staddon, J., Wong, H.: Secret Handshakes from Pairing-Based Key Agreements. In: Proceedings of IEEE Symposium on Research in Security and Privacy (May 2003)Google Scholar
  3. 3.
    Bao, F., Deng, R., Mao, W.: Efficient and Practical Fair Exchange Protocols with Off-line TTP. In: Proceedings of 1998 IEEE Symposium on Security and Privacy (May 1998)Google Scholar
  4. 4.
    Bellare, M., Micciancio, D., Warinschi, B.: Foundations of Group Signatures: Formal Definitions, Simplified Requirements and a Construction Based on General Assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, Springer, Heidelberg (2003)Google Scholar
  5. 5.
    Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing. SIAM Journal of Computing 32(3), 586–615 (2003)MATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Boneh, D., Lynn, B., Shacham, H.: Short Signatures from the Weil Pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Bradshaw, R., Holt, J., Seamons, K.: Concealing Complex Policies with Hidden Credentials. In: Proceedings of ACM CCS 2004 (2004)Google Scholar
  8. 8.
    Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)Google Scholar
  9. 9.
    Castelluccia, C., Jarecki, S., Tsudik, G.: Secret handshakes from ca-oblivious encryption. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Chaum, D.: Blind Signatures for Untraceable Payments. In: Proceedings of CRYPTO 1982 (1982)Google Scholar
  11. 11.
    Cocks, C.: An Identity Based Encryption Scheme Based on Quadratic Residues. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE ToIT 22, 644–654 (1976)MATHMathSciNetGoogle Scholar
  13. 13.
    ElGamal, T.: A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory 31(4) (1985)Google Scholar
  14. 14.
    Kilian, J., Petrank, E.: Identity Escrow. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, Springer, Heidelberg (1998)Google Scholar
  15. 15.
    Li, N., Du, W., Boneh, D.: Oblivious Signature-Based Envelopes. In: Proceedings of ACM Symposium on Principles of Distributed Computing (PODC 2003) (2003) (2005): Extended version to appear in of Distributed ComputingGoogle Scholar
  16. 16.
    Menezes, A., Van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography, Ch. 11, 2nd edn. CRC Press, Boca Raton (2001)Google Scholar
  17. 17.
    National Institute of Standards and Technology, Digital Signature Standard, NIST FIPS PUB 186, U.S. Department of Commerce (1994)Google Scholar
  18. 18.
    Nyberg, K., Rueppel, R.: A New Signature Scheme Based on DSA Giving Message Recovery. In: Proceedings of ACM Conference on Computer and Communications Security (November 1993)Google Scholar
  19. 19.
    S. Nasserian and G. Tsudik, Revisiting Oblivious Signature-Based Envelopes, Cryptology ePrint Archive Report 2005/283. avaiable at
  20. 20.
    Pohlig, S., Hellman, M.: An Improved Algorithm for Computing Logarithms over GF(p) and its Cryptographic Significance. IEEE Transactions on Information Theory 24, 106–110 (1978)MATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Pointcheval, D., Stern, J.: Security Proofs for Signature Schemes. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996)Google Scholar
  22. 22.
    Schnorr, C.: Efficient Signature Generation by Smart Cards. Journal of Cryptology 4, 161–174 (1991)MATHCrossRefGoogle Scholar
  23. 23.
    Xu, S., Yung, M.: k-Anonymous Secret Handshakes with Reusable Credentials. In: Proceedings of ACM CCS 2004 (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Samad Nasserian
    • 1
  • Gene Tsudik
    • 2
  1. 1.Computer Science DepartmentRWTH Aachen UniversityAachenGermany
  2. 2.Computer Science DepartmentUniversity of California, IrvineIrvineUSA

Personalised recommendations