For many proofs of knowledge it is important that only the verifier designated by the confirmer can obtain any conviction of the cor- rectness of the proof. A good example of such a situation is for undeniable signatures, where the confirmer of a signature wants to make sure that only the intended verifier(s) in fact can be convinced about the validity or invalidity of the signature.
Generally, authentication of messages and off-the-record messages are in conflict with each other. We show how, using designation of verifiers, these notions can be combined, allowing authenticated but privat con- versations to take place. Our solution guarantees that only the specified verifier can be convinced by the proof, even if he shares all his secret information with entities that want to get convinced.
Our solution is based on trap-door commitments , allowing the desig- nated verifier to open up commitments in any way he wants. We demon- strate how a trap-door commitment scheme can be used to construct designated verifier proofs, both interactive and non-interactive. We ex- amplify the verifier designation method for the confirmation protocol for undeniable signatures.
- Commitment Scheme
- Logical Entity
- Computational Entity
- Undeniable Signature
- Zero Knowledge Proof
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Research supported by NSF YI Award CCR-92-570979, Sloan Research Fellowship BR-3311, and The Royal Swedish Academy of Sciences.
Research supported by NSF YI Award CCR-92-570979 and Sloan Research Fellowship BR-3311.
M. Bellare, S. Goldwasser, “New Paradigms for Digital Signatures and Message Authentication Based on Non-Interactive Zero Knowledge Proofs,” Crypto’ 89, pp. 194–211.
M. Bellare, S. Micali, “How to Sign Given Any Trapdoor Function,” 20th Annual STOC, 1988, pp. 32–42.
J.C. Benaloh, D. Tuinstra, “Receipt-Free Secret-Ballot Elections,” 26th Annual STOC, 1994, pp. 544–553.
G. Brassard, D. Chaum, C. Crépeau, “Minimum Disclosure Proofs of Knowledge,” Journal of Computer and System Sciences, Vol. 37, No. 2, Oct. 1988, pp. 156–189
D. Chaum, H. van Antwerpen, “Undeniable Signatures,” Crypto’ 89, pp. 212–216
D. Chaum, “Zero-Knowledge Undeniable Signatures,” Eurocrypt’ 90, pp. 458–464
D. Chaum, E. van Heijst, B. Pfitzmann, “Cryptographically Strong Undeniable Signatures, Unconditionally Secure for the Signer,” Crypto’ 91, pp. 470–484
D. Chaum, personal communication
I. Damgård, personal communication
Y. Desmedt, C. Goutier, S. Bengio, “Special Uses and Abuses of the Fiat-Shamir Passport Protocol,” Crypto’ 87, pp. 21–39
Y. Desmedt, M. Yung, “Weaknesses with Undeniable Signature Schemes,” Eurocrypt’ 91, pp. 205–220
W. Diffie, M.E. Hellman, “New Directions in Cryptography,” IEEE Transactions on Information Theory, v. IT-22, n. 6, Nov 1976, pp. 644–654
D. Dolev, C. Dwork, M. Naor, “Non-Malleable Cryptography,” 23rd Annual STOC, 1991, pp. 542–552
T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithm,” IEEE IT 31 (1985), pp. 469–472
S. Even, O. Goldreich, S. Micali, “On-Line/Off-Line Digital Signatures,” Crypto’ 89, pp. 263–275
U. Feige, A. Fiat, A. Shamir, “Zero Knowledge Proofs of Identity,” Proceedings of the 19th annual ACM Symposium on Theory of Computing, pp. 210–217
U. Feige, A. Shamir, “Witness Indistinguishable and Witness Hiding Protocols,” 22nd Annual STOC, 1990, p. 416–426.
A. Fiat, A. Shamir, “How to prove yourself; practical solution to identification and signature problems,” Crypto’ 86, pp. 186–194
Z. Galil, S. Haber, M. Yung, “Symmetric Public-Key Cryptosystems”, submitted to J. of Cryptology
S. Goldwasser, S. Micali, “Probabilistic Encryption & How To Play Mental Poker Keeping Secret All Partial Information,” Proceedings of the 18th ACM Symposium on the Theory of Computing, 1982, pp. 270–299
O. Goldreich, S. Micali, A. Widgerson, “Proofs that Yield Nothing but their Validity or All Languages in NP Have Zero-Knowledge Proof Systems,” Journal of the ACM, vol. 38, n. 1, 1991, pp. 691–729
M. Jakobsson, “Blackmailing using Undeniable Signatures”, Eurocrypt’ 94, pp. 425–427
R.C. Merkle, “Secure Communication over Insecure Channels,” Communications of the ACM, v. 21, n. 4, 1978, pp. 294–299
R. Merkle, “A Certified Digital Signature,” Crypto’ 89, pp. 218–238
S. Micali, A. Shamir, “An Improvement of the Fiat-Shamir Identification and Signature Scheme,” Crypto’ 88, pp. 244–247
M. Naor, M. Yung, “Universal One-Way Hash Functions and their Cryptographic Application,” 21st Annual STOC, 1989, pp. 33–43
T. Okamoto, K. Ohta, “Divertible Zero-Knowledge Interactive Proofs and Commutative Random Self-Reducibility,” Eurocrypt’ 89, pp. 134–149
T. Okamoto, K. Ohta, “How to Utilize Randomness of Zero-Knowledge Proofs,” Crypto’ 90, pp 456–475.
H. Ong, C. P. Schnorr, “Fast signature generation with a Fiat-Shamir like scheme,” Eurocrypt 90, pp. 432–440
T. Pedersen, “Distributed Provers with Applications to Undeniable Signatures,” Eurocrypt’ 91, pp. 221–238
J.-J. Quisquater, L.S. Guillou, “A practical zero-knowledge protocol fitted to security microprocessor minimizing both transmission and memory,” Eurocrypt’ 88, pp. 123–128
C. Rackoff, D. Simon, “Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack”, Crypto’ 91, pp. 433–444
R. Rivest, A. Shamir, L. Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,” Communications of the ACM, v. 21, n. 2, Feb 1978, pp. 120–126
K. Sako, J. Kilian, “Receipt-Free Mix-Type Voting Scheme,” Eurocrypt’ 95, pp 393–403.
A. Yao, “Protocols for Secure Computations,” Proceedings of the 23rd FOCS, 1982, pp. 160–164
Editors and Affiliations
Rights and permissions
© 1996 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jakobsson, M., Sako, K., Impagliazzo, R. (1996). Designated Verifier Proofs and Their Applications. In: Maurer, U. (eds) Advances in Cryptology — EUROCRYPT ’96. EUROCRYPT 1996. Lecture Notes in Computer Science, vol 1070. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-68339-9_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-61186-8
Online ISBN: 978-3-540-68339-1
eBook Packages: Springer Book Archive