Pairing-Based Nominative Signatures with Selective and Universal Convertibility
A nominative signature scheme allows a nominator and a nominee jointly generate a signature in such a way that only the nominee can check the validity of the signature and further convince a third party of the fact. In Inscrypt 2008, Zhao et al. proposed selectively and universally convertible nominative signatures, which equips the nominee with additional ability to publish a selective proof to convert a nominative signature into a publicly verifiable one (i.e. selective convertibility), or issue a universal proof to make all nominative signatures with respect to the nominator and the nominee publicly verifiable (i.e. universal convertibility). Finally, they left an open problem to construct a selectively and universally convertible nominative signature scheme from bilinear pairings which is provably secure under the conventional assumptions. In this paper, based on standard digital signature and undeniable signature, we propose a new selectively and universally convertible nominative signature scheme from bilinear pairings. Our scheme is efficient which is a one-move (i.e. non-interactive) convertible nominative signature scheme, and possesses short signature length compared with Zhao et al.’s scheme. Moreover, formal proofs are given to show that our scheme is secure under some conventional assumptions in the random oracle model. Based on our construction and further analysis, we think that nominative signatures are just the dual form of undeniable signatures in the concept; whether their dual property in the construction of the schemes has generality needs further investigation.
KeywordsNominative signatures Convertible Selective Universal Bilinear pairings Probable security
Unable to display preview. Download preview PDF.
- 1.Chaum, D., Antwerpen, H.V.: Udeniable signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 212–216. Springer, Heidelberg (1990)Google Scholar
- 2.Chaum, D.: Zero-knowledge udeniable signature. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 458–464. Springer, Heidelberg (1991)Google Scholar
- 4.Guo, L., Wang, G., Wong, D., Hu, L.: Further discussions on the security of a nominative signature scheme. In: The 2007 International Conference on Security & Management - SAM 2007, pp. 566–572. CSREA Press (2007), Cryptology ePrint Archive, Report 2006/007Google Scholar
- 9.Kim, S.J., Park, S.J., Won, D.H.: Zero-knowledge nominative sinatures. In: Pragocrypt 1996, International Conference on the Theory and Applications of Cryptology, pp. 380–392 (1996)Google Scholar
- 10.Liu, D.Y.W., Chang, S., Wong, D.S.: A more efficient convertible nominative signature. In: International Conference on Security and Cryptography - SECRYPT 2007, pp. 214–221 (2007)Google Scholar
- 15.Wang, G., Bao, F.: Security remarks on a convertible nominative signature scheme. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) IFIP International Federation for Information Processing. New Approaches for Security, Privacy and Trust in Complex Environments, vol. 232, pp. 265–275. Springer, Boston (2007)Google Scholar