Pairing-Based Nominative Signatures with Selective and Universal Convertibility

  • Wei Zhao
  • Dingfeng Ye
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6151)


A nominative signature scheme allows a nominator and a nominee jointly generate a signature in such a way that only the nominee can check the validity of the signature and further convince a third party of the fact. In Inscrypt 2008, Zhao et al. proposed selectively and universally convertible nominative signatures, which equips the nominee with additional ability to publish a selective proof to convert a nominative signature into a publicly verifiable one (i.e. selective convertibility), or issue a universal proof to make all nominative signatures with respect to the nominator and the nominee publicly verifiable (i.e. universal convertibility). Finally, they left an open problem to construct a selectively and universally convertible nominative signature scheme from bilinear pairings which is provably secure under the conventional assumptions. In this paper, based on standard digital signature and undeniable signature, we propose a new selectively and universally convertible nominative signature scheme from bilinear pairings. Our scheme is efficient which is a one-move (i.e. non-interactive) convertible nominative signature scheme, and possesses short signature length compared with Zhao et al.’s scheme. Moreover, formal proofs are given to show that our scheme is secure under some conventional assumptions in the random oracle model. Based on our construction and further analysis, we think that nominative signatures are just the dual form of undeniable signatures in the concept; whether their dual property in the construction of the schemes has generality needs further investigation.


Nominative signatures Convertible Selective Universal Bilinear pairings Probable security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chaum, D., Antwerpen, H.V.: Udeniable signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 212–216. Springer, Heidelberg (1990)Google Scholar
  2. 2.
    Chaum, D.: Zero-knowledge udeniable signature. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 458–464. Springer, Heidelberg (1991)Google Scholar
  3. 3.
    Camenisch, J., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithm. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126–144. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Guo, L., Wang, G., Wong, D., Hu, L.: Further discussions on the security of a nominative signature scheme. In: The 2007 International Conference on Security & Management - SAM 2007, pp. 566–572. CSREA Press (2007), Cryptology ePrint Archive, Report 2006/007Google Scholar
  5. 5.
    Huang, Q., Liu, D.Y.W., Wong, D.S.: An efficient one-move nominative signature scheme. International Journal of Applied Cryptography (IJACT) 1(2), 133–143 (2008)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Huang, X., Mu, Y., Susilo, W., Wu, W.: Provably secure pairing-based convertible undeniable signature with short signature length. In: Takagi, T., Okamoto, T., Okamoto, E., Okamoto, T. (eds.) Pairing 2007. LNCS, vol. 4575, pp. 367–391. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Huang, Z., Wang, Y.: Convertible nominative signatures. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 348–357. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Kurosawa, K., Heng, S.: 3-Move undeniable signature scheme. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 181–197. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Kim, S.J., Park, S.J., Won, D.H.: Zero-knowledge nominative sinatures. In: Pragocrypt 1996, International Conference on the Theory and Applications of Cryptology, pp. 380–392 (1996)Google Scholar
  10. 10.
    Liu, D.Y.W., Chang, S., Wong, D.S.: A more efficient convertible nominative signature. In: International Conference on Security and Cryptography - SECRYPT 2007, pp. 214–221 (2007)Google Scholar
  11. 11.
    Liu, D.Y.W., Chang, S., Wong, D.S., Mu, Y.: Nominative signature from ring signature. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds.) IWSEC 2007. LNCS, vol. 4752, pp. 396–411. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Liu, D.Y.W., Wong, D.S., Huang, X., Wang, G., Huang, Q., Mu, Y., Susilo, W.: Formal definition and construction of nominative signature. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 57–68. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  13. 13.
    Ogata, W., Kurosawa, K., Heng, S.H.: The secutity of the FDH variant of Chaum’s undeniable signature scheme. IEEE Tansactions on Information Theory 52(5), 2006–2017 (2006)CrossRefMathSciNetGoogle Scholar
  14. 14.
    Susilo, W., Mu, Y.: On the security of nominative signatures. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 329–335. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Wang, G., Bao, F.: Security remarks on a convertible nominative signature scheme. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) IFIP International Federation for Information Processing. New Approaches for Security, Privacy and Trust in Complex Environments, vol. 232, pp. 265–275. Springer, Boston (2007)Google Scholar
  16. 16.
    Zhao, W., Lin, C.L., Ye, D.F.: Provably secure convertible nominative signature scheme. In: Yung, M., Liu, P., Lin, D. (eds.) Inscrypt 2008. LNCS, vol. 5487, pp. 23–40. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  17. 17.
    Zhao, W., Ye, D.: Modified Huang-Wang’s convertible nominative signature scheme. In: Proc. of the 9th International Conference for Young Computer Scientists - ICYCS 2008, pp. 2090–2095. IEEE Computer Society, Los Alamitos (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Wei Zhao
    • 1
  • Dingfeng Ye
    • 1
  1. 1.State Key Laboratory of Information SecurityGraduate University of Chinese Academy of SciencesBeijingP.R. China

Personalised recommendations