Blackmailing using undeniable signatures

  • Markus Jakobsson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 950)


With blackmailing we mean a situation where after a signature has been verified, the conviction of its correctness can be either kept to the verifier or, at his sole discretion, be shared with some predetermined set of cooperating co-verifiers. We show how a weakness in the protocol for undeniable signatures allows blackmailing of a signer of a undeniable signature, or several verifiers simultaneously to verify several signatures. Also, we discuss how multiple verifiers can be convinced about the correctness of a signature in similar protocols, like Designated Confirmer Signatures, although no blackmailing attack is found for here.


  1. 1.
    D. Chaum, H. van Antwerpen, “Undeniable Signatures,” Crypto '89, pp. 212–216Google Scholar
  2. 2.
    D. Chaum, “Designated Confirmer Signatures”, Eurocrypt '94Google Scholar
  3. 3.
    D. Chaum, “Some Weaknesses of “Weaknesses of Undeniable Signatures”,” Eurocrypt '91, pp. 554–556Google Scholar
  4. 4.
    D. Chaum, C. Crépeau, I. Damgård, “Multiparty Unconditionally Secure Protocols,” 20th STOC, 1988, pp. 11–19Google Scholar
  5. 5.
    Y. Desmedt, M. Yung, “Weaknesses of Undeniable Signature Schemes,” Eurocrypt '91, pp. 205–220Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1995

Authors and Affiliations

  • Markus Jakobsson
    • 1
  1. 1.Department of Computer Science and EngineeringUniversity of CaliforniaSan Diego La Jolla

Personalised recommendations