Cryptology ePrint Archive: Report 2006/361

Generic Construction of (Identity-based) Perfect Concurrent Signatures

Sherman S.M. Chow and Willy Susilo

Abstract: The notion of concurrent signatures was recently introduced by Chen, Kudla and Paterson. In concurrent signature schemes, two entities can produce two signatures that are not binding, until an extra piece of information (namely the keystone) is released by one of the parties. Subsequently, it was noted that the concurrent signature scheme proposed in the seminal paper cannot provide perfect ambiguity. Then, the notion of perfect concurrent signatures was introduced. In this paper, we define the notion of identity-based (or ID-based) perfect concurrent signature schemes. We provide the first generic construction of (ID-based) perfect concurrent signature schemes from ring signature schemes. Using the proposed framework, we give two concrete ID-based perfect concurrent signature schemes based on two major paradigms of ID-based ring signature schemes. Security proofs are based on the random oracle model.

Category / Keywords: public-key cryptography / Concurrent Signatures, Perfect Ambiguity, Fair-Exchange, Ring Signatures, Identity-based Signatures, Bilinear Pairing

Publication Info: In Sihan Qing , Wenbo Mao, Javier Lopez and Guilin Wang, editors, Information and Communications Security, 7th International Conference, ICICS 2005, Beijing, China, December 10-13, 2005, volume 3783 of Lecture Notes in Computer Science, pp. 194-206.

Date: received 23 Oct 2006, last revised 25 Oct 2006

Contact author: schow at cs nyu edu

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Note: This is the revised version of our ICICS 2005 paper. We note that our original protocol fails to satisfy the fairness requirement due to an attack similar to the one in Wang-Bao-Zhou (to appear in ICICS 2006). After a slight modification similar to the suggestion attributed to Wang-Bao-Zhou (also appear at eprint.iacr.org/2006/226), the attack against the fairness is avoided.

Version: 20061025:214353 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]