We first define the UC-security, where UC means universal composability. We next show that there exists a UC-secure undeniable signature scheme which does not satisfy the standard definition of security that has been believed to be adequate so far. More precisely, it does not satisfy the invisibility defined by \cite{DP96}. We then show a more adequate definition of invisibility which captures a wider class of (naturally secure) undeniable signature schemes.
We finally prove that the UC-security against non-adaptive adversaries is equivalent to this definition of invisibility and the strong unforgeability in $\cF_{ZK}$-hybrid model, where $\cF_{ZK}$ is the ideal ZK functionality. Our result of equivalence implies that all the known proven secure undeniable signature schemes (including Chaum's scheme) are UC-secure if the confirmation/disavowal protocols are both UC zero-knowledge.
Category / Keywords: public-key cryptography / Universal composability, undeniable signature scheme Publication Info: accepted by ICALP 2008 Date: received 29 Feb 2008, last revised 19 May 2008 Contact author: kurosawa at mx ibaraki ac jp Available format(s): PDF | BibTeX Citation Version: 20080519:070842 (All versions of this report) Short URL: ia.cr/2008/094 Discussion forum: Show discussion | Start new discussion