Paper 2009/403

On Generic Constructions of Designated Confirmer Signatures (The ``Encryption of a Signature'' Paradigm Revisited)

Laila El Aimani

Abstract

Designated Confirmer signatures were introduced to limit the verification property inherent to digital signatures. In fact, the verification in these signatures is replaced by a confirmation/denial protocol between the \emph{designated confirmer} and some verifier. An intuitive way to obtain such signatures consists in first generating a digital signature on the message to be signed, then encrypting the result using a suitable encryption scheme. This approach, referred to as the ``encryption of a signature'' paradigm, requires the constituents (encryption and signature schemes) to meet the highest security notions in order to achieve secure constructions. In this paper, we revisit this method and establish the necessary and sufficient assumptions on the building blocks in order to attain secure confirmer signatures. Our study concludes that the paradigm, used in its basic form, cannot allow a class of encryption schemes, which is vital for the efficiency of the confirmation/denial protocols. Next, we consider a slight variation of the paradigm, proposed in the context of undeniable signatures; we recast it in the confirmer signature framework along with changes that yield more flexibility, and we demonstrate its efficiency by explicitly describing its confirmation/denial protocols when instantiated with building blocks from a large class of signature/encryption schemes. Interestingly, the class of signatures we consider is very popular and has been for instance used to build efficient designated verifier signatures.

Metadata
Available format(s)
PDF PS
Publication info
Published elsewhere. This is the full version of an extended abstract to appear at Indocrypt 2009.
Keywords
Designated Confirmer signatures``Encryption of a signature'' paradigmGeneric constructionReductionmeta-reductionZero Knowledge.
Contact author(s)
elaimani @ bit uni-bonn de
History
2009-11-24: last of 5 revisions
2009-08-24: received
See all versions
Short URL
https://ia.cr/2009/403
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2009/403,
      author = {Laila El Aimani},
      title = {On Generic Constructions of Designated Confirmer Signatures (The ``Encryption of a Signature'' Paradigm Revisited)},
      howpublished = {Cryptology {ePrint} Archive, Paper 2009/403},
      year = {2009},
      url = {https://eprint.iacr.org/2009/403}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.