Cryptology ePrint Archive: Report 2009/403

On Generic Constructions of Designated Confirmer Signatures (The ``Encryption of a Signature'' Paradigm Revisited)

Laila El Aimani

Abstract: Designated Confirmer signatures were introduced to limit the verification property inherent to digital signatures. In fact, the verification in these signatures is replaced by a confirmation/denial protocol between the \emph{designated confirmer} and some verifier. An intuitive way to obtain such signatures consists in first generating a digital signature on the message to be signed, then encrypting the result using a suitable encryption scheme. This approach, referred to as the ``encryption of a signature'' paradigm, requires the constituents (encryption and signature schemes) to meet the highest security notions in order to achieve secure constructions.

In this paper, we revisit this method and establish the necessary and sufficient assumptions on the building blocks in order to attain secure confirmer signatures. Our study concludes that the paradigm, used in its basic form, cannot allow a class of encryption schemes, which is vital for the efficiency of the confirmation/denial protocols. Next, we consider a slight variation of the paradigm, proposed in the context of undeniable signatures; we recast it in the confirmer signature framework along with changes that yield more flexibility, and we demonstrate its efficiency by explicitly describing its confirmation/denial protocols when instantiated with building blocks from a large class of signature/encryption schemes. Interestingly, the class of signatures we consider is very popular and has been for instance used to build efficient designated verifier signatures.

Category / Keywords: Designated Confirmer signatures, ``Encryption of a signature'' paradigm, Generic construction, Reduction/meta-reduction, Zero Knowledge.

Publication Info: This is the full version of an extended abstract to appear at Indocrypt 2009.

Date: received 17 Aug 2009, last revised 24 Nov 2009

Contact author: elaimani at bit uni-bonn de

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20091124:163312 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]