In this paper, we revisit this method and establish the necessary and sufficient assumptions on the building blocks in order to attain secure confirmer signatures. Our study concludes that the paradigm, used in its basic form, cannot allow a class of encryption schemes, which is vital for the efficiency of the confirmation/denial protocols. Next, we consider a slight variation of the paradigm, proposed in the context of undeniable signatures; we recast it in the confirmer signature framework along with changes that yield more flexibility, and we demonstrate its efficiency by explicitly describing its confirmation/denial protocols when instantiated with building blocks from a large class of signature/encryption schemes. Interestingly, the class of signatures we consider is very popular and has been for instance used to build efficient designated verifier signatures.
Category / Keywords: Designated Confirmer signatures, ``Encryption of a signature'' paradigm, Generic construction, Reduction/meta-reduction, Zero Knowledge. Publication Info: This is the full version of an extended abstract to appear at Indocrypt 2009. Date: received 17 Aug 2009, last revised 24 Nov 2009 Contact author: elaimani at bit uni-bonn de Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation Version: 20091124:163312 (All versions of this report) Discussion forum: Show discussion | Start new discussion