Cryptology ePrint Archive: Report 2009/454

An Efficient Convertible Undeniable Signature Scheme with Delegatable Verification

Jacob C. N. Schuldt and Kanta Matsuura

Abstract: Undeniable signatures, introduced by Chaum and van Antwerpen, require a verifier to interact with the signer to verify a signature, and hence allow the signer to control the verifiability of his signatures. Convertible undeniable signatures, introduced by Boyar, Chaum, Damg\aa{}rd, and Pedersen, furthermore allow the signer to convert signatures to publicly verifiable ones by publicizing a verification token, either for individual signatures or for all signatures universally. In addition, the signer is able to delegate the ability to prove validity and convert signatures to a semi-trusted third party by providing a verification key. While the latter functionality is implemented by the early convertible undeniable signature schemes, most recent schemes do not consider this despite its practical appeal.

In this paper we present an updated definition and security model for schemes allowing delegation, and highlight a new essential security property, token soundness, which is not formally treated in the previous security models for convertible undeniable signatures. We then propose a new convertible undeniable signature scheme. The scheme allows delegation of verification and is provably secure in the standard model assuming the computational co-Diffie-Hellman problem, a closely related problem, and the decisional linear problem are hard. Our scheme is, to the best of our knowledge, the currently most efficient convertible undeniable signature scheme which provably fulfills all security requirements in the standard model.

Category / Keywords: public-key cryptography / undeniable signatures, universal/selective convertibility, provable security

Publication Info: To appear in ISPEC'10

Date: received 16 Sep 2009, last revised 16 Feb 2010

Contact author: schuldt at iis u-tokyo ac jp

Available format(s): PDF | BibTeX Citation

Version: 20100216:084205 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]